(condRM rbac.ConditionalRoleManager)
| 122 | } |
| 123 | |
| 124 | func (ast *Assertion) buildConditionalRoleLinks(condRM rbac.ConditionalRoleManager) error { |
| 125 | ast.CondRM = condRM |
| 126 | count := strings.Count(ast.Value, "_") |
| 127 | if count < 2 { |
| 128 | return errors.New("the number of \"_\" in role definition should be at least 2") |
| 129 | } |
| 130 | for _, rule := range ast.Policy { |
| 131 | if len(rule) < count { |
| 132 | return errors.New("grouping policy elements do not meet role definition") |
| 133 | } |
| 134 | if len(rule) > count { |
| 135 | rule = rule[:count] |
| 136 | } |
| 137 | |
| 138 | domainRule := rule[2:len(ast.Tokens)] |
| 139 | |
| 140 | err := ast.addConditionalRoleLink(rule, domainRule) |
| 141 | if err != nil { |
| 142 | return err |
| 143 | } |
| 144 | } |
| 145 | |
| 146 | return nil |
| 147 | } |
| 148 | |
| 149 | // addConditionalRoleLink adds Link to rbac.ConditionalRoleManager and sets the parameters for LinkConditionFunc. |
| 150 | func (ast *Assertion) addConditionalRoleLink(rule []string, domainRule []string) error { |
no test coverage detected