2021-01-08 10:33:45 +00:00
|
|
|
package domain
|
|
|
|
|
2021-03-01 07:48:50 +00:00
|
|
|
import (
|
|
|
|
"github.com/caos/zitadel/internal/api/authz"
|
|
|
|
"strings"
|
|
|
|
)
|
|
|
|
|
2021-01-08 10:33:45 +00:00
|
|
|
const (
|
2021-03-01 07:48:50 +00:00
|
|
|
IAMRolePrefix = "IAM"
|
|
|
|
OrgRolePrefix = "ORG"
|
|
|
|
ProjectRolePrefix = "PROJECT"
|
|
|
|
ProjectGrantRolePrefix = "PROJECT_GRANT"
|
2021-01-12 11:59:51 +00:00
|
|
|
RoleOrgOwner = "ORG_OWNER"
|
2021-02-08 10:30:30 +00:00
|
|
|
RoleOrgProjectCreator = "ORG_PROJECT_CREATOR"
|
2021-01-12 11:59:51 +00:00
|
|
|
RoleIAMOwner = "IAM_OWNER"
|
|
|
|
RoleProjectOwner = "PROJECT_OWNER"
|
|
|
|
RoleProjectOwnerGlobal = "PROJECT_OWNER_GLOBAL"
|
2021-01-08 10:33:45 +00:00
|
|
|
)
|
2021-03-01 07:48:50 +00:00
|
|
|
|
|
|
|
func CheckForInvalidRoles(roles []string, rolePrefix string, validRoles []authz.RoleMapping) []string {
|
|
|
|
invalidRoles := make([]string, 0)
|
|
|
|
for _, role := range roles {
|
|
|
|
if !containsRole(role, rolePrefix, validRoles) {
|
|
|
|
invalidRoles = append(invalidRoles, role)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return invalidRoles
|
|
|
|
}
|
|
|
|
|
|
|
|
func containsRole(role, rolePrefix string, validRoles []authz.RoleMapping) bool {
|
|
|
|
for _, validRole := range validRoles {
|
|
|
|
if role == validRole.Role && strings.HasPrefix(role, rolePrefix) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|