access_evaluator.py¶

Generated: 2026-03-30T04:38:46.698237+00:00

Commit: 615f1354a103

Language: python

Scope: dazzle_back

Purpose¶

Access rule evaluator with Cedar-style permit/forbid semantics.

Evaluates EntityAccessSpec from BackendSpec at runtime, supporting: - Cedar three-rule evaluation: FORBID > PERMIT > default-deny - Role checks: role(admin) - Persona scoping: restrict rules to specific personas - Relationship traversa...

Key Exports¶

evaluate_access_condition
evaluate_visibility
evaluate_permission
evaluate_permission_bool
can_read
can_create
can_update
can_delete
filter_visible_records

Dependencies¶

Imports¶

typing.Any
dazzle.core.access.AccessDecision
dazzle.core.access.AccessRuntimeContext
dazzle_back.runtime._comparison.eval_comparison_op
dazzle_back.runtime._comparison.normalize_for_comparison
dazzle_back.specs.AccessComparisonKind
dazzle_back.specs.AccessConditionSpec
dazzle_back.specs.AccessLogicalKind
dazzle_back.specs.AccessOperationKind
dazzle_back.specs.AccessPolicyEffect
dazzle_back.specs.EntityAccessSpec
dazzle_back.specs.auth.AccessAuthContext
dazzle_back.specs.auth.PermissionRuleSpec
uuid
datetime.UTC
datetime.datetime
dazzle.rbac.audit.AccessDecisionRecord
dazzle.rbac.audit.get_audit_sink

Event Interactions¶

None detected.

Invariants and Assumptions¶

No invariants documented.

Tests¶

tests/unit/test_access_evaluator.py
tests/integration/test_runtime_e2e.py
tests/integration/test_runtime_pipeline.py
tests/unit/test_runtime_test_routes.py
tests/unit/test_runtime_services.py

Notes¶

This page was automatically generated by tools/gen_reference_docs.py.