diff options
| author | Frederick Muriuki Muriithi | 2026-05-14 09:06:40 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2026-05-14 09:06:40 -0500 |
| commit | 422d40142e4373f51c539fa846cc33b604e54c0f (patch) | |
| tree | 98617c2086c61ab900b59e3d7fc9bce9109b9975 /gn_libs/privileges/authspec.py | |
| parent | 087a476fe37ec097196693abb5c0a0b12f8f38ae (diff) | |
| download | gn-libs-422d40142e4373f51c539fa846cc33b604e54c0f.tar.gz | |
Separate checking of system and resource privileges.
Merging the resource and system privileges before checking leads to some subtle bugs. This commit separates the checking of the two.
Diffstat (limited to 'gn_libs/privileges/authspec.py')
| -rw-r--r-- | gn_libs/privileges/authspec.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/gn_libs/privileges/authspec.py b/gn_libs/privileges/authspec.py index 2ae154f..2819f9d 100644 --- a/gn_libs/privileges/authspec.py +++ b/gn_libs/privileges/authspec.py @@ -167,10 +167,11 @@ def check(spec: str, privileges: tuple[str, ...]) -> bool: def privileges_fulfill_specs( - queried_privileges: tuple[str, ...], + resource_privileges: tuple[str, ...], + system_privileges: tuple[str, ...], resource_spec: str, system_spec: str ) -> bool: """Check whether a user's privileges fulfill the given specs.""" - return (check(resource_spec, queried_privileges) or - check(system_spec, queried_privileges)) + return (check(resource_spec, resource_privileges) or + check(system_spec, system_privileges)) |