class Stytch::PolicyCache
def perform_consumer_authorization_check(
check succeeds, this method will return. If the check fails, a PermissionError
Performs an authorization check against the project's policy and a set of roles. If the
def perform_consumer_authorization_check( subject_roles:, authorization_check: ) policy = get_policy # For consumer authorization, we check roles without tenancy validation return if policy['roles'].any? do |role| next unless subject_roles.include?(role['role_id']) role['permissions'].any? do |permission| actions = permission['actions'] resource = permission['resource_id'] has_matching_action = actions.include?('*') || actions.include?(authorization_check['action']) has_matching_resource = resource == authorization_check['resource_id'] has_matching_action && has_matching_resource end end # If we get here, we didn't find a matching permission raise Stytch::PermissionError, authorization_check end