admin/cloud-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fbb820d7b33334ff0ae4ee96473974fe6f9748a2
cloud-services/pkg/adminroles/roles_checker.go

110 lines
2.2 KiB
Go
Raw Blame History

package adminroles
import (
"strings"
"fiskerinc.com/modules/validator"
"github.com/pkg/errors"
)
const MissingPermissionError = "missing permission"
type RolesChecker struct {
RequiredRoles []string
}
func (rc *RolesChecker) Check(roles []string) error {
if len(rc.RequiredRoles) != 0 {
return rc.HasRole(roles)
}
return nil
}
func (rc *RolesChecker) CheckGroups(groups interface{}) error {
if len(rc.RequiredRoles) != 0 {
roles, err := rc.parseRolesFromGroups(groups)
if err != nil {
return errors.New(MissingPermissionError)
}
return rc.HasRole(roles)
}
return nil
}
func (rc *RolesChecker) HasRole(roles []string) error {
err := validator.ValidateField(roles, "max=1024,dive,uuid")
if err != nil {
return errors.WithStack(err)
}
for _, required := range rc.RequiredRoles {
if rc.containsRole(required, roles) {
return nil
}
}
return errors.New(MissingPermissionError)
}
func (rc *RolesChecker) parseRolesFromGroups(groups interface{}) ([]string, error) {
if str, ok := groups.(string); ok {
return rc.parseStringRoles(str)
}
if items, ok := groups.([]interface{}); ok && len(items) > 0 {
if _, ok := items[0].(string); ok {
return rc.parseSliceRoles(items)
}
}
return nil, errors.New(MissingPermissionError)
}
func (rc *RolesChecker) parseSliceRoles(groups []interface{}) ([]string, error) {
items := make([]string, len(groups))
for i, item := range groups {
items[i] = item.(string)
}
return items, nil
}
func (rc *RolesChecker) parseStringRoles(groups string) ([]string, error) {
clean := strings.Trim(strings.ReplaceAll(groups, " ", ""), "[]")
if len(clean) == 0 {
return nil, errors.New(MissingPermissionError)
}
items := strings.Split(clean, ",")
if items == nil || len(items) == 0 {
return nil, errors.New(MissingPermissionError)
}
return items, nil
}
func (rc *RolesChecker) containsRole(role string, groups []string) bool {
for _, group := range groups {
if role == group {
return true
}
}
return false
}
func (rc *RolesChecker) SetRequiredRoles(roles []RoleID) {
result := make([]string, len(roles))
for i, role := range roles {
result[i] = string(role)
}
rc.RequiredRoles = result
}
Reference in New Issue View Git Blame Copy Permalink