class Stytch::PolicyCache

def perform_consumer_authorization_check(

will be raised. This is used for role based authorization.
check succeeds, this method will return. If the check fails, a PermissionError
Performs an authorization check against the project's policy and a set of roles. If the
def perform_consumer_authorization_check(
  subject_roles:,
  authorization_check:
)
  policy = get_policy
  # For consumer authorization, we check roles without tenancy validation
  return if policy['roles'].any? do |role|
    next unless subject_roles.include?(role['role_id'])
    role['permissions'].any? do |permission|
      actions = permission['actions']
      resource = permission['resource_id']
      has_matching_action = actions.include?('*') || actions.include?(authorization_check['action'])
      has_matching_resource = resource == authorization_check['resource_id']
      has_matching_action && has_matching_resource
    end
  end
  # If we get here, we didn't find a matching permission
  raise Stytch::PermissionError, authorization_check
end