[{'Text': '"""Authentication decorators for tool permissions.\n\nThis module provides decorators to control tool accessibility based on\nAuth0 roles and permissions.\n\nUsage:\n    from point_topic_mcp.auth import requires_permissions, public\n\n    @public\n    @mcp.tool()\n    async def get_server_info() -> dict:\n        return {"status": "ok"}  # Available to everyone\n\n    @requires_permissions(["read:data"])\n    @mcp.tool()\n    async def query_data() -> dict:\n        return {"data": "sensitive"}  # Requires permission\n"""\n\nfrom typing import Union\n\n# Registry to track public tools by function name\nPUBLIC_TOOLS: set[str] = set()\n\n# Registry to track tools with permission requirements\n# Format: {tool_name: [permissions_list]}\nTOOL_PERMISSIONS: dict[str, list[str]] = {}\n\n\ndef public(func):\n    """Mark tool as available to everyone (no authentication required).\n\n    Tools with this decorator will work regardless of authentication status.\n\n    Args:\n        func: The tool function to mark as public\n\n    Returns:\n        The original function (registered as public)\n    """\n    PUBLIC_TOOLS.add(func.__name__)\n    return func\n\n\ndef is_public_tool(name: str) -> bool:\n    """Check if a tool is marked as public.\n\n    Args:\n        name: The tool function name to check\n\n    Returns:\n        True if the tool is public, False otherwise\n    """\n    return name in PUBLIC_TOOLS\n\n\ndef requires_permissions(permissions: Union[str, list[str]]):\n    """Require specific permissions to use a tool.\n\n    This decorator marks tools that require specific Auth0 permissions.\n    The permission check happens at tool call time via the middleware.\n\n    Args:\n        permissions: Single permission string or list of permission strings.\n                    User must have ALL listed permissions to access the tool.\n                    Examples: "read:data" or ["read:data", "write:data"]\n\n    Returns:\n        Decorator function that marks the tool with permission requirements\n\n    Example:\n        @requires_permissions("read:data")\n        @mcp.tool()\n        async def get_data():\n            return {"data": "secret"}\n\n        @requires_permissions(["admin:users", "write:config"])\n        @mcp.tool()\n        async def admin_action():\n            return {"action": "performed"}\n    """\n    # Normalize permissions to list\n    if isinstance(permissions, str):\n        required_perms = [permissions]\n    else:\n        required_perms = list(permissions)\n\n    def decorator(func):\n        """Store permission requirements for this tool."""\n        TOOL_PERMISSIONS[func.__name__] = required_perms\n        return func\n\n    return decorator\n\n\ndef get_tool_permissions(tool_name: str) -> list[str]:\n    """Get required permissions for a tool.\n\n    Args:\n        tool_name: Name of the tool to check\n\n    Returns:\n        List of required permissions, empty list if no requirements\n    """\n    return TOOL_PERMISSIONS.get(tool_name, [])\n\n\ndef has_tool_permissions(tool_name: str, user_permissions: list[str]) -> bool:\n    """Check if user has required permissions for a tool.\n\n    Args:\n        tool_name: Name of the tool to check access for\n        user_permissions: List of permissions the user has\n\n    Returns:\n        True if user has all required permissions or is ptAdmin\n    """\n    # Public tools require no permissions\n    if is_public_tool(tool_name):\n        return True\n\n    # Get required permissions for this tool\n    required = get_tool_permissions(tool_name)\n\n    # No requirements means accessible to all authenticated users\n    if not required:\n        return True\n\n    # ptAdmin bypasses all permission checks\n    admin_roles = ["ptAdmin"]\n    if any(role in user_permissions for role in admin_roles):\n        return True\n\n    # Check if user has ALL required permissions\n    return all(perm in user_permissions for perm in required)\n\n\n__all__ = [\n    "public",\n    "is_public_tool",\n    "PUBLIC_TOOLS",\n    "requires_permissions",\n    "get_tool_permissions",\n    "has_tool_permissions",\n    "TOOL_PERMISSIONS",\n]\n'}]