Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Commit

Permalink
add implied permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikehelmick
mikehelmick committed Dec 17, 2020
1 parent b2ea015 commit 1ef33f0
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions pkg/rbac/rbac.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,14 @@ func CompileAndAuthorize(actorPermission Permission, toUpdate []Permission) (Per
}
permission = permission | update
}
// Ensure impled permissions. The actor must also have the impled permissions by definition.
for has, needs := range requiredPermission {
if Can(permission, has) {
for _, required := range needs {
permission = permission | required
}
}
}
return permission, nil
}

Expand Down Expand Up @@ -145,6 +153,21 @@ const (
UserWrite = 1 << iota
)

// --
// Required / Implied permissions.
// Write permissions require subordinate read.
// --

var (
// requiredPermissions is not exported since maps cannot be constant.
requiredPermission = map[Permission][]Permission{
APIKeyWrite: {APIKeyRead},
SettingsWrite: {SettingsRead},
MobileAppWrite: {MobileAppRead},
UserWrite: {UserRead},
}
)

// --
// Legacy permissions
// --
Expand Down

0 comments on commit 1ef33f0

Please sign in to comment.