// Get all the permissions of a given user to a given resource-
// return the user's list of permissions to the given resource
// The permissions may be listed as the user's permissions, permissions to groups
// in which the user is a member or permissions that are given to 'all'
func GetUserPermissions(el *en.EntityManager, userName string, resourceName string) (PermissionsMap, error) {
lock.Lock()
defer lock.Unlock()
if el == nil {
return nil, fmt.Errorf("Error: EntityManager is nil")
}
err := en.IsEntityNameValid(userName)
if err != nil {
return nil, err
}
err = en.IsEntityNameValid(resourceName)
if err != nil {
return nil, err
}
permissions := make(PermissionsMap)
data, err := el.GetPropertyAttachedToEntity(resourceName, stc.AclPropertyName)
if err != nil {
return nil, fmt.Errorf("Resource '%v' dose not have an ACL property", resourceName)
}
acl, ok := data.(*Acl)
if ok == false {
return nil, fmt.Errorf("Resource '%v' ACL property is in the wrong type", resourceName)
}
for name, p := range acl.Permissions {
if name == userName || name == stc.AclAllEntryName || el.IsUserPartOfAGroup(name, userName) {
for permission, _ := range p.Permissions {
permissions[permission] = ""
}
}
}
logger.Trace.Println("The permissions of:", userName, "are:", permissions)
return permissions, nil
}
