summaryrefslogtreecommitdiff
path: root/internal/authorization/access_control_resource.go
diff options
context:
space:
mode:
authorJames Elliott <james-d-elliott@users.noreply.github.com>2021-03-05 15:18:31 +1100
committerGitHub <noreply@github.com>2021-03-05 15:18:31 +1100
commit4dce8f94962d3bd0099bbb202f76696a551d099b (patch)
treefdc3bba51d8f23b6866ddbbbd9e9feb50e9fb293 /internal/authorization/access_control_resource.go
parent455b8590477f0ec7841e6766294937cecb94640f (diff)
perf(authorizer): preload access control lists (#1640)
* adjust session refresh to always occur (for disabled users) * feat: adds filtering option for Request Method in ACL's * simplify flow of internal/authorization/authorizer.go's methods * implement query string checking * utilize authorizer.Object fully * make matchers uniform * add tests * add missing request methods * add frontend enhancements to handle request method * add request method to 1FA Handler Suite * add internal ACL representations (preparsing) * expand on access_control next * add docs * remove unnecessary slice for network names and instead just use a plain string * add warning for ineffectual bypass policy (due to subjects) * add user/group wildcard support * fix(authorization): allow subject rules to match anonymous users * feat(api): add new params * docs(api): wording adjustments * test: add request method into testing and proxy docs * test: add several checks and refactor schema validation for ACL * test: add integration test for methods acl * refactor: apply suggestions from code review * docs(authorization): update description
Diffstat (limited to 'internal/authorization/access_control_resource.go')
-rw-r--r--internal/authorization/access_control_resource.go15
1 files changed, 15 insertions, 0 deletions
diff --git a/internal/authorization/access_control_resource.go b/internal/authorization/access_control_resource.go
new file mode 100644
index 000000000..3482b4130
--- /dev/null
+++ b/internal/authorization/access_control_resource.go
@@ -0,0 +1,15 @@
+package authorization
+
+import (
+ "regexp"
+)
+
+// AccessControlResource represents an ACL resource.
+type AccessControlResource struct {
+ Pattern *regexp.Regexp
+}
+
+// IsMatch returns true if the ACL resource match the object path.
+func (acr AccessControlResource) IsMatch(object Object) (match bool) {
+ return acr.Pattern.MatchString(object.Path)
+}