mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
ab1d0c51d3
This adds the named group functionality from domain_regex to the resource criteria.
36 lines
947 B
Go
36 lines
947 B
Go
package authorization
|
|
|
|
import (
|
|
"regexp"
|
|
)
|
|
|
|
// NewAccessControlResource creates a AccessControlResource or AccessControlResourceGroup.
|
|
func NewAccessControlResource(pattern regexp.Regexp) AccessControlResource {
|
|
var iuser, igroup = -1, -1
|
|
|
|
for i, group := range pattern.SubexpNames() {
|
|
switch group {
|
|
case subexpNameUser:
|
|
iuser = i
|
|
case subexpNameGroup:
|
|
igroup = i
|
|
}
|
|
}
|
|
|
|
if iuser != -1 || igroup != -1 {
|
|
return AccessControlResource{RegexpGroupStringSubjectMatcher{pattern, iuser, igroup}}
|
|
}
|
|
|
|
return AccessControlResource{RegexpStringSubjectMatcher{pattern}}
|
|
}
|
|
|
|
// AccessControlResource represents an ACL resource that matches without named groups.
|
|
type AccessControlResource struct {
|
|
Matcher StringSubjectMatcher
|
|
}
|
|
|
|
// IsMatch returns true if the ACL resource match the object path.
|
|
func (acl AccessControlResource) IsMatch(subject Subject, object Object) (match bool) {
|
|
return acl.Matcher.IsMatch(object.Path, subject)
|
|
}
|