Python SDK Examples
Init the SDK
from permit import Permit
permit = Permit(
# the API key to the Permit environment you wish to connect to
token="<YOUR_API_KEY>",
# the url in which the SDK can connect to the PDP container
pdp="http://localhost:7766",
# use this to turn on sdk logs:
log={"level": "debug", "enable": True},
)
Resources
Create a resource
from permit import ResourceRead
document: ResourceRead = await permit.api.resources.create(
{
"key": "document",
"name": "Document",
"urn": "prn:gdrive:document",
"description": "google drive document",
"actions": {
"create": {},
"read": {},
"update": {},
"delete": {},
},
"attributes": {
"private": {
"type": "bool",
"description": "whether the document is private",
},
},
}
)
Update a resource
from permit import ResourceRead
resource_after_changes: ResourceRead = await permit.api.resources.update(
# the key of the resource
"document",
# updated fields
{
"description": "wat",
"actions": {
"find": {}
}
},
)
List all resources
from permit import ResourceRead
resources: List[ResourceRead] = await permit.api.resources.list()
Get a resource
Get a resource with key document:
from permit import ResourceRead
resource: ResourceRead = await permit.api.resources.get("document")
Error handling
from permit import Permit, PermitApiError
permit = Permit(...)
# handle not found error
try:
await permit.api.resources.get("nosuchresource")
except PermitApiError as e:
if e.status_code == 404:
print("not found")
else:
...
# handle cannot create object due to key conflict:
try:
await permit.api.resources.create(
{"key": "document", "name": "document2", "actions": {}}
)
except PermitApiError as e:
if e.status_code == 409:
print("already exists!")
else:
...
Roles
Create a role
from permit import RoleRead
admin: RoleRead = await permit.api.roles.create(
{
"key": "admin",
"name": "Admin",
"description": "an admin role",
"permissions": ["document:create", "document:read"],
}
)
Tenants
Create a tenant
from permit import TenantRead
tenant: TenantRead = await permit.api.tenants.create(
{
"key": "tesla",
"name": "Tesla Inc",
"description": "The car company",
}
)
Users
Create or update a user (sync user)
from permit import UserRead
user: UserRead = await permit.api.users.sync(
{
"key": "auth0|elon",
"email": "elonmusk@tesla.com",
"first_name": "Elon",
"last_name": "Musk",
"attributes": {
"age": 50,
"favorite_color": "red",
},
}
)
Role Assignments
Assign a role to a user in a tenant
ra = await permit.api.users.assign_role(
{
# the user key
"user": "auth0|elon",
# the role key
"role": "viewer",
# the tenant key
"tenant": "tesla",
}
)
List role assignments
assignments = await permit.api.role_assignments.list(
tenant="tesla",
role="viewer",
)
You can also filter for multiple roles:
assignments = await permit.api.role_assignments.list(
tenant="tesla",
role=["viewer", "editor"],
)
Checking Permissions
from permit import Permit
permit = Permit(...)
# in order to be permitted according to the RBAC policy, a few conditions must be met:
# 1) the user must exist in the permit system (you called sync user before)
# 2) the checked resource belongs to tenant X
# 3) the user has an assigned role in tenant X (the user must have at
# least one assigned role in the tenant that contains the resource)
# 4) the role assigned to the user must have the permission to perform
# the checked action on the checked resource
permitted = await permit.check(
# the user key
"auth0|elon",
# the action
"create",
# the resource
{
# the type of the resource (resource.key)
"type": "document",
# the tenant that contains the resource
"tenant": "tesla"
},
)
if permitted:
print("permitted")
else:
print("denied")