diff options
| -rw-r--r-- | gn_libs/privileges/__init__.py | 7 | ||||
| -rw-r--r-- | gn_libs/privileges/resources.py (renamed from gn_libs/privileges/checks.py) | 16 |
2 files changed, 17 insertions, 6 deletions
diff --git a/gn_libs/privileges/__init__.py b/gn_libs/privileges/__init__.py index 9b2af85..b356ca7 100644 --- a/gn_libs/privileges/__init__.py +++ b/gn_libs/privileges/__init__.py @@ -1,2 +1,5 @@ -from .authspec import check, parse, SpecificationValueError -from .checks import can_view, can_edit, can_create, can_delete +from .authspec import (check, + parse, + SpecificationValueError, + privileges_fulfill_specs) +from . import resources diff --git a/gn_libs/privileges/checks.py b/gn_libs/privileges/resources.py index a7cc003..dea02f9 100644 --- a/gn_libs/privileges/checks.py +++ b/gn_libs/privileges/resources.py @@ -1,3 +1,4 @@ +"""Privilege checks for resources""" import uuid import logging from functools import partial @@ -12,23 +13,30 @@ logger = logging.getLogger(__name__) can_view = partial( privileges_fulfill_specs, - resource_spec="(OR group:resource:view-resource system:resource:view)", + resource_spec=( + "(OR group:resource:view-resource system:resource:view " + "system:inbredset:view-case-attribute)"), system_spec="(OR system:system-wide:data:view system:resource:view)") can_edit = partial( privileges_fulfill_specs, - resource_spec="(OR group:resource:edit-resource system:resource:edit)", + resource_spec=( + "(OR group:resource:edit-resource system:resource:edit " + "system:inbredset:edit-case-attribute)"), system_spec="(OR system:system-wide:data:edit system:resource:edit)") can_create = partial( privileges_fulfill_specs, - resource_spec="(OR group:resource:create-resource)", + resource_spec=("(OR group:resource:create-resource " + "system:inbredset:create-case-attribute)"), system_spec="(OR system:system-wide:data:create)") can_delete = partial( privileges_fulfill_specs, - resource_spec="(OR group:resource:delete-resource system:resource:delete)", + resource_spec=("(OR group:resource:delete-resource " + "system:inbredset:delete-case-attribute " + "system:resource:delete)"), system_spec="(OR system:system-wide:data:delete system:resource:delete)") |
