Hone logo
Hone
Problems

Role-Based Access Control System

This challenge asks you to implement a simplified Role-Based Access Control (RBAC) system in Python. RBAC is a common security mechanism used to manage user permissions within applications. By assigning users to roles, and roles to specific permissions, you can efficiently control what actions users can perform.

Problem Description

You need to design and implement a Python system that manages users, roles, and permissions. The system should allow for:

  1. Defining Roles: Create distinct roles (e.g., "admin", "editor", "viewer").
  2. Assigning Permissions to Roles: Associate specific actions or resources with each role (e.g., a "write" permission for an "editor").
  3. Assigning Users to Roles: Link users to one or more roles.
  4. Checking Permissions: Determine if a given user has the necessary permission to perform a specific action.

Key Requirements:

  • User Management: A way to add users to the system.
  • Role Management: A way to define new roles and their associated permissions.
  • User-Role Assignment: A way to assign one or more roles to a user.
  • Permission Checking: A function that takes a user and a permission as input and returns True if the user has that permission, False otherwise.
  • Permissions: Represent permissions as strings (e.g., "read_document", "write_document", "delete_user").

Expected Behavior:

  • If a user is assigned a role, and that role has a specific permission, the user should be considered to have that permission.
  • If a user has multiple roles, they inherit all permissions from all their assigned roles.
  • If a user is not assigned any roles, or their assigned roles do not have the requested permission, they should not have that permission.

Edge Cases:

  • A user being assigned multiple roles.
  • A user having no roles assigned.
  • A permission not being defined for any role.
  • Trying to check permissions for a user who doesn't exist (though for this challenge, assume users are added first).

Examples

Example 1:

# Setup
rbac_system = RBACSystem()
rbac_system.add_role("admin", ["read", "write", "delete"])
rbac_system.add_role("editor", ["read", "write"])
rbac_system.add_role("viewer", ["read"])
rbac_system.add_user("alice")
rbac_system.assign_role_to_user("alice", "editor")

# Check permissions
print(rbac_system.has_permission("alice", "read"))
print(rbac_system.has_permission("alice", "write"))
print(rbac_system.has_permission("alice", "delete"))

Output:
True
True
False

Explanation: Alice is assigned the "editor" role, which has "read" and "write" permissions. Therefore, she has permission to "read" and "write", but not "delete".

Example 2:

# Setup
rbac_system = RBACSystem()
rbac_system.add_role("admin", ["read", "write", "delete"])
rbac_system.add_role("editor", ["read", "write"])
rbac_system.add_role("viewer", ["read"])
rbac_system.add_user("bob")
rbac_system.assign_role_to_user("bob", "admin")
rbac_system.assign_role_to_user("bob", "viewer") # Bob has multiple roles

# Check permissions
print(rbac_system.has_permission("bob", "read"))
print(rbac_system.has_permission("bob", "write"))
print(rbac_system.has_permission("bob", "delete"))
print(rbac_system.has_permission("bob", "execute")) # Permission not explicitly defined for any role

Output:
True
True
True
False

Explanation: Bob has both "admin" and "viewer" roles. The "admin" role grants "read", "write", and "delete". The "viewer" role grants "read". Bob inherits all permissions from both roles, so he has "read", "write", and "delete". The "execute" permission is not granted by any of his roles.

Example 3:

# Setup
rbac_system = RBACSystem()
rbac_system.add_role("developer", ["code", "debug"])
rbac_system.add_user("charlie")

# Check permissions
print(rbac_system.has_permission("charlie", "code"))

Output:
False

Explanation: Charlie has been added as a user, but no roles have been assigned to him. Therefore, he has no permissions, even if a role with the "code" permission exists.

Constraints

  • The system should be able to handle up to 1000 users.
  • The system should be able to define up to 50 distinct roles.
  • Each role can be associated with up to 100 distinct permissions.
  • Permissions are represented as strings.
  • Usernames and role names are case-sensitive strings.

Notes

  • Consider how you will store the relationships between users, roles, and permissions. Dictionaries or sets might be useful.
  • Think about how to efficiently check for permissions when a user has multiple roles.
  • The RBACSystem class should encapsulate all the logic. You'll need methods like add_user, add_role, assign_role_to_user, and has_permission.
Loading editor...
python