From 3fb1c3e614f659975f9601b654c8bd11750283d8 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Tue, 31 Mar 2026 10:56:13 -0500
Subject: Check for applying/rejecting edits for resources requiring review.

Some resources, when edited by a user, might require that those
changes be reviewed and either applied or rejected by a different
reviewer.
---
 gn_libs/privileges/resources.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/gn_libs/privileges/resources.py b/gn_libs/privileges/resources.py
index 431ccd3..14d0ad1 100644
--- a/gn_libs/privileges/resources.py
+++ b/gn_libs/privileges/resources.py
@@ -57,3 +57,19 @@ can_delete = partial(
         "       system:system-wide:data:delete) "
         "  (AND system:resource:view system:resource:edit "
         "       system:resource:delete))"))
+
+
+can_apply_or_reject_edit = partial(
+    privileges_fulfill_specs,
+    resource_spec=(
+        "(AND system:inbredset:view-case-attribute "
+        "     system:inbredset:edit-case-attribute "
+        "     system:inbredset:delete-case-attribute "
+        "     system:inbredset:apply-case-attribute-edit "
+        "     system:inbredset:reject-case-attribute-edit)"),
+    system_spec=(
+        "(AND system:system-wide:inbredset:view-case-attribute "
+        "     system:system-wide:inbredset:edit-case-attribute "
+        "     system:system-wide:inbredset:delete-case-attribute "
+        "     system:system-wide:inbredset:apply-case-attribute-edit "
+        "     system:system-wide:inbredset:reject-case-attribute-edit)"))
-- 
cgit 1.4.1