| 240 | } |
| 241 | |
| 242 | func ExpandScope(scope ScopeName) (Scope, error) { |
| 243 | if role, ok := builtinScopes[scope]; ok { |
| 244 | return role, nil |
| 245 | } |
| 246 | if site, ok := CompositeSitePermissions(scope); ok { |
| 247 | return Scope{ |
| 248 | Role: Role{ |
| 249 | Identifier: RoleIdentifier{Name: fmt.Sprintf("Scope_%s", scope)}, |
| 250 | DisplayName: string(scope), |
| 251 | Site: site, |
| 252 | User: []Permission{}, |
| 253 | ByOrgID: map[string]OrgPermissions{}, |
| 254 | }, |
| 255 | // Composites are site-level; allow-list empty by default |
| 256 | AllowIDList: []AllowListElement{{Type: policy.WildcardSymbol, ID: policy.WildcardSymbol}}, |
| 257 | }, nil |
| 258 | } |
| 259 | if res, act, ok := parseLowLevelScope(scope); ok { |
| 260 | return expandLowLevel(res, act), nil |
| 261 | } |
| 262 | return Scope{}, xerrors.Errorf("no scope named %q", scope) |
| 263 | } |
| 264 | |
| 265 | // ParseResourceAction parses a scope string formatted as "<resource>:<action>" |
| 266 | // and returns the resource and action components. This is the common parsing |