sym.sdk.request_permission

Models for defining permissions required to view or perform actions on Requests.

Classes

PermissionLevel	Represent basic Request permission categories in the Sym platform.
RequestPermission	A class representing permissions required to view or act on Requests.

class sym.sdk.request_permission.PermissionLevel(value)

Bases: str, enum.Enum

Represent basic Request permission categories in the Sym platform.

PermissionLevels are defined in descending order of permissions. Each permission level includes all permission levels below it.

ADMIN = 'admin'

Permissions are applied to admins only. Admins are allowed to do anything. (e.g. Use symflow CLI, run Flows, apply Terraform).

ALL_USERS = 'all_users'

Permissions are applied to all users (admins, members and guests). Guests can approve/deny/revoke Requests, if the Flow is configured to allow guest interactions.

MEMBER = 'member'

Permissions are applied to admins and members only. Members can run Flows and interact with Requests.

pydantic model sym.sdk.request_permission.RequestPermission

Bases: pydantic.main.BaseModel

A class representing permissions required to view or act on Requests. If no permissions are specified, then admin permission is implied.

Fields

• allow_self_approval (bool)

• approve_deny (Union[sym.sdk.request_permission.PermissionLevel, List[uuid.UUID]])

• webapp_view (Union[sym.sdk.request_permission.PermissionLevel, List[uuid.UUID]])

Validators

• validate_list_of_uuids » approve_deny

• validate_list_of_uuids » webapp_view

field allow_self_approval: bool = False

Whether the requester may approve their own Request.

field approve_deny: Union[sym.sdk.request_permission.PermissionLevel, List[uuid.UUID]] [Required]

Defines who is allowed to approve or deny the Request. If a PermissionLevel is provided, all users with matching permissions will be able to approve or deny the Request. If specific IDs are provided, only those users will be granted permission to approve or deny the Request. Admins can always approve or deny all Requests. Convert List[User] to List[UUID] using user_ids().

Validated by

• validate_list_of_uuids

field webapp_view: Union[sym.sdk.request_permission.PermissionLevel, List[uuid.UUID]] [Required]

Defines who is allowed to view a Request in the web app. If a PermissionLevel is provided, all users with matching permissions will be able to view the Request. If specific IDs are provided, only those users will be granted permission to see the Request. Admins can always view all Requests. Convert List[User] to List[UUID] using user_ids().

Validated by

• validate_list_of_uuids

validator validate_list_of_uuids  »  webapp_view, approve_deny

Validate that the webapp_view and approve_deny fields are an expected value and type.

Parameters

value – Value passed to webapp_view or approve_deny.

Returns

A list of User IDs or PermissionLevel.

Raises

ValueError – If validation is unsuccessful.