summaryrefslogtreecommitdiff
path: root/internal/authorization/access_control_resource.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/authorization/access_control_resource.go')
-rw-r--r--internal/authorization/access_control_resource.go28
1 files changed, 24 insertions, 4 deletions
diff --git a/internal/authorization/access_control_resource.go b/internal/authorization/access_control_resource.go
index 9bfca6d20..c9141f863 100644
--- a/internal/authorization/access_control_resource.go
+++ b/internal/authorization/access_control_resource.go
@@ -4,12 +4,32 @@ import (
"regexp"
)
-// AccessControlResource represents an ACL resource.
+// NewAccessControlResource creates a AccessControlResource or AccessControlResourceGroup.
+func NewAccessControlResource(pattern regexp.Regexp) AccessControlResource {
+ var iuser, igroup = -1, -1
+
+ for i, group := range pattern.SubexpNames() {
+ switch group {
+ case subexpNameUser:
+ iuser = i
+ case subexpNameGroup:
+ igroup = i
+ }
+ }
+
+ if iuser != -1 || igroup != -1 {
+ return AccessControlResource{RegexpGroupStringSubjectMatcher{pattern, iuser, igroup}}
+ }
+
+ return AccessControlResource{RegexpStringSubjectMatcher{pattern}}
+}
+
+// AccessControlResource represents an ACL resource that matches without named groups.
type AccessControlResource struct {
- Pattern regexp.Regexp
+ Matcher StringSubjectMatcher
}
// IsMatch returns true if the ACL resource match the object path.
-func (acr AccessControlResource) IsMatch(object Object) (match bool) {
- return acr.Pattern.MatchString(object.Path)
+func (acl AccessControlResource) IsMatch(subject Subject, object Object) (match bool) {
+ return acl.Matcher.IsMatch(object.Path, subject)
}