from __future__ import annotations import uuid from typing import TYPE_CHECKING from src import domain, dto if TYPE_CHECKING: from .. import Usecase async def update_workspace_member_permissions( self: Usecase, workspace_id: uuid.UUID, workspace_user_id: uuid.UUID, user_id: uuid.UUID, input: dto.UpdateWorkspaceMemberPermissionsInput, ) -> dto.WorkspaceMemberOutput: await self.ensure_workspace_permission(workspace_id, user_id, domain.PermissionKey.ADMIN_FULL) member = await self.database.get_workspace_member(workspace_user_id) if not member or member.workspace_id != workspace_id: raise domain.WorkspaceAccessDenied(workspace_id) global_permissions: set[domain.PermissionKey] = set() scoped_assignments: set[tuple[domain.PermissionKey, domain.PermissionScopeType, uuid.UUID]] = set() for permission in input.permissions: if permission.scopes: for scope in permission.scopes: scoped_assignments.add((permission.key, scope.type, scope.id)) else: global_permissions.add(permission.key) await self.database.set_workspace_user_permissions( member.id, global_permissions=global_permissions, scoped_permissions=list(scoped_assignments), ) updated_member = await self.database.get_workspace_member(member.id) if not updated_member: raise domain.WorkspaceAccessDenied(workspace_id) return dto.WorkspaceMemberOutput.from_domain(updated_member)