Source code for src.module.authorization.domain.value_objects

"""Authorization Context value objects — core of ABAC evaluation."""

from __future__ import annotations

from dataclasses import dataclass
from typing import Any




@dataclass(frozen=True, slots=True)
class EvaluationRequest:
    """Input to the PDP — all attributes needed for ABAC evaluation."""

    subject_attributes: dict[str, Any]
    action: str
    resource_type: str
    resource_id: str | None
    resource_attributes: dict[str, Any]
    environment_attributes: dict[str, Any]
    tenant_id: str





@dataclass(frozen=True, slots=True)
class EvaluationResult:
    """Output from the PDP — the access decision with metadata."""

    decision: str  # 'allow' or 'deny' only
    matching_policy_id: str | None = None
    matching_policy_name: str | None = None
    requires_approval: bool = False
    approval_config: dict[str, Any] | None = None
    reason: str = ""



@dataclass(frozen=True, slots=True)
class ConditionNode:
    """Represents a single condition in a policy's condition tree.

    Used for validation and analysis of policy conditions.
    """

    field: str | None = None
    op: str | None = None
    value: Any = None
    logical_op: str | None = None  # 'and', 'or', 'not'
    children: tuple[ConditionNode, ...] = ()




@dataclass(frozen=True, slots=True)
class PolicyData:
    """Immutable snapshot of a policy for evaluation (avoids passing Django models to domain)."""

    id: str
    name: str
    effect: str
    priority: int
    actions: list[str]
    resource_type: str
    resource_id: str | None
    subject_conditions: dict[str, Any]
    resource_conditions: dict[str, Any]
    environment_conditions: dict[str, Any]
    requires_approval: bool
    approval_config: dict[str, Any] | None
    is_static: bool = False