Beispiel #1
0
// canService tests if a user or group has a specific permission on this service.
func (s *GroupService) canService(principal Principal, perm rbac.Permission) error {
	if ok, err := s.Can(principal, perm, serviceResource{}); !ok {
		return fmt.Errorf("%s has no permission to %s on service", principal.String(), perm.Perm())
	} else {
		return err
	}
}
Beispiel #2
0
// canGroup tests if a user or group has a specific permission on a group.
func (s *GroupService) canGroup(principal Principal, perm rbac.Permission, groupId string) error {
	if ok, err := s.Can(principal, perm, groupResource(groupId)); !ok {
		return fmt.Errorf("%s has no permission to %s on group %s", principal.String(),
			perm.Perm(), groupId)
	} else {
		return err
	}
}
Beispiel #3
0
func (r *characterRole) Can(do rbac.Permission) bool {
	_, has := r.capabilities[do.Perm()]
	return has
}