validateRolePre validates a prerequisite role constraint.
(constraint *Constraint, groupingPolicy [][]string)
| 267 | |
| 268 | // validateRolePre validates a prerequisite role constraint. |
| 269 | func (model Model) validateRolePre(constraint *Constraint, groupingPolicy [][]string) error { |
| 270 | userRoles := buildUserRoleMap(groupingPolicy) |
| 271 | |
| 272 | // Check if any user has the main role without the prerequisite role |
| 273 | for user, roles := range userRoles { |
| 274 | if roles[constraint.Role] && !roles[constraint.PreReqRole] { |
| 275 | return errors.NewConstraintViolationError(constraint.Key, |
| 276 | fmt.Sprintf("user '%s' has role '%s' but lacks prerequisite role '%s'", |
| 277 | user, constraint.Role, constraint.PreReqRole)) |
| 278 | } |
| 279 | } |
| 280 | |
| 281 | return nil |
| 282 | } |
no test coverage detected