Add initial work on execution policy

Author: timsavage

src/pyapp/app/__init__.py

@@ -154,6 +154,7 @@ def my_command(
 """
 
 import argparse
+import enum
 import io
 import logging.config
 import os
@@ -172,6 +173,7 @@ def my_command(
 from ..events import Event
 from ..exceptions import ApplicationExit
 from ..injection import register_factory
+from ..compatability import is_user_root, ROOT_NAME
 from ..utils.inspect import import_root_module
 from . import init_logger
 from .argument_actions import *  # noqa
@@ -181,6 +183,16 @@ def my_command(
 logger = logging.getLogger(__name__)
 
 
+class ExecutionPolicy(enum.IntEnum):
+    """Execution policy"""
+
+    Deny = 0
+    Confirm = 10
+    Warn = 20
+    Allow = 30
+
+
+
 def _key_help(key: str) -> str:
     """Formats a key value from environment vars."""
     if key in os.environ:
@@ -259,6 +271,7 @@ def __init__(  # noqa: PLR0913
         application_checks: str = None,
         env_settings_key: str = None,
         env_loglevel_key: str = None,
+        root_execution_policy: ExecutionPolicy = ExecutionPolicy.Deny,
     ):
         root_module = root_module or import_root_module()
         self.root_module = root_module
@@ -276,6 +289,8 @@ def __init__(  # noqa: PLR0913
             self.ext_allow_list = ext_white_list
         self.ext_block_list = ext_block_list
 
+        self.root_execution_policy = root_execution_policy
+
         # Determine application settings (disable for standalone scripts)
         if application_settings is None and root_module.__name__ != "__main__":
             application_settings = f"{root_module.__name__}.default_settings"
@@ -318,6 +333,19 @@ def application_summary(self) -> str:
             return f"{self.application_name} version {self.application_version} - {description}"
         return f"{self.application_name} version {self.application_version}"
 
+    def _apply_execution_policy(self):
+        if is_user_root():
+            match (self.root_execution_policy):
+                case ExecutionPolicy.Deny:
+                    print(f"Execution denied as {ROOT_NAME} user", file=os.stderr)
+                    sys.exit(1)
+                case ExecutionPolicy.Prompt:
+                    response = input(f"Warning: Executing as {ROOT_NAME}. Allow execution? [Y/N]")
+                    if response not in ("Y", "y"):
+                        sys.exit(1)
+                case ExecutionPolicy.Warning:
+                    print(f"Warning: Executing as {ROOT_NAME}", file=os.stderr)
+
     def _init_parser(self):
         # Create argument parser
         self.argument(

src/pyapp/utils/__init__.py

@@ -4,6 +4,8 @@
 """
 
 import importlib
+import os
+import sys
 import textwrap
 from fnmatch import fnmatch
 from typing import Any, Container, Sequence
@@ -19,6 +21,25 @@ def is_iterable(obj: Any) -> bool:
         return True
 
 
+if sys.platform.startswith("win"):
+    from ctypes import windll
+
+    ROOT_NAME = "Administrator"
+
+    
+    def is_root() -> bool:
+        """This is a root user."""
+        return bool(windll.shell32.IsUserAnAdmin()
+
+else:
+    ROOT_NAME = "root"
+
+
+    def is_root() -> bool:
+        """This is a root user."""
+        return bool(os.getuid() == 0)
+
+
 class CachedProperty:
     """
     A property that is only computed once per instance and then replaces