Separate checking of system and resource privileges. HEAD main

Merging the resource and system privileges before checking leads to some subtle bugs. This commit separates the checking of the two.
author: Frederick Muriuki Muriithi 2026-05-14 09:06:40 -0500
committer: Frederick Muriuki Muriithi 2026-05-14 09:06:40 -0500
commit: 422d40142e4373f51c539fa846cc33b604e54c0f (patch)
tree: 98617c2086c61ab900b59e3d7fc9bce9109b9975 /gn_libs/privileges/authspec.py
parent: 087a476fe37ec097196693abb5c0a0b12f8f38ae (diff)
download: gn-libs-main.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/gn_libs/privileges/authspec.py b/gn_libs/privileges/authspec.py
index 2ae154f..2819f9d 100644
--- a/gn_libs/privileges/authspec.py
+++ b/gn_libs/privileges/authspec.py
@@ -167,10 +167,11 @@ def check(spec: str, privileges: tuple[str, ...]) -> bool:
 
 
 def privileges_fulfill_specs(
-        queried_privileges: tuple[str, ...],
+        resource_privileges: tuple[str, ...],
+        system_privileges: tuple[str, ...],
         resource_spec: str,
         system_spec: str
 ) -> bool:
     """Check whether a user's privileges fulfill the given specs."""
-    return (check(resource_spec, queried_privileges) or
-            check(system_spec, queried_privileges))
+    return (check(resource_spec, resource_privileges) or
+            check(system_spec, system_privileges))
author	Frederick Muriuki Muriithi	2026-05-14 09:06:40 -0500
committer	Frederick Muriuki Muriithi	2026-05-14 09:06:40 -0500
commit	422d40142e4373f51c539fa846cc33b604e54c0f (patch)
tree	98617c2086c61ab900b59e3d7fc9bce9109b9975 /gn_libs/privileges/authspec.py
parent	087a476fe37ec097196693abb5c0a0b12f8f38ae (diff)
download	gn-libs-main.tar.gz