def is_user_authorized()

in auth.py [0:0]

• 12 lines of code
• 8 McCabe index (conditional complexity)

def is_user_authorized(name: str, principal_id: str, groups: List[str]) -> bool:
    """Check if user is authorized based on group or user criteria."""
    allowed_names = read_env_list("ALLOWED_USER_NAMES")
    allowed_ids = read_env_list("ALLOWED_USER_PRINCIPALS")
    allowed_groups = read_env_list("ALLOWED_GROUP_NAMES")

    if not (allowed_names or allowed_ids or allowed_groups):
        return True

    if name in allowed_names or principal_id in allowed_ids:
        return True

    if any(group in allowed_groups for group in groups):
        return True

    logging.info(f"[auth] Access denied for user {name}. Not in allowed users or groups.")
    return False