From 1a370ee039d79b80f33f0536eb51a9d31f90d908 Mon Sep 17 00:00:00 2001
From: Ishan Arya <ishanarya0@gmail.com>
Date: Wed, 10 Jul 2024 12:22:20 +0530
Subject: [PATCH] refactor: wildcard role check

---
 internal/adapter/relation.go | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/internal/adapter/relation.go b/internal/adapter/relation.go
index 8abfcbfd2..db3dd430c 100644
--- a/internal/adapter/relation.go
+++ b/internal/adapter/relation.go
@@ -44,13 +44,9 @@ func (a Relation) TransformRelation(ctx context.Context, rlt relation.RelationV2
 		userID := rel.Subject.ID
 
 		if userID == WILDCARD {
-			roleID := rel.Object.NamespaceID + ":" + rel.Subject.RoleID
-			role, err := a.roleService.Get(ctx, roleID)
+			err := a.isWildCardAllowed(ctx, rel)
 			if err != nil {
-				return relation.RelationV2{}, fmt.Errorf("error fetching role: %s", err.Error())
-			}
-			if !slices.Contains(role.Types, schema.UserPrincipalWildcard) {
-				return relation.RelationV2{}, fmt.Errorf("%s does not allow wildcard for subject %s", rlt.Object.NamespaceID, rlt.Subject.Namespace)
+				return relation.RelationV2{}, err
 			}
 		} else if !uuid.IsValid(userID) {
 			fetchedUser, err := a.userService.GetByEmail(ctx, rel.Subject.ID)
@@ -95,3 +91,16 @@ func (a Relation) TransformRelation(ctx context.Context, rlt relation.RelationV2
 
 	return rel, nil
 }
+
+func (a Relation) isWildCardAllowed(ctx context.Context, rlt relation.RelationV2) error {
+	roleID := rlt.Object.NamespaceID + ":" + rlt.Subject.RoleID
+	role, err := a.roleService.Get(ctx, roleID)
+	if err != nil {
+		return fmt.Errorf("error fetching role: %s", err.Error())
+	}
+	if !slices.Contains(role.Types, schema.UserPrincipalWildcard) {
+		return fmt.Errorf("%s does not allow wildcard for subject %s", rlt.Object.NamespaceID, rlt.Subject.Namespace)
+	}
+
+	return nil
+}