(condRM rbac.ConditionalRoleManager, op PolicyOp, rules [][]string)
| 90 | } |
| 91 | |
| 92 | func (ast *Assertion) buildIncrementalConditionalRoleLinks(condRM rbac.ConditionalRoleManager, op PolicyOp, rules [][]string) error { |
| 93 | ast.CondRM = condRM |
| 94 | count := strings.Count(ast.Value, "_") |
| 95 | if count < 2 { |
| 96 | return errors.New("the number of \"_\" in role definition should be at least 2") |
| 97 | } |
| 98 | |
| 99 | for _, rule := range rules { |
| 100 | if len(rule) < count { |
| 101 | return errors.New("grouping policy elements do not meet role definition") |
| 102 | } |
| 103 | if len(rule) > count { |
| 104 | rule = rule[:count] |
| 105 | } |
| 106 | |
| 107 | var err error |
| 108 | domainRule := rule[2:len(ast.Tokens)] |
| 109 | |
| 110 | switch op { |
| 111 | case PolicyAdd: |
| 112 | err = ast.addConditionalRoleLink(rule, domainRule) |
| 113 | case PolicyRemove: |
| 114 | err = ast.CondRM.DeleteLink(rule[0], rule[1], rule[2:]...) |
| 115 | } |
| 116 | if err != nil { |
| 117 | return err |
| 118 | } |
| 119 | } |
| 120 | |
| 121 | return nil |
| 122 | } |
| 123 | |
| 124 | func (ast *Assertion) buildConditionalRoleLinks(condRM rbac.ConditionalRoleManager) error { |
| 125 | ast.CondRM = condRM |
no test coverage detected