mirror/phylum
1
0
Fork 0
mirror of https://codeberg.org/shroff/phylum.git synced 2026-01-04 18:50:42 -06:00
Code Issues Packages Projects Releases Wiki Activity

[server][auth] Fix scope check

Browse Source
This commit is contained in:
Abhishek Shroff
2025-07-20 18:35:26 +05:30
parent f120f7ecbd
commit fe00f0d314
1 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
server/internal/auth/authorization.go
View File

@@ -59,11 +59,27 @@ func (a *Auth) UserPermissions() core.UserPermissions {
return a.userPermissions
}
// HasScope checks whether or not this authorization includes the given scope,
// given the following rules:
// - Scopes are nested using ":"
// - All nested scopes are included for a given scope none are specified
// - "*" matches all scopes at that level of nesting (above point applies)
//
// Examples:
// - "user:profile" is included in "user", which is included in "*"
// - "fs:id:read" is included in "fs:id", as well as "fs:*:read"
// which are both included in "fs", which itself is included in "*"
func (a *Auth) HasScope(scope string) bool {
parts := strings.Split(scope, ":")
outer:
for _, s := range a.scopes {
if s == "*" {
return true
for i, p := range strings.Split(s, ":") {
if p != "*" && (i >= len(parts) || p != parts[i]) {
continue outer
}
}
return true
}
return false
}