roleRank returns a numeric rank for role hierarchy (higher = more privileged).
(role string)
| 42 | |
| 43 | // roleRank returns a numeric rank for role hierarchy (higher = more privileged). |
| 44 | func roleRank(role string) int { |
| 45 | switch role { |
| 46 | case "superadmin": |
| 47 | return 100 |
| 48 | case "admin": |
| 49 | return 90 |
| 50 | case "host_manager": |
| 51 | return 50 |
| 52 | case "user": |
| 53 | return 20 |
| 54 | case "readonly": |
| 55 | return 10 |
| 56 | default: |
| 57 | return 30 // custom roles sit mid-tier |
| 58 | } |
| 59 | } |
| 60 | |
| 61 | // canAssignRole checks whether the calling user is allowed to assign the target role. |
| 62 | func (h *UsersHandler) canAssignRole(r *http.Request, callerRole, targetRole string) bool { |
no outgoing calls
no test coverage detected