veryroundbird.house
1package rbac
2
3import (
4 "fmt"
5 "slices"
6 "strings"
7)
8
9func (e *Enforcer) getDomainsForUser(did string, keepFunc func(string) bool, stripFunc func(string) string) ([]string, error) {
10 domains, err := e.E.GetDomainsForUser(did)
11 if err != nil {
12 return nil, err
13 }
14
15 n := 0
16 for _, x := range domains {
17 if keepFunc(x) {
18 domains[n] = stripFunc(x)
19 n++
20 }
21 }
22 domains = domains[:n]
23
24 return domains, nil
25}
26
27func (e *Enforcer) addOwner(domain, owner string) error {
28 _, err := e.E.AddGroupingPolicy(owner, "server:owner", domain)
29 return err
30}
31
32func (e *Enforcer) addMember(domain, member string) error {
33 _, err := e.E.AddGroupingPolicy(member, "server:member", domain)
34 return err
35}
36
37func (e *Enforcer) isRole(user, role, domain string) (bool, error) {
38 roles, err := e.E.GetImplicitRolesForUser(user, domain)
39 if err != nil {
40 return false, err
41 }
42 if slices.Contains(roles, role) {
43 return true, nil
44 }
45 return false, nil
46}
47
48func (e *Enforcer) isInviteAllowed(user, domain string) (bool, error) {
49 return e.E.Enforce(user, domain, domain, "server:invite")
50}
51
52func checkRepoFormat(repo string) error {
53 // sanity check, repo must be of the form ownerDid/repo
54 if parts := strings.SplitN(repo, "/", 2); !strings.HasPrefix(parts[0], "did:") {
55 return fmt.Errorf("invalid repo: %s", repo)
56 }
57
58 return nil
59}
60
61const spindlePrefix = "spindle:"
62
63func intoSpindle(domain string) string {
64 if !isSpindle(domain) {
65 return spindlePrefix + domain
66 }
67 return domain
68}
69
70func unSpindle(domain string) string {
71 if !isSpindle(domain) {
72 return domain
73 }
74 return strings.TrimPrefix(domain, spindlePrefix)
75}
76
77func isSpindle(domain string) bool {
78 return strings.HasPrefix(domain, spindlePrefix)
79}
80
81func isNotSpindle(domain string) bool {
82 return !isSpindle(domain)
83}