diff options
| author | Frederick Muriuki Muriithi | 2026-03-31 10:10:35 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2026-03-31 10:10:35 -0500 |
| commit | 96ba36523b83ab47513078c697df741c958ed794 (patch) | |
| tree | bc68fc284c46b3e9f8672600ff2c1a5bbd70f68a | |
| parent | 4d03d8032640d7c59a47048f84b36c4d6dc5c7c4 (diff) | |
| download | gn-libs-96ba36523b83ab47513078c697df741c958ed794.tar.gz | |
Rename module and add privileges to checks.
* checks.py --> resources.py * Add privileges for InbredSet groups editing.
| -rw-r--r-- | gn_libs/privileges/__init__.py | 7 | ||||
| -rw-r--r-- | gn_libs/privileges/resources.py (renamed from gn_libs/privileges/checks.py) | 16 |
2 files changed, 17 insertions, 6 deletions
diff --git a/gn_libs/privileges/__init__.py b/gn_libs/privileges/__init__.py index 9b2af85..b356ca7 100644 --- a/gn_libs/privileges/__init__.py +++ b/gn_libs/privileges/__init__.py @@ -1,2 +1,5 @@ -from .authspec import check, parse, SpecificationValueError -from .checks import can_view, can_edit, can_create, can_delete +from .authspec import (check, + parse, + SpecificationValueError, + privileges_fulfill_specs) +from . import resources diff --git a/gn_libs/privileges/checks.py b/gn_libs/privileges/resources.py index a7cc003..dea02f9 100644 --- a/gn_libs/privileges/checks.py +++ b/gn_libs/privileges/resources.py @@ -1,3 +1,4 @@ +"""Privilege checks for resources""" import uuid import logging from functools import partial @@ -12,23 +13,30 @@ logger = logging.getLogger(__name__) can_view = partial( privileges_fulfill_specs, - resource_spec="(OR group:resource:view-resource system:resource:view)", + resource_spec=( + "(OR group:resource:view-resource system:resource:view " + "system:inbredset:view-case-attribute)"), system_spec="(OR system:system-wide:data:view system:resource:view)") can_edit = partial( privileges_fulfill_specs, - resource_spec="(OR group:resource:edit-resource system:resource:edit)", + resource_spec=( + "(OR group:resource:edit-resource system:resource:edit " + "system:inbredset:edit-case-attribute)"), system_spec="(OR system:system-wide:data:edit system:resource:edit)") can_create = partial( privileges_fulfill_specs, - resource_spec="(OR group:resource:create-resource)", + resource_spec=("(OR group:resource:create-resource " + "system:inbredset:create-case-attribute)"), system_spec="(OR system:system-wide:data:create)") can_delete = partial( privileges_fulfill_specs, - resource_spec="(OR group:resource:delete-resource system:resource:delete)", + resource_spec=("(OR group:resource:delete-resource " + "system:inbredset:delete-case-attribute " + "system:resource:delete)"), system_spec="(OR system:system-wide:data:delete system:resource:delete)") |