about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--gn_auth/auth/authorisation/resources/views.py1
-rw-r--r--migrations/auth/20250729_01_CNn2p-create-initial-system-wide-resources-access-privileges.py31
2 files changed, 31 insertions, 1 deletions
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py
index f497219..b52e972 100644
--- a/gn_auth/auth/authorisation/resources/views.py
+++ b/gn_auth/auth/authorisation/resources/views.py
@@ -684,7 +684,6 @@ def delete_resource() -> Response:
         form = request_json()
         try:
             resource_id = UUID(form.get("resource_id"))
-            # TODO Add migrations to set up new privileges (system:resource:*)
             # TODO Add migrations to grant privileges (system:resource:*) to admin users
             # TODO Update resource creation to grant privileges (system:resource:*) to admin users
             # TODO Update user-levels promotion/demotion to grant/revoke (system:resource:*) to/from admin users
diff --git a/migrations/auth/20250729_01_CNn2p-create-initial-system-wide-resources-access-privileges.py b/migrations/auth/20250729_01_CNn2p-create-initial-system-wide-resources-access-privileges.py
new file mode 100644
index 0000000..be0d022
--- /dev/null
+++ b/migrations/auth/20250729_01_CNn2p-create-initial-system-wide-resources-access-privileges.py
@@ -0,0 +1,31 @@
+"""
+Create initial system-wide resources access privileges
+"""
+
+from yoyo import step
+
+__depends__ = {'20250722_02_M8TXv-add-system-user-edit-privilege-to-system-admin-role'}
+
+steps = [
+    step(
+        """
+        INSERT INTO privileges(privilege_id, privilege_description)
+        VALUES
+          ("system:resource:view",
+           "View the wrapper resource object (not attached data). This is mostly for administration purposes."),
+          ("system:resource:edit",
+           "Edit/update the wrapper resource object (not attached data). This is mostly for administration purposes."),
+          ("system:resource:delete",
+           "Delete the wrapper resource object (not attached data). This is mostly for administration purposes."),
+          ("system:resource:reassign-group",
+           "Reassign the resource, and its data, to a different user group."),
+          ("system:resource:assign-owner",
+           "Assign ownership of any resource to any user.")
+        """,
+        """
+        DELETE FROM privileges WHERE privilege_id IN
+          ("system:resource:view", "system:resource:edit",
+           "system:resource:delete", "system:resource:reassign-group",
+           "system:resource:assign-owner")
+        """)
+]
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-10-05 17:03:00 +0000