2021-03-05 11:18:31 +07:00
|
|
|
package authorization
|
|
|
|
|
|
|
|
import (
|
2021-08-11 08:04:35 +07:00
|
|
|
"github.com/authelia/authelia/v4/internal/utils"
|
2021-03-05 11:18:31 +07:00
|
|
|
)
|
|
|
|
|
|
|
|
// AccessControlSubject abstracts an ACL subject of type `group:` or `user:`.
|
|
|
|
type AccessControlSubject interface {
|
|
|
|
IsMatch(subject Subject) (match bool)
|
|
|
|
}
|
|
|
|
|
|
|
|
// AccessControlSubjects represents an ACL subject.
|
|
|
|
type AccessControlSubjects struct {
|
|
|
|
Subjects []AccessControlSubject
|
|
|
|
}
|
|
|
|
|
|
|
|
// AddSubject appends to the AccessControlSubjects based on a subject rule string.
|
|
|
|
func (acs *AccessControlSubjects) AddSubject(subjectRule string) {
|
|
|
|
subject := schemaSubjectToACLSubject(subjectRule)
|
|
|
|
|
|
|
|
if subject != nil {
|
|
|
|
acs.Subjects = append(acs.Subjects, subject)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// IsMatch returns true if the ACL subjects match the subject properties.
|
|
|
|
func (acs AccessControlSubjects) IsMatch(subject Subject) (match bool) {
|
|
|
|
for _, rule := range acs.Subjects {
|
|
|
|
if !rule.IsMatch(subject) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// AccessControlUser represents an ACL subject of type `user:`.
|
|
|
|
type AccessControlUser struct {
|
|
|
|
Name string
|
|
|
|
}
|
|
|
|
|
|
|
|
// IsMatch returns true if the AccessControlUser name matches the Subject username.
|
|
|
|
func (acu AccessControlUser) IsMatch(subject Subject) (match bool) {
|
|
|
|
return subject.Username == acu.Name
|
|
|
|
}
|
|
|
|
|
|
|
|
// AccessControlGroup represents an ACL subject of type `group:`.
|
|
|
|
type AccessControlGroup struct {
|
|
|
|
Name string
|
|
|
|
}
|
|
|
|
|
|
|
|
// IsMatch returns true if the AccessControlGroup name matches one of the groups of the Subject.
|
|
|
|
func (acg AccessControlGroup) IsMatch(subject Subject) (match bool) {
|
|
|
|
return utils.IsStringInSlice(acg.Name, subject.Groups)
|
|
|
|
}
|