// canService tests if a user or group has a specific permission on this service. func (s *GroupService) canService(principal Principal, perm rbac.Permission) error { if ok, err := s.Can(principal, perm, serviceResource{}); !ok { return fmt.Errorf("%s has no permission to %s on service", principal.String(), perm.Perm()) } else { return err } }
// canGroup tests if a user or group has a specific permission on a group. func (s *GroupService) canGroup(principal Principal, perm rbac.Permission, groupId string) error { if ok, err := s.Can(principal, perm, groupResource(groupId)); !ok { return fmt.Errorf("%s has no permission to %s on group %s", principal.String(), perm.Perm(), groupId) } else { return err } }
func (r *characterRole) Can(do rbac.Permission) bool { _, has := r.capabilities[do.Perm()] return has }