validateSODMax validates a maximum role count constraint for a role set.
(constraint *Constraint, groupingPolicy [][]string)
| 220 | |
| 221 | // validateSODMax validates a maximum role count constraint for a role set. |
| 222 | func (model Model) validateSODMax(constraint *Constraint, groupingPolicy [][]string) error { |
| 223 | userRoles := buildUserRoleMap(groupingPolicy) |
| 224 | |
| 225 | // Check if any user has more than maxCount roles from the role set |
| 226 | for user, roles := range userRoles { |
| 227 | count := 0 |
| 228 | for _, role := range constraint.Roles { |
| 229 | if roles[role] { |
| 230 | count++ |
| 231 | } |
| 232 | } |
| 233 | if count > constraint.MaxCount { |
| 234 | return errors.NewConstraintViolationError(constraint.Key, |
| 235 | fmt.Sprintf("user '%s' has %d roles from %v, exceeds maximum of %d", |
| 236 | user, count, constraint.Roles, constraint.MaxCount)) |
| 237 | } |
| 238 | } |
| 239 | |
| 240 | return nil |
| 241 | } |
| 242 | |
| 243 | // validateRoleMax validates a role cardinality constraint. |
| 244 | func (model Model) validateRoleMax(constraint *Constraint, groupingPolicy [][]string) error { |
no test coverage detected