func (c *ClientAuthorizationGrantChecker) HasAuthorizedClient(user user.Info, grant *api.Grant) (approved bool, err error) {
id := c.registry.ClientAuthorizationName(user.GetName(), grant.Client.GetId())
authorization, err := c.registry.GetClientAuthorization(kapi.NewContext(), id)
if errors.IsNotFound(err) {
return false, nil
}
if err != nil {
return false, err
}
if len(authorization.UserUID) != 0 && authorization.UserUID != user.GetUID() {
return false, fmt.Errorf("user %s UID %s does not match stored client authorization value for UID %s", user.GetName(), user.GetUID(), authorization.UserUID)
}
// TODO: improve this to allow the scope implementation to determine overlap
if !scope.Covers(authorization.Scopes, scope.Split(grant.Scope)) {
return false, nil
}
return true, nil
}
func getScopeData(scopeName string, grantedScopeNames []string) Scope {
scopeData := Scope{
Name: scopeName,
Error: fmt.Sprintf("Unknown scope"),
Granted: scope.Covers(grantedScopeNames, []string{scopeName}),
}
for _, evaluator := range scopeauthorizer.ScopeEvaluators {
if !evaluator.Handles(scopeName) {
continue
}
description, warning, err := evaluator.Describe(scopeName)
scopeData.Description = description
scopeData.Warning = warning
if err == nil {
scopeData.Error = ""
} else {
scopeData.Error = err.Error()
}
break
}
return scopeData
}