replace hardcoded admin checks with builtInRoles map lookup

JeffMboya · JeffMboya · commit ba03dd725686 · 2025-05-27T19:49:03.000+03:00
Signed-off-by: JeffMboya &lt;jangina.mboya@gmail.com&gt;
diff --git a/pkg/roles/provisionmanage.go b/pkg/roles/provisionmanage.go
@@ -559,13 +559,13 @@ func (r ProvisionManageService) RoleRemoveMembers(ctx context.Context, session a
 		return errors.Wrap(svcerr.ErrRemoveEntity, err)
 	}
 
-	if ro.Name == "admin" {
+	if _, ok := r.builtInRoles[BuiltInRoleName(ro.Name)]; ok {
 		page, err := r.repo.RoleListMembers(ctx, ro.ID, 0, 0)
 		if err != nil {
 			return errors.Wrap(svcerr.ErrViewEntity, err)
 		}
 		if page.Total <= uint64(len(members)) {
-			return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("admin role must retain at least one member"))
+			return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("built-in role '%s' must retain at least one member", ro.Name))
 		}
 	}
 
@@ -602,8 +602,8 @@ func (r ProvisionManageService) RoleRemoveAllMembers(ctx context.Context, sessio
 		return errors.Wrap(svcerr.ErrRemoveEntity, err)
 	}
 
-	if ro.Name == "admin" {
-		return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("removing all members from the built-in admin role is not permitted"))
+	if _, ok := r.builtInRoles[BuiltInRoleName(ro.Name)]; ok {
+		return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("removing all members from built-in role '%s' is not permitted", ro.Name))
 	}
 
 	prs := policies.Policy{

Original file line number	Diff line number	Diff line change
`@@ -559,13 +559,13 @@ func (r ProvisionManageService) RoleRemoveMembers(ctx context.Context, session a`
`559`	`559`	`return errors.Wrap(svcerr.ErrRemoveEntity, err)`
`560`	`560`	`}`
`561`	`561`
`562`		`- if ro.Name == "admin" {`
	`562`	`+ if _, ok := r.builtInRoles[BuiltInRoleName(ro.Name)]; ok {`
`563`	`563`	`page, err := r.repo.RoleListMembers(ctx, ro.ID, 0, 0)`
`564`	`564`	`if err != nil {`
`565`	`565`	`return errors.Wrap(svcerr.ErrViewEntity, err)`
`566`	`566`	`}`
`567`	`567`	`if page.Total <= uint64(len(members)) {`
`568`		`- return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("admin role must retain at least one member"))`
	`568`	`+ return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("built-in role '%s' must retain at least one member", ro.Name))`
`569`	`569`	`}`
`570`	`570`	`}`
`571`	`571`
`@@ -602,8 +602,8 @@ func (r ProvisionManageService) RoleRemoveAllMembers(ctx context.Context, sessio`
`602`	`602`	`return errors.Wrap(svcerr.ErrRemoveEntity, err)`
`603`	`603`	`}`
`604`	`604`
`605`		`- if ro.Name == "admin" {`
`606`		`- return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("removing all members from the built-in admin role is not permitted"))`
	`605`	`+ if _, ok := r.builtInRoles[BuiltInRoleName(ro.Name)]; ok {`
	`606`	`+ return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("removing all members from built-in role '%s' is not permitted", ro.Name))`
`607`	`607`	`}`
`608`	`608`
`609`	`609`	`prs := policies.Policy{`