Valid will check all it's permissions and ensure they are all correct according to the policy. This verifies every action specified make sense for the given resource.
()
| 768 | // according to the policy. This verifies every action specified make sense |
| 769 | // for the given resource. |
| 770 | func (role Role) Valid() error { |
| 771 | var errs []error |
| 772 | for _, perm := range role.Site { |
| 773 | if err := perm.Valid(); err != nil { |
| 774 | errs = append(errs, xerrors.Errorf("site: %w", err)) |
| 775 | } |
| 776 | } |
| 777 | |
| 778 | for orgID, orgPermissions := range role.ByOrgID { |
| 779 | for _, perm := range orgPermissions.Org { |
| 780 | if err := perm.Valid(); err != nil { |
| 781 | errs = append(errs, xerrors.Errorf("org=%q: org %w", orgID, err)) |
| 782 | } |
| 783 | } |
| 784 | for _, perm := range orgPermissions.Member { |
| 785 | if err := perm.Valid(); err != nil { |
| 786 | errs = append(errs, xerrors.Errorf("org=%q: member: %w", orgID, err)) |
| 787 | } |
| 788 | } |
| 789 | } |
| 790 | |
| 791 | for _, perm := range role.User { |
| 792 | if err := perm.Valid(); err != nil { |
| 793 | errs = append(errs, xerrors.Errorf("user: %w", err)) |
| 794 | } |
| 795 | } |
| 796 | |
| 797 | return errors.Join(errs...) |
| 798 | } |
| 799 | |
| 800 | type Roles []Role |
| 801 |