forked from mikespook/gorbac
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhelper.go
More file actions
68 lines (61 loc) · 1.45 KB
/
helper.go
File metadata and controls
68 lines (61 loc) · 1.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
package gorbac
import "fmt"
// InherCircle returns an error when detecting any circle inheritance.
func InherCircle(rbac *RBAC) error {
rbac.mutex.Lock()
defer rbac.mutex.Unlock()
skipped := make(map[string]struct{})
var stack []string
for id := range rbac.roles {
if err := dfs(rbac, id, skipped, stack); err != nil {
return err
}
}
return nil
}
func dfs(rbac *RBAC, id string, skipped map[string]struct{}, stack []string) error {
if _, ok := skipped[id]; ok {
return nil
}
for _, item := range stack {
if item == id {
return fmt.Errorf("Found circle: %s", stack)
}
}
if len(rbac.parents[id]) == 0 {
stack = make([]string, 0)
skipped[id] = empty
return nil
}
stack = append(stack, id)
for pid := range rbac.parents[id] {
if err := dfs(rbac, pid, skipped, stack); err != nil {
return err
}
}
return nil
}
// AnyGranted checks if any role has the permission.
func AnyGranted(rbac *RBAC, roles []string, permission Permission,
assert AssertionFunc) bool {
rbac.mutex.Lock()
defer rbac.mutex.Unlock()
for _, role := range roles {
if rbac.isGranted(role, permission, assert) {
return true
}
}
return false
}
// AllGranted checks if all roles have the permission.
func AllGranted(rbac *RBAC, roles []string, permission Permission,
assert AssertionFunc) bool {
rbac.mutex.Lock()
defer rbac.mutex.Unlock()
for _, role := range roles {
if !rbac.isGranted(role, permission, assert) {
return false
}
}
return true
}