From aac67dd2775ff52c5acae669e1009134fe1b9651 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emmanuel=20Beno=C3=AEt?= Date: Sat, 13 Feb 2021 23:18:05 +0100 Subject: [PATCH] Refactoring - Split computePrivileges into two functions --- graylog.go | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/graylog.go b/graylog.go index 4d52328..d0fef39 100644 --- a/graylog.go +++ b/graylog.go @@ -25,6 +25,12 @@ type ( External bool } } + + // Privilege information + privInfo struct { + otp, oid string // Type and identifier of object + priv int // Privilege level + } ) var ( @@ -140,12 +146,8 @@ func computeRoles(mapping groupMapping, membership []string) (roles []string) { return } -// Compute privileges on Graylog objects that should be granted to an user -func computePrivileges(mapping groupMapping, membership []string) (privileges []string) { - type privInfo struct { - otp, oid string - priv int - } +// Compute privilege levels for each Graylog object based on the user's group membership +func getObjectPrivileges(mapping groupMapping, membership []string) map[string]privInfo { rset := make(map[string]privInfo) for _, group := range membership { for _, priv := range mapping[group].Privileges { @@ -163,16 +165,20 @@ func computePrivileges(mapping groupMapping, membership []string) (privileges [] rset[key] = record } } + return rset +} - privileges = make([]string, 0) - for _, record := range rset { +// Compute privileges on Graylog objects that should be granted to an user +func computePrivileges(mapping groupMapping, membership []string) []string { + privileges := make([]string, 0) + for _, record := range getObjectPrivileges(mapping, membership) { key := fmt.Sprintf("%s:%s", record.otp, privStr[record.priv]) for _, p := range graylogPriv[key] { pval := fmt.Sprintf(p, record.oid) privileges = append(privileges, pval) } } - return + return privileges } // Delete a Graylog user account