diff options
Diffstat (limited to 'gn_libs/privileges')
| -rw-r--r-- | gn_libs/privileges/resources.py | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/gn_libs/privileges/resources.py b/gn_libs/privileges/resources.py index 4b66c59..217a57d 100644 --- a/gn_libs/privileges/resources.py +++ b/gn_libs/privileges/resources.py @@ -11,9 +11,9 @@ logger = logging.getLogger(__name__) can_view = partial( privileges_fulfill_specs, resource_spec=( - "(OR group:resource:view-resource system:resource:view " - " system:inbredset:view-case-attribute)"), - system_spec="(OR system:system-wide:data:view system:resource:view)") + "(OR group:resource:view-resource system:inbredset:view-case-attribute " + " system:resource:public-read)"), + system_spec="(OR system:system-wide:data:view)") can_edit = partial( @@ -21,13 +21,11 @@ can_edit = partial( resource_spec=( "(OR " " (AND group:resource:view-resource group:resource:edit-resource) " - " (AND system:resource:view system:resource:edit) " " (AND system:inbredset:view-case-attribute " " system:inbredset:edit-case-attribute))"), system_spec=( "(OR " - " (AND system:system-wide:data:view system:system-wide:data:edit) " - " (AND system:resource:view system:resource:edit))")) + " (AND system:system-wide:data:view system:system-wide:data:edit))")) def can_batch_edit(queried_privileges: tuple[str, ...]) -> bool: @@ -53,15 +51,11 @@ can_delete = partial( " group:resource:edit-resource group:resource:delete-resource) " " (AND system:inbredset:view-case-attribute " " system:inbredset:edit-case-attribute " - " system:inbredset:delete-case-attribute) " - " (AND system:resource:view system:resource:edit " - " system:resource:delete))"), + " system:inbredset:delete-case-attribute))"), system_spec=( "(OR " " (AND system:system-wide:data:view system:system-wide:data:edit " - " system:system-wide:data:delete) " - " (AND system:resource:view system:resource:edit " - " system:resource:delete))")) + " system:system-wide:data:delete))")) can_apply_or_reject_edit = partial( |