2021-03-05 11:18:31 +07:00
|
|
|
package authorization
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"strings"
|
|
|
|
|
2021-08-11 08:04:35 +07:00
|
|
|
"github.com/authelia/authelia/v4/internal/utils"
|
2021-03-05 11:18:31 +07:00
|
|
|
)
|
|
|
|
|
|
|
|
// AccessControlDomain represents an ACL domain.
|
|
|
|
type AccessControlDomain struct {
|
|
|
|
Name string
|
|
|
|
Wildcard bool
|
|
|
|
UserWildcard bool
|
|
|
|
GroupWildcard bool
|
|
|
|
}
|
|
|
|
|
|
|
|
// IsMatch returns true if the ACL domain matches the object domain.
|
|
|
|
func (acd AccessControlDomain) IsMatch(subject Subject, object Object) (match bool) {
|
|
|
|
switch {
|
|
|
|
case acd.Wildcard:
|
|
|
|
return strings.HasSuffix(object.Domain, acd.Name)
|
|
|
|
case acd.UserWildcard:
|
|
|
|
return object.Domain == fmt.Sprintf("%s.%s", subject.Username, acd.Name)
|
|
|
|
case acd.GroupWildcard:
|
|
|
|
prefix, suffix := domainToPrefixSuffix(object.Domain)
|
|
|
|
|
|
|
|
return suffix == acd.Name && utils.IsStringInSliceFold(prefix, subject.Groups)
|
|
|
|
default:
|
|
|
|
return object.Domain == acd.Name
|
|
|
|
}
|
|
|
|
}
|