about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2026-04-22 11:42:47 -0500
committerFrederick Muriuki Muriithi2026-04-23 10:27:38 -0500
commit78c54eed593e1ddd6fb31745e101b4d9a1d2647d (patch)
treed9cf96f545eb6132b96753254f5bf0557d4f50c5
parentd1b53468bd4bd45931796b6ceff9dd0fb29f7397 (diff)
downloadgn-libs-main.tar.gz
Add privileges checks for system-level actions. HEAD main
Diffstat
-rw-r--r--gn_libs/privileges/system.py18


1 files changed, 18 insertions, 0 deletions
diff --git a/gn_libs/privileges/system.py b/gn_libs/privileges/system.py
new file mode 100644
index 0000000..85e62f9
--- /dev/null
+++ b/gn_libs/privileges/system.py
@@ -0,0 +1,18 @@
+"""Checks for privileges for system-level actions."""
+import logging
+from functools import partial
+
+from .authspec import check
+
+
+logger = logging.getLogger(__name__)
+
+
+def can_link_data(system_privileges: tuple[str, ...]) -> bool:
+    """Check whether user is allowed to link data to user groups."""
+    return check("(AND system:data:link-to-group)", system_privileges)
+
+
+def can_masquerade(system_privileges: tuple[str, ...]) -> bool:
+    """Check whether the user is allowed to masquerade as a different user."""
+    return check("(AND system:user:masquerade)", system_privileges)

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-26 21:52:27 +0000