MCPcopy
hub / github.com/apache/casbin / validateSODMax

Method validateSODMax

model/constraint.go:222–241  ·  view source on GitHub ↗

validateSODMax validates a maximum role count constraint for a role set.

(constraint *Constraint, groupingPolicy [][]string)

Source from the content-addressed store, hash-verified

220
221// validateSODMax validates a maximum role count constraint for a role set.
222func (model Model) validateSODMax(constraint *Constraint, groupingPolicy [][]string) error {
223 userRoles := buildUserRoleMap(groupingPolicy)
224
225 // Check if any user has more than maxCount roles from the role set
226 for user, roles := range userRoles {
227 count := 0
228 for _, role := range constraint.Roles {
229 if roles[role] {
230 count++
231 }
232 }
233 if count > constraint.MaxCount {
234 return errors.NewConstraintViolationError(constraint.Key,
235 fmt.Sprintf("user '%s' has %d roles from %v, exceeds maximum of %d",
236 user, count, constraint.Roles, constraint.MaxCount))
237 }
238 }
239
240 return nil
241}
242
243// validateRoleMax validates a role cardinality constraint.
244func (model Model) validateRoleMax(constraint *Constraint, groupingPolicy [][]string) error {

Callers 1

validateConstraintMethod · 0.95

Calls 2

buildUserRoleMapFunction · 0.85

Tested by

no test coverage detected