class watson.auth.authorization.Acl(user)[source]

Access Control List functionality for managing users’ roles and permissions.

By default, the user model contains an acl attribute, which allows access to the Acl object.


boolean – Whether or not to allow/deny access if the permission has not been set on that role.


Initializes the Acl.

Parameters:user (watson.auth.models.UserMixin) – The user to validate against

Internal method to generate the permissions for the user.

Retrieve all the permissions associated with the users roles, and then merge the users individual permissions to overwrite the inherited role permissions.


Check to see if a user has a specific permission.

If the permission has not been set, then it access will be granted based on the allow_default attribute.

Parameters:permission (string) – The permission to find.

Validates a role against the associated roles on a user.

Parameters:role_key (string|tuple|list) – The role(s) to validate against.