:orphan:


:py:mod:`security_utils`
====================================






Functions
~~~~~~~~~

.. autoapisummary::

   hx_requests.security_utils.app_label_from_module
   hx_requests.security_utils.is_globally_allowed
   hx_requests.security_utils.is_unauthenticated_allowed
   hx_requests.security_utils.is_allowed_by_spec




:py:mod:`app_label_from_module`
-------------------------------

.. py:function:: app_label_from_module(module_name: str) -> str | None

   Resolve a Django app label from a module path.
   Uses apps.get_containing_app_config with a light fallback.



:py:mod:`is_globally_allowed`
-----------------------------

.. py:function:: is_globally_allowed(global_allow_spec, hx_app: str | None, hx_name: str) -> bool

   Global allow semantics:
     - list-form: any Hx from listed apps is globally allowed
     - dict-form: only listed Hx names (or __all__) from that app are globally allowed



:py:mod:`is_unauthenticated_allowed`
------------------------------------

.. py:function:: is_unauthenticated_allowed(spec, hx_app: str | None, hx_name: str | None) -> bool

   Unauthenticated allowlist semantics (separate from is_globally_allowed):
     - list/tuple/set: any Hx from listed apps is allowed unauthenticated
     - dict:
         app -> "__all__"                 # all Hx in that app
         app -> ["HxNameA", "HxNameB"]    # only these Hx names in that app



:py:mod:`is_allowed_by_spec`
----------------------------

.. py:function:: is_allowed_by_spec(allow_spec, hx_app: str | None, hx_name: str) -> bool

   General allowlist semantics:
     - list/tuple/set: any Hx from listed apps is allowed
     - dict:
         app -> "__all__"                 # all Hx in that app
         app -> ["HxNameA", "HxNameB"]    # only these Hx names in that app