apps/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-09-26 21:01:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Improve code comments in internal/auth/acl/scopes.go #98 #5230

Browse Source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
2025-09-26 05:53:28 +02:00
parent 07658dac69
commit bd66110c18
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/auth/acl/scopes.go
View File

@@ -42,7 +42,8 @@ var (
}
)
// ScopeAttr parses an authentication scope string and returns it as list.Attr.
// ScopeAttr parses an auth scope string and returns a normalized Attr
// with duplicate and invalid entries removed.
func ScopeAttr(s string) list.Attr {
if s == "" {
return list.Attr{}
@@ -51,7 +52,8 @@ func ScopeAttr(s string) list.Attr {
return list.ParseAttr(strings.ToLower(s))
}
// ScopePermits verifies if the authorized scope permits access to the specified resource.
// ScopePermits sanitizes the raw scope string and then calls ScopeAttrPermits for
// the actual authorization check.
func ScopePermits(scope string, resource Resource, perms Permissions) bool {
if scope == "" {
return false
@@ -61,7 +63,8 @@ func ScopePermits(scope string, resource Resource, perms Permissions) bool {
return ScopeAttrPermits(ScopeAttr(scope), resource, perms)
}
// ScopeAttrPermits verifies if the authorized scope permits access to the specified resource.
// ScopeAttrPermits evaluates an already-parsed scope attribute list against a
// resource and permission set, enforcing wildcard/read/write semantics.
func ScopeAttrPermits(attr list.Attr, resource Resource, perms Permissions) bool {
if len(attr) == 0 {
return false