Role & Permission Checks

Protect your endpoints by requiring specific roles or fine-grained permissions.

`RoleChecker`

Enforces that the user has all specified roles. Raises 403 Forbidden if any role is missing.

from authtuna.integrations import RoleChecker

# Requires BOTH 'Admin' AND 'Moderator' roles
@app.delete("/content/{id}", dependencies=[Depends(RoleChecker("Admin", "Moderator"))])
async def delete_content():
    return {"status": "Deletion authorized"}

`PermissionChecker` (Scoped Authorization)

The most flexible dependency. It checks for a named permission and supports scoping based on URL parameters.

The scope_from_path parameter automatically constructs a scope string (e.g., project:456) and checks for permissions valid in that specific scope or the global scope.

@app.patch("/project/{project_id}/settings")
async def update_project(
    project_id: str,
    # Checks for "project:write:settings" in scope "project:{project_id}"
    user = Depends(PermissionChecker("project:write:settings", scope_from_path="project_id"))
):
    return {"status": "Project update authorized"}