parseLowLevelScope parses a low-level scope name formatted as " : " and validates it against RBACPermissions. Returns the resource and action if valid.
(name ScopeName)
| 277 | // "<resource>:<action>" and validates it against RBACPermissions. |
| 278 | // Returns the resource and action if valid. |
| 279 | func parseLowLevelScope(name ScopeName) (resource string, action policy.Action, ok bool) { |
| 280 | res, act, ok := ParseResourceAction(string(name)) |
| 281 | if !ok { |
| 282 | return "", "", false |
| 283 | } |
| 284 | |
| 285 | def, exists := policy.RBACPermissions[res] |
| 286 | if !exists { |
| 287 | return "", "", false |
| 288 | } |
| 289 | |
| 290 | if act == policy.WildcardSymbol { |
| 291 | return res, policy.WildcardSymbol, true |
| 292 | } |
| 293 | |
| 294 | if _, exists := def.Actions[policy.Action(act)]; !exists { |
| 295 | return "", "", false |
| 296 | } |
| 297 | return res, policy.Action(act), true |
| 298 | } |
| 299 | |
| 300 | // expandLowLevel constructs a site-only Scope with a single permission for the |
| 301 | // given resource and action. This mirrors how builtin scopes are represented |