blob: a77c8add27b340bc53aa0921fe0be6b8ca324a2c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
package authorization
import (
"github.com/authelia/authelia/v4/internal/utils"
)
// AccessControlSubjects represents an ACL subject.
type AccessControlSubjects struct {
Subjects []SubjectMatcher
}
// AddSubject appends to the AccessControlSubjects based on a subject rule string.
func (acs *AccessControlSubjects) AddSubject(subjectRule string) {
subject := schemaSubjectToACLSubject(subjectRule)
if subject != nil {
acs.Subjects = append(acs.Subjects, subject)
}
}
// IsMatch returns true if the ACL subjects match the subject properties.
func (acs *AccessControlSubjects) IsMatch(subject Subject) (match bool) {
for _, rule := range acs.Subjects {
if !rule.IsMatch(subject) {
return false
}
}
return true
}
// AccessControlUser represents an ACL subject of type `user:`.
type AccessControlUser struct {
Name string
}
// IsMatch returns true if the AccessControlUser name matches the Subject username.
func (acu AccessControlUser) IsMatch(subject Subject) (match bool) {
return subject.Username == acu.Name
}
// AccessControlGroup represents an ACL subject of type `group:`.
type AccessControlGroup struct {
Name string
}
// IsMatch returns true if the AccessControlGroup name matches one of the groups of the Subject.
func (acg AccessControlGroup) IsMatch(subject Subject) (match bool) {
return utils.IsStringInSlice(acg.Name, subject.Groups)
}
// AccessControlClient represents an ACL subject of type `oauth2:client:`.
type AccessControlClient struct {
Provider string
ID string
}
// IsMatch returns true if the AccessControlClient name matches one of the groups of the Subject.
func (acg AccessControlClient) IsMatch(subject Subject) (match bool) {
return acg.ID == subject.ClientID
}
|
