From 4d1269e40ab745580ba080c05d7cddfea87880d6 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Wed, 11 Mar 2026 13:04:43 -0500
Subject: Resources: make-public: Create new privilege.

Create the new 'system:resource:make-public' privilege to be used to
restrict the ability of users to make their resources accessible by
the general public.
---
 ...strict-access-to-resources-make-public-feature.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 migrations/auth/20260311_03_vxBCX-restrict-access-to-resources-make-public-feature.py

diff --git a/migrations/auth/20260311_03_vxBCX-restrict-access-to-resources-make-public-feature.py b/migrations/auth/20260311_03_vxBCX-restrict-access-to-resources-make-public-feature.py
new file mode 100644
index 0000000..94b7bde
--- /dev/null
+++ b/migrations/auth/20260311_03_vxBCX-restrict-access-to-resources-make-public-feature.py
@@ -0,0 +1,20 @@
+"""
+Restrict access to resources' 'Make Public' feature.
+"""
+
+from yoyo import step
+
+__depends__ = {'20260311_02_v3EFQ-assign-systemwide-docs-editor-role-to-sysadmins'}
+
+steps = [
+    step(
+        """
+        INSERT INTO privileges(privilege_id, privilege_description)
+        VALUES(
+        'system:resource:make-public',
+        'Allow user to make a resource publicly accessible.')
+        """,
+        """
+        DELETE FROM privileges WHERE privilege_id='system:resource:make-public'
+        """)
+]
-- 
cgit 1.4.1