fix(api): introduce priority based logic for RBAC roles (#3374)

* fix(api): introduce priority based logic for RBAC roles * refactor(api): rename method
2025-07-22 23:09:41 +02:00 · 2019-11-18 21:22:47 +13:00 · 2019-11-18 21:22:47 +13:00 · 81c0bf0632
commit 81c0bf0632
parent 9decbce511
4 changed files with 19 additions and 22 deletions
--- a/api/authorizations.go
+++ b/api/authorizations.go
@ -771,37 +771,25 @@ func getAuthorizationsFromTeamEndpointGroupPolicies(memberships []TeamMembership
 }

 func getAuthorizationsFromRoles(roleIdentifiers []RoleID, roles []Role) Authorizations {
-	var roleAuthorizations []Authorizations
+	var associatedRoles []Role
+
 	for _, id := range roleIdentifiers {
 		for _, role := range roles {
 			if role.ID == id {
-				roleAuthorizations = append(roleAuthorizations, role.Authorizations)
+				associatedRoles = append(associatedRoles, role)
 				break
 			}
 		}
 	}

-	processedAuthorizations := make(Authorizations)
-	if len(roleAuthorizations) > 0 {
-		processedAuthorizations = roleAuthorizations[0]
-		for idx, authorizations := range roleAuthorizations {
-			if idx == 0 {
-				continue
-			}
-			processedAuthorizations = mergeAuthorizations(processedAuthorizations, authorizations)
+	var authorizations Authorizations
+	highestPriority := 0
+	for _, role := range associatedRoles {
+		if role.Priority > highestPriority {
+			highestPriority = role.Priority
+			authorizations = role.Authorizations
 		}
 	}

-	return processedAuthorizations
-}
-
-func mergeAuthorizations(a, b Authorizations) Authorizations {
-	c := make(map[Authorization]bool)
-
-	for k := range b {
-		if _, ok := a[k]; ok {
-			c[k] = true
-		}
-	}
-	return c
+	return authorizations
 }