| 204 | } |
| 205 | |
| 206 | func allPermsExcept(excepts ...Objecter) []Permission { |
| 207 | resources := AllResources() |
| 208 | var perms []Permission |
| 209 | skip := make(map[string]bool) |
| 210 | for _, e := range excepts { |
| 211 | skip[e.RBACObject().Type] = true |
| 212 | } |
| 213 | |
| 214 | for _, r := range resources { |
| 215 | // Exceptions |
| 216 | if skip[r.RBACObject().Type] { |
| 217 | continue |
| 218 | } |
| 219 | // This should always be skipped. |
| 220 | if r.RBACObject().Type == ResourceWildcard.Type { |
| 221 | continue |
| 222 | } |
| 223 | // Owners can do everything else |
| 224 | perms = append(perms, Permission{ |
| 225 | Negate: false, |
| 226 | ResourceType: r.RBACObject().Type, |
| 227 | Action: policy.WildcardSymbol, |
| 228 | }) |
| 229 | } |
| 230 | return perms |
| 231 | } |
| 232 | |
| 233 | // builtInRoles are just a hard coded set for now. Ideally we store these in |
| 234 | // the database. Right now they are functions because the org id should scope |