validateRoleMax validates a role cardinality constraint.
(constraint *Constraint, groupingPolicy [][]string)
| 242 | |
| 243 | // validateRoleMax validates a role cardinality constraint. |
| 244 | func (model Model) validateRoleMax(constraint *Constraint, groupingPolicy [][]string) error { |
| 245 | roleCount := 0 |
| 246 | |
| 247 | // Count how many users have this role |
| 248 | for _, rule := range groupingPolicy { |
| 249 | if len(rule) < 2 { |
| 250 | continue |
| 251 | } |
| 252 | role := rule[1] |
| 253 | |
| 254 | if role == constraint.Role { |
| 255 | roleCount++ |
| 256 | } |
| 257 | } |
| 258 | |
| 259 | if roleCount > constraint.MaxCount { |
| 260 | return errors.NewConstraintViolationError(constraint.Key, |
| 261 | fmt.Sprintf("role '%s' assigned to %d users, exceeds maximum of %d", |
| 262 | constraint.Role, roleCount, constraint.MaxCount)) |
| 263 | } |
| 264 | |
| 265 | return nil |
| 266 | } |
| 267 | |
| 268 | // validateRolePre validates a prerequisite role constraint. |
| 269 | func (model Model) validateRolePre(constraint *Constraint, groupingPolicy [][]string) error { |
no test coverage detected