-
Notifications
You must be signed in to change notification settings - Fork 328
/
role-security.go
41 lines (34 loc) · 1.02 KB
/
role-security.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
package auth
import (
"sort"
"github.com/cortezaproject/corteza/server/pkg/slice"
)
// ApplyRoleSecurity takes role security params (set of permitted, prohibited and forced roles)
// and applies these rules to the set of given roles
//
// Filtered set of roles is returned
//
// String slices are used intentionally, because of the data source used
func ApplyRoleSecurity(permitted, prohibited, forced []uint64, rr ...uint64) (out []uint64) {
var (
mPermitted = slice.ToUint64BoolMap(permitted)
mProhibited = slice.ToUint64BoolMap(prohibited)
mForced = slice.ToUint64BoolMap(forced)
)
// iterate over user's roles and just append them (obeying allow&deny rules)
// to list of mForced roles
for _, r := range rr {
if (len(mPermitted) == 0 || mPermitted[r]) && !mProhibited[r] {
mForced[r] = true
}
}
out = make([]uint64, 0, len(mForced))
for forcedRoleID := range mForced {
out = append(out, forcedRoleID)
}
// for stable output
sort.Slice(out, func(i, j int) bool {
return out[i] < out[j]
})
return
}