| 343 | func (s APIKeyScopeSet) Name() rbac.RoleIdentifier { return s.Scopes.Name() } |
| 344 | |
| 345 | func (s APIKeyScopeSet) Expand() (rbac.Scope, error) { |
| 346 | merged, err := s.Scopes.expandRBACScope() |
| 347 | if err != nil { |
| 348 | return rbac.Scope{}, err |
| 349 | } |
| 350 | merged.AllowIDList = rbac.IntersectAllowLists(merged.AllowIDList, s.AllowList) |
| 351 | return merged, nil |
| 352 | } |
| 353 | |
| 354 | // ScopeSet returns the scopes combined with the database allow list. It is the |
| 355 | // canonical way to expose an API key's effective scope for authorization. |