APIKeyScopeSet merges expanded scopes with the API key's DB allow_list. If the DB allow_list is a wildcard or empty, the merged scope's allow list is unchanged. Otherwise, the DB allow_list overrides the merged AllowIDList to enforce the token's resource scoping consistently across all permissions.
| 334 | // unchanged. Otherwise, the DB allow_list overrides the merged AllowIDList to |
| 335 | // enforce the token's resource scoping consistently across all permissions. |
| 336 | type APIKeyScopeSet struct { |
| 337 | Scopes APIKeyScopes |
| 338 | AllowList AllowList |
| 339 | } |
| 340 | |
| 341 | var _ rbac.ExpandableScope = APIKeyScopeSet{} |
| 342 |
nothing calls this directly
no outgoing calls
no test coverage detected