app.services.game_access module

app.services.game_access.can_access_user(user, *, api_key=None, oauth_user_id=None, is_admin=False)[source]

Return whether the caller context is allowed to access a user.

Admin tokens can access every user. API-key callers are scoped to users created with their key. OAuth non-admin callers pass through here so that game-level enforcement (get_authorized_game) gates individual data points.

Parameters:

  • user (Any)

  • api_key (str | None)

  • oauth_user_id (str | None)

  • is_admin (bool)

Return type:

bool

async app.services.game_access.get_authorized_user(user_repository, external_user_id, *, api_key=None, oauth_user_id=None, is_admin=False)[source]

Load a user and assert the caller is allowed to access them.

Parameters:

  • user_repository – Repository used to look the user up.

  • external_user_id (str) – External identifier of the user.

  • api_key (str | None) – Caller’s API key, for ownership scoping.

  • oauth_user_id (str | None) – Caller’s OAuth subject, for scoping.

  • is_admin (bool) – Whether the caller has the admin role.

Returns:

Any – The authorized user entity.

Raises:

  • NotFoundError – If the user does not exist.

  • ForbiddenError – If the caller may not access the user.

Return type:

Any

app.services.game_access.can_access_game(game, *, api_key=None, oauth_user_id=None, is_admin=False)[source]

Return whether the caller context is allowed to access a game.

Admin bearer tokens can access every game. Non-admin callers are scoped to games created with their API key prefix or their OAuth subject.

Parameters:

  • game (Any)

  • api_key (str | None)

  • oauth_user_id (str | None)

  • is_admin (bool)

Return type:

bool

async app.services.game_access.get_authorized_game(game_repository, game_id, *, api_key=None, oauth_user_id=None, is_admin=False)[source]

Load a game and assert the caller is allowed to access it.

Parameters:

  • game_repository – Repository used to look the game up.

  • game_id – Internal identifier of the game.

  • api_key (str | None) – Caller’s API key, for ownership scoping.

  • oauth_user_id (str | None) – Caller’s OAuth subject, for scoping.

  • is_admin (bool) – Whether the caller has the admin role.

Returns:

Any – The authorized game entity.

Raises:

  • NotFoundError – If the game does not exist.

  • ForbiddenError – If the caller may not access the game.

Return type:

Any