Skip to content

Permissions

Use auth.permissions for permission grants, revocations, search, and operation status checks. Permission operations return references; poll those references before treating the change as complete.

operation = auth.permissions.grant_person(
subject_type="pesel",
subject_value="90010112345",
permissions=["invoice_read"],
description="Read invoices",
first_name="Jan",
last_name="Kowalski",
)
status = auth.permissions.get_operation_status(
reference_number=operation.reference_number,
)
print(status.status.code, status.status.description)
from ksef2.domain.models import PersonalPermissionsQuery
page = auth.permissions.query_personal(
query=PersonalPermissionsQuery(permission_types=["invoice_read"]),
)
for permission in page.permissions:
print(permission.id, permission.permission_state)

Use the returned permission id for revocation:

auth.permissions.revoke_common(permission_id="permission-id")
auth.permissions.revoke_authorization(permission_id="authorization-id")
status = auth.permissions.get_attachment_permission_status()
print(status.is_attachment_allowed)
  1. Grant the smallest permission set required by the target subject.

  2. Persist the operation reference returned by KSeF.

  3. Poll operation status before exposing the permission in your application.

  4. Query permissions to collect ids for audits or revocation.

  5. Revoke by permission id when access should end.