authelia/internal/authorization/access_control_subjects.go
James Elliott 3c1bb3ec19
feat(authorization): domain regex match with named groups (#2789)
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
2022-04-01 22:38:49 +11:00

51 lines
1.3 KiB
Go

package authorization
import (
"github.com/authelia/authelia/v4/internal/utils"
)
// AccessControlSubjects represents an ACL subject.
type AccessControlSubjects struct {
Subjects []SubjectMatcher
}
// AddSubject appends to the AccessControlSubjects based on a subject rule string.
func (acs *AccessControlSubjects) AddSubject(subjectRule string) {
subject := schemaSubjectToACLSubject(subjectRule)
if subject != nil {
acs.Subjects = append(acs.Subjects, subject)
}
}
// IsMatch returns true if the ACL subjects match the subject properties.
func (acs AccessControlSubjects) IsMatch(subject Subject) (match bool) {
for _, rule := range acs.Subjects {
if !rule.IsMatch(subject) {
return false
}
}
return true
}
// AccessControlUser represents an ACL subject of type `user:`.
type AccessControlUser struct {
Name string
}
// IsMatch returns true if the AccessControlUser name matches the Subject username.
func (acu AccessControlUser) IsMatch(subject Subject) (match bool) {
return subject.Username == acu.Name
}
// AccessControlGroup represents an ACL subject of type `group:`.
type AccessControlGroup struct {
Name string
}
// IsMatch returns true if the AccessControlGroup name matches one of the groups of the Subject.
func (acg AccessControlGroup) IsMatch(subject Subject) (match bool) {
return utils.IsStringInSlice(acg.Name, subject.Groups)
}