2021-01-08 11:33:45 +01:00
|
|
|
package domain
|
|
|
|
|
2021-03-01 08:48:50 +01:00
|
|
|
import (
|
|
|
|
"strings"
|
2021-03-25 17:26:21 +01:00
|
|
|
|
2022-04-27 01:01:45 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
2021-03-01 08:48:50 +01:00
|
|
|
)
|
|
|
|
|
2021-01-08 11:33:45 +01:00
|
|
|
const (
|
2021-12-09 09:41:21 +01:00
|
|
|
IAMRolePrefix = "IAM"
|
|
|
|
OrgRolePrefix = "ORG"
|
|
|
|
ProjectRolePrefix = "PROJECT"
|
|
|
|
ProjectGrantRolePrefix = "PROJECT_GRANT"
|
|
|
|
RoleOrgOwner = "ORG_OWNER"
|
|
|
|
RoleOrgProjectCreator = "ORG_PROJECT_CREATOR"
|
|
|
|
RoleIAMOwner = "IAM_OWNER"
|
|
|
|
RoleProjectOwner = "PROJECT_OWNER"
|
|
|
|
RoleProjectOwnerGlobal = "PROJECT_OWNER_GLOBAL"
|
|
|
|
RoleSelfManagementGlobal = "SELF_MANAGEMENT_GLOBAL"
|
2021-01-08 11:33:45 +01:00
|
|
|
)
|
2021-03-01 08:48:50 +01:00
|
|
|
|
|
|
|
func CheckForInvalidRoles(roles []string, rolePrefix string, validRoles []authz.RoleMapping) []string {
|
|
|
|
invalidRoles := make([]string, 0)
|
|
|
|
for _, role := range roles {
|
|
|
|
if !containsRole(role, rolePrefix, validRoles) {
|
|
|
|
invalidRoles = append(invalidRoles, role)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return invalidRoles
|
|
|
|
}
|
|
|
|
|
|
|
|
func containsRole(role, rolePrefix string, validRoles []authz.RoleMapping) bool {
|
|
|
|
for _, validRole := range validRoles {
|
|
|
|
if role == validRole.Role && strings.HasPrefix(role, rolePrefix) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|