Correction

Author: RobertoPrevato

guardpost/authorization.py

@@ -7,7 +7,6 @@
 
 from guardpost.abc import BaseStrategy
 from guardpost.authentication import Identity
-from guardpost.common import RolesRequirement
 
 
 class AuthorizationError(Exception):
@@ -34,6 +33,29 @@ async def handle(self, context: "AuthorizationContext"):
         """Handles this requirement for a given context."""
 
 
+class RolesRequirement(Requirement):
+    """
+    Requires an identity with certain roles.
+    Supports defining sufficient roles (any one is enough).
+    """
+
+    __slots__ = ("_roles",)
+
+    def __init__(self, roles: Optional[Sequence[str]] = None):
+        self._roles = list(roles) if roles else None
+
+    def handle(self, context: "AuthorizationContext"):
+        identity = context.identity
+
+        if not identity:
+            context.fail("Missing identity")
+            return
+
+        if self._roles:
+            if any(identity.has_role(name) for name in self._roles):
+                context.succeed(self)
+
+
 RequirementConfType = Union[Requirement, Type[Requirement]]
 
 

guardpost/common.py

@@ -1,5 +1,5 @@
 from collections.abc import Mapping
-from typing import Mapping as MappingType, Optional
+from typing import Mapping as MappingType
 from typing import Sequence, Union
 
 from .authorization import AuthorizationContext, Policy, Requirement
@@ -64,36 +64,3 @@ def handle(self, context: AuthorizationContext):
         else:
             if all(identity.has_claim(name) for name in self.required_claims):
                 context.succeed(self)
-
-
-class RolesRequirement(Requirement):
-    """
-    Requires an identity with certain roles.
-    Supports defining sufficient roles (any one is enough), and required roles (all
-    must be present).
-    """
-
-    __slots__ = ("_roles", "_required_roles")
-
-    def __init__(
-        self,
-        roles: Optional[Sequence[str]] = None,
-        required_roles: Optional[Sequence[str]] = None,
-    ):
-        self._required_roles = list(required_roles) if required_roles else None
-        self._roles = list(roles) if roles else None
-
-    def handle(self, context: AuthorizationContext):
-        identity = context.identity
-
-        if not identity:
-            context.fail("Missing identity")
-            return
-
-        if self._roles:
-            if any(identity.has_role(name) for name in self._roles):
-                context.succeed(self)
-
-        if self._required_roles:
-            if all(identity.has_role(name) for name in self._required_roles):
-                context.succeed(self)