func createApiUser(t auth.Token, user *auth.User) (*apiUser, error) {
permissions, err := user.Permissions()
if err != nil {
return nil, err
}
permData := make([]rolePermissionData, len(permissions))
for i, p := range permissions {
if !permission.Check(t, p.Scheme, p.Context) {
return nil, nil
}
permData[i] = rolePermissionData{
Name: p.Scheme.FullName(),
ContextType: string(p.Context.CtxType),
ContextValue: p.Context.Value,
}
}
roleData := make([]rolePermissionData, len(user.Roles))
for i, userRole := range user.Roles {
r, err := permission.FindRole(userRole.Name)
if err != nil {
return nil, err
}
roleData[i] = rolePermissionData{
Name: userRole.Name,
ContextType: string(r.ContextType),
ContextValue: userRole.ContextValue,
}
}
return &apiUser{
Email: user.Email,
Roles: roleData,
Permissions: permData,
}, nil
}
func deployableApps(u *auth.User) ([]string, error) {
perms, err := u.Permissions()
if err != nil {
return nil, err
}
contexts := permission.ContextsFromListForPermission(perms, permission.PermAppDeploy)
if len(contexts) == 0 {
return nil, nil
}
filter := appFilterByContext(contexts, nil)
apps, err := app.List(filter)
if err != nil {
return nil, err
}
appNames := make([]string, len(apps))
for i := range apps {
appNames[i] = apps[i].Name
}
return appNames, nil
}