// canService tests if a user or group has a specific permission on this service.
func (s *GroupService) canService(principal Principal, perm rbac.Permission) error {
if ok, err := s.Can(principal, perm, serviceResource{}); !ok {
return fmt.Errorf("%s has no permission to %s on service", principal.String(), perm.Perm())
} else {
return err
}
}
// canGroup tests if a user or group has a specific permission on a group.
func (s *GroupService) canGroup(principal Principal, perm rbac.Permission, groupId string) error {
if ok, err := s.Can(principal, perm, groupResource(groupId)); !ok {
return fmt.Errorf("%s has no permission to %s on group %s", principal.String(),
perm.Perm(), groupId)
} else {
return err
}
}
func (r *characterRole) Can(do rbac.Permission) bool {
_, has := r.capabilities[do.Perm()]
return has
}