MCPcopy Index your code
hub / github.com/coder/coder / UnionAllowLists

Function UnionAllowLists

coderd/rbac/allowlist.go:131–150  ·  view source on GitHub ↗

UnionAllowLists merges multiple allow lists, returning the set of resources permitted by any input. A global wildcard short-circuits the merge. When no entries are present across all inputs, the result is an empty allow list.

(lists ...[]AllowListElement)

Source from the content-addressed store, hash-verified

129// permitted by any input. A global wildcard short-circuits the merge. When no
130// entries are present across all inputs, the result is an empty allow list.
131func UnionAllowLists(lists ...[]AllowListElement) ([]AllowListElement, error) {
132 union := make([]AllowListElement, 0)
133 seen := make(map[string]struct{})
134
135 for _, list := range lists {
136 for _, elem := range list {
137 if elem.Type == policy.WildcardSymbol && elem.ID == policy.WildcardSymbol {
138 return []AllowListElement{AllowListAll()}, nil
139 }
140 key := elem.String()
141 if _, ok := seen[key]; ok {
142 continue
143 }
144 seen[key] = struct{}{}
145 union = append(union, elem)
146 }
147 }
148
149 return NormalizeAllowList(union)
150}
151
152// IntersectAllowLists combines the allow list produced by RBAC expansion with the
153// API key's stored allow list. The result enforces both constraints: any

Callers 2

TestUnionAllowListsFunction · 0.92
expandRBACScopeMethod · 0.92

Calls 3

AllowListAllFunction · 0.85
NormalizeAllowListFunction · 0.85
StringMethod · 0.45

Tested by 1

TestUnionAllowListsFunction · 0.74