Implementation issue

[vector-mj]

Hi
Currently, I'm trying to R&D RBAC authorization mechanism for my flask API, I read your project documentation and other RBAC implementations in a few projects, but in your project, I can't see any permissions, in RBAC implementation like K8s (rbac.authorization.k8s/v1) we assign some permissions to our specific role like watch, list and get operations on pods resources to my-test-role

like this:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: my-test-role 
rules:
- apiGroups: [""] # "" indicates the core API group
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

or in this RBAC implementation (repository) we can set access permissions on our roles like this:

acl.resource_read_rule(everyone_role, 'GET', '/api/v1/employee/1/info')
acl.resource_delete_rule(admin_role, 'DELETE', '/api/v1/employee/1/')

and I think something like this may be good in flask...

from enum import Enum
from flask import blueprints

class Permission(Enum):
    READ="READ"
    CREATE="CREATE"
    UPDATE="UPDATE"
    DELETE="DELETE"
    
class Roles(Enum):
    OWNER = {Permission.CREATE,Permission.READ,Permission.UPDATE,Permission.DELETE}
    ADMIN = {Permission.CREATE,Permission.READ,Permission.UPDATE}
    USER  = {Permission.READ}

    
resource = blueprints("routes",__name__)

#
# (User PUT request).roles = [ADMIN,USER]
#        |
#        ↓ 
@resource.route("/product/update",["PUT"])
@rbac.allow(allow_perms={Permission.UPDATE}) # This decorator will check if the user has any role that have this permission
def update_product():
    pass

We assign permission to resources(in Flask API probably our routes) and permissions to roles and roles to users.

Thank you for your attention.