Check for applying/rejecting edits for resources requiring review.

Some resources, when edited by a user, might require that those
changes be reviewed and either applied or rejected by a different
reviewer.

1 files changed, 16 insertions, 0 deletions

diff --git a/gn_libs/privileges/resources.py b/gn_libs/privileges/resources.py
index 431ccd3..14d0ad1 100644
--- a/gn_libs/privileges/resources.py
+++ b/gn_libs/privileges/resources.py
@@ -57,3 +57,19 @@ can_delete = partial(
         "       system:system-wide:data:delete) "
         "  (AND system:resource:view system:resource:edit "
         "       system:resource:delete))"))
+
+
+can_apply_or_reject_edit = partial(
+    privileges_fulfill_specs,
+    resource_spec=(
+        "(AND system:inbredset:view-case-attribute "
+        "     system:inbredset:edit-case-attribute "
+        "     system:inbredset:delete-case-attribute "
+        "     system:inbredset:apply-case-attribute-edit "
+        "     system:inbredset:reject-case-attribute-edit)"),
+    system_spec=(
+        "(AND system:system-wide:inbredset:view-case-attribute "
+        "     system:system-wide:inbredset:edit-case-attribute "
+        "     system:system-wide:inbredset:delete-case-attribute "
+        "     system:system-wide:inbredset:apply-case-attribute-edit "
+        "     system:system-wide:inbredset:reject-case-attribute-edit)"))