authelia/internal/authorization/access_control_resource.go
James Elliott ab1d0c51d3
feat(authorization): acl resource regex named groups (#3597)
This adds the named group functionality from domain_regex to the resource criteria.
2022-06-28 12:51:05 +10:00

36 lines
947 B
Go

package authorization
import (
"regexp"
)
// NewAccessControlResource creates a AccessControlResource or AccessControlResourceGroup.
func NewAccessControlResource(pattern regexp.Regexp) AccessControlResource {
var iuser, igroup = -1, -1
for i, group := range pattern.SubexpNames() {
switch group {
case subexpNameUser:
iuser = i
case subexpNameGroup:
igroup = i
}
}
if iuser != -1 || igroup != -1 {
return AccessControlResource{RegexpGroupStringSubjectMatcher{pattern, iuser, igroup}}
}
return AccessControlResource{RegexpStringSubjectMatcher{pattern}}
}
// AccessControlResource represents an ACL resource that matches without named groups.
type AccessControlResource struct {
Matcher StringSubjectMatcher
}
// IsMatch returns true if the ACL resource match the object path.
func (acl AccessControlResource) IsMatch(subject Subject, object Object) (match bool) {
return acl.Matcher.IsMatch(object.Path, subject)
}