mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-18 05:47:32 +00:00
a4763b1e4c
* features * features * features * fix json tags * add features handler to auth * mocks for tests * add setup step * fixes * add featurelist to auth api * grandfather state and typos * typo * merge new-eventstore * fix login policy tests * label policy in features * audit log retention
39 lines
979 B
Go
39 lines
979 B
Go
package domain
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/caos/zitadel/internal/api/authz"
|
|
)
|
|
|
|
const (
|
|
IAMRolePrefix = "IAM"
|
|
OrgRolePrefix = "ORG"
|
|
ProjectRolePrefix = "PROJECT"
|
|
ProjectGrantRolePrefix = "PROJECT_GRANT"
|
|
RoleOrgOwner = "ORG_OWNER"
|
|
RoleOrgProjectCreator = "ORG_PROJECT_CREATOR"
|
|
RoleIAMOwner = "IAM_OWNER"
|
|
RoleProjectOwner = "PROJECT_OWNER"
|
|
RoleProjectOwnerGlobal = "PROJECT_OWNER_GLOBAL"
|
|
)
|
|
|
|
func CheckForInvalidRoles(roles []string, rolePrefix string, validRoles []authz.RoleMapping) []string {
|
|
invalidRoles := make([]string, 0)
|
|
for _, role := range roles {
|
|
if !containsRole(role, rolePrefix, validRoles) {
|
|
invalidRoles = append(invalidRoles, role)
|
|
}
|
|
}
|
|
return invalidRoles
|
|
}
|
|
|
|
func containsRole(role, rolePrefix string, validRoles []authz.RoleMapping) bool {
|
|
for _, validRole := range validRoles {
|
|
if role == validRole.Role && strings.HasPrefix(role, rolePrefix) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|