# Missing Role/Permission Checks

- ID: python-privilege-escalation
- Severity: HIGH
- CWE: CWE-269 (CWE-269)
- Languages: Python
- Frameworks: django, flask, fastapi

## Description

Detects privileged operations like role modification without verifying user permissions.

## Remediation

Use permission decorators to verify user roles before privileged operations.

```python
@permission_required('auth.change_user', raise_exception=True)
def promote_user(request, user_id):
    # Only users with permission reach here
```

Learn more: https://shoulder.dev/learn/python/cwe-269/privilege-escalation

## Documentation

[object Object]

## Related Rules

- **Default Privilege Assignment in User Creation** [HIGH]: