denyContainingAuthorizer is a test-only authorizer that denies any Authorize call whose resources include a path containing the configured substring, and allows everything else. Used to model "user has UPDATE on source but not READ on target" without pulling in the full RBAC stack.
| 1127 | // and allows everything else. Used to model "user has UPDATE on source but |
| 1128 | // not READ on target" without pulling in the full RBAC stack. |
| 1129 | type denyContainingAuthorizer struct { |
| 1130 | deny string |
| 1131 | } |
| 1132 | |
| 1133 | func (a *denyContainingAuthorizer) Authorize(ctx context.Context, principal *models.Principal, verb string, resources ...string) error { |
| 1134 | for _, r := range resources { |
nothing calls this directly
no outgoing calls
no test coverage detected