(ctx context.Context, req connect.AnyRequest, perm permission.Permission)
| 802 | } |
| 803 | |
| 804 | func (s *SettingService) checkSettingPermission(ctx context.Context, req connect.AnyRequest, perm permission.Permission) error { |
| 805 | user, ok := GetUserFromContext(ctx) |
| 806 | if !ok { |
| 807 | return connect.NewError(connect.CodeInternal, errors.Errorf("user not found")) |
| 808 | } |
| 809 | |
| 810 | ok, err := s.iamManager.CheckPermission(ctx, perm, user, common.GetWorkspaceIDFromContext(ctx)) |
| 811 | if err != nil { |
| 812 | return connect.NewError(connect.CodeInternal, errors.Errorf("failed to check permission with error: %v", err.Error())) |
| 813 | } |
| 814 | if !ok { |
| 815 | err := connect.NewError(connect.CodePermissionDenied, errors.Errorf("user does not have permission %q", perm)) |
| 816 | if detail, detailErr := connect.NewErrorDetail(&v1pb.PermissionDeniedDetail{ |
| 817 | Method: req.Spec().Procedure, |
| 818 | RequiredPermissions: []string{string(perm)}, |
| 819 | }); detailErr == nil { |
| 820 | err.AddDetail(detail) |
| 821 | } |
| 822 | return err |
| 823 | } |
| 824 | return nil |
| 825 | } |
| 826 | |
| 827 | var domainRegexp = regexp.MustCompile(`^(?i:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,}$`) |
| 828 | var disallowedDomains = map[string]bool{ |
no test coverage detected