Secure Resource Access with Role-Based Permissions

Access control is a fundamental aspect of software security, ensuring that only authorized users or roles can access specific resources or perform certain actions. This challenge asks you to implement a basic role-based access control (RBAC) system in Python, allowing you to define roles and permissions and then check if a user with a given role has access to a particular resource. This is a common pattern in web applications, APIs, and other systems where security is paramount.

Problem Description

You need to design and implement a system that manages user roles and permissions. The system should allow you to:

Define Roles: Create roles (e.g., "admin", "editor", "viewer").
Assign Permissions to Roles: Associate specific permissions with each role (e.g., "read_articles", "write_articles", "delete_articles").
Check User Permissions: Given a user's role, determine if they have permission to perform a specific action on a resource.

The core of the solution is a PermissionChecker class. This class should have the following methods:

add_role(role_name): Adds a new role to the system.
add_permission(role_name, permission_name): Adds a permission to a specific role.
check_permission(role_name, permission_name): Returns True if the role has the specified permission, False otherwise.

You should also consider how to handle cases where a role doesn't exist or a permission is not assigned to a role.

Examples

Example 1:

Input:
- add_role("admin")
- add_role("editor")
- add_permission("admin", "read_articles")
- add_permission("admin", "write_articles")
- add_permission("editor", "read_articles")
- check_permission("admin", "read_articles")
- check_permission("editor", "write_articles")
Output:
True
False
Explanation: The "admin" role has "read_articles" permission. The "editor" role does not have "write_articles" permission.

Example 2:

Input:
- add_role("viewer")
- add_permission("viewer", "read_articles")
- check_permission("viewer", "read_articles")
- check_permission("viewer", "write_articles")
Output:
True
False
Explanation: The "viewer" role has "read_articles" permission, but not "write_articles".

Example 3: (Edge Case - Role Doesn't Exist)

Input:
- check_permission("guest", "read_articles")
Output:
False
Explanation: The "guest" role does not exist, so it cannot have any permissions.

Constraints

Role names and permission names are strings.
The number of roles and permissions will be relatively small (less than 100).
The system should be efficient enough to handle a reasonable number of permission checks without significant performance degradation.
Error handling should be graceful; the system should not crash if a role or permission is not found.

Notes

Consider using a dictionary or other suitable data structure to store roles and their associated permissions.
Think about how to handle potential errors, such as trying to add a permission to a non-existent role.
The focus is on the core logic of the permission checking system. You don't need to implement user authentication or authorization. Assume the role name is already known.
The solution should be well-documented and easy to understand.

Secure Resource Access with Role-Based Permissions

Problem Description

You need to design and implement a system that manages user roles and permissions. The system should allow you to:

Define Roles: Create roles (e.g., "admin", "editor", "viewer").

Assign Permissions to Roles: Associate specific permissions with each role (e.g., "read_articles", "write_articles", "delete_articles").

Check User Permissions: Given a user's role, determine if they have permission to perform a specific action on a resource.

The core of the solution is a PermissionChecker class. This class should have the following methods:

add_role(role_name): Adds a new role to the system.

add_permission(role_name, permission_name): Adds a permission to a specific role.

check_permission(role_name, permission_name): Returns True if the role has the specified permission, False otherwise.

You should also consider how to handle cases where a role doesn't exist or a permission is not assigned to a role.

Examples

Example 1:

Input: - add_role("admin") - add_role("editor") - add_permission("admin", "read_articles") - add_permission("admin", "write_articles") - add_permission("editor", "read_articles") - check_permission("admin", "read_articles") - check_permission("editor", "write_articles") Output: True False Explanation: The "admin" role has "read_articles" permission. The "editor" role does not have "write_articles" permission.

Example 2:

Input: - add_role("viewer") - add_permission("viewer", "read_articles") - check_permission("viewer", "read_articles") - check_permission("viewer", "write_articles") Output: True False Explanation: The "viewer" role has "read_articles" permission, but not "write_articles".

Example 3: (Edge Case - Role Doesn't Exist)

Input: - check_permission("guest", "read_articles") Output: False Explanation: The "guest" role does not exist, so it cannot have any permissions.

Constraints

Role names and permission names are strings.

The number of roles and permissions will be relatively small (less than 100).

The system should be efficient enough to handle a reasonable number of permission checks without significant performance degradation.

Error handling should be graceful; the system should not crash if a role or permission is not found.

Notes

Consider using a dictionary or other suitable data structure to store roles and their associated permissions.

Think about how to handle potential errors, such as trying to add a permission to a non-existent role.

The focus is on the core logic of the permission checking system. You don't need to implement user authentication or authorization. Assume the role name is already known.

The solution should be well-documented and easy to understand.