Add privileges checks for system-level actions. HEAD main

author: Frederick Muriuki Muriithi 2026-04-22 11:42:47 -0500
committer: Frederick Muriuki Muriithi 2026-04-23 10:27:38 -0500
commit: 78c54eed593e1ddd6fb31745e101b4d9a1d2647d (patch)
tree: d9cf96f545eb6132b96753254f5bf0557d4f50c5 /gn_libs/privileges/system.py
parent: d1b53468bd4bd45931796b6ceff9dd0fb29f7397 (diff)
download: gn-libs-main.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/gn_libs/privileges/system.py b/gn_libs/privileges/system.py
new file mode 100644
index 0000000..85e62f9
--- /dev/null
+++ b/gn_libs/privileges/system.py
@@ -0,0 +1,18 @@
+"""Checks for privileges for system-level actions."""
+import logging
+from functools import partial
+
+from .authspec import check
+
+
+logger = logging.getLogger(__name__)
+
+
+def can_link_data(system_privileges: tuple[str, ...]) -> bool:
+    """Check whether user is allowed to link data to user groups."""
+    return check("(AND system:data:link-to-group)", system_privileges)
+
+
+def can_masquerade(system_privileges: tuple[str, ...]) -> bool:
+    """Check whether the user is allowed to masquerade as a different user."""
+    return check("(AND system:user:masquerade)", system_privileges)
author	Frederick Muriuki Muriithi	2026-04-22 11:42:47 -0500
committer	Frederick Muriuki Muriithi	2026-04-23 10:27:38 -0500
commit	78c54eed593e1ddd6fb31745e101b4d9a1d2647d (patch)
tree	d9cf96f545eb6132b96753254f5bf0557d4f50c5 /gn_libs/privileges/system.py
parent	d1b53468bd4bd45931796b6ceff9dd0fb29f7397 (diff)
download	gn-libs-main.tar.gz