Skip to content

Commit

Permalink
Add permission sanitization method.
Browse files Browse the repository at this point in the history 
Signed-off-by: Volkan Özçelik <me@volkan.io>
  • Loading branch information
@v0lkan
v0lkan committed Dec 24, 2024
1 parent 035c0dd commit aa0ec7f
Showing 1 changed file with 28 additions and 0 deletions.
28 changes: 28 additions & 0 deletions validation/validation.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package validation

import (
"github.com/google/uuid"
"github.com/spiffe/spike-sdk-go/api/entity/data"
"regexp"

"github.com/spiffe/spike-sdk-go/api/errors"
Expand Down Expand Up @@ -92,3 +93,30 @@ func ValidatePolicyId(policyId string) error {
}
return nil
}

// ValidatePermissions checks if all provided permissions are valid.
// Permissions are compared against a predefined list of allowed permissions.
// Returns ErrInvalidInput if any permission is invalid, nil otherwise.
func ValidatePermissions(permissions []data.PolicyPermission) error {
allowedPermissions := []data.PolicyPermission{
data.PermissionList,
data.PermissionRead,
data.PermissionWrite,
data.PermissionSuper,
}

for _, permission := range permissions {
isAllowed := false
for _, allowedPermission := range allowedPermissions {
if permission == allowedPermission {
isAllowed = true
break
}
}
if !isAllowed {
return errors.ErrInvalidInput
}
}

return nil
}

0 comments on commit aa0ec7f

Please sign in to comment.