authelia/internal/authorization/access_control_subjects.go
James Elliott b4e570358e
fix: include major in go.mod module directive (#2278)
* build: include major in go.mod module directive

* fix: xflags

* revert: cobra changes

* fix: mock doc
2021-08-11 11:16:46 +10:00

56 lines
1.5 KiB
Go

package authorization
import (
"github.com/authelia/authelia/v4/internal/utils"
)
// AccessControlSubject abstracts an ACL subject of type `group:` or `user:`.
type AccessControlSubject interface {
IsMatch(subject Subject) (match bool)
}
// AccessControlSubjects represents an ACL subject.
type AccessControlSubjects struct {
Subjects []AccessControlSubject
}
// AddSubject appends to the AccessControlSubjects based on a subject rule string.
func (acs *AccessControlSubjects) AddSubject(subjectRule string) {
subject := schemaSubjectToACLSubject(subjectRule)
if subject != nil {
acs.Subjects = append(acs.Subjects, subject)
}
}
// IsMatch returns true if the ACL subjects match the subject properties.
func (acs AccessControlSubjects) IsMatch(subject Subject) (match bool) {
for _, rule := range acs.Subjects {
if !rule.IsMatch(subject) {
return false
}
}
return true
}
// AccessControlUser represents an ACL subject of type `user:`.
type AccessControlUser struct {
Name string
}
// IsMatch returns true if the AccessControlUser name matches the Subject username.
func (acu AccessControlUser) IsMatch(subject Subject) (match bool) {
return subject.Username == acu.Name
}
// AccessControlGroup represents an ACL subject of type `group:`.
type AccessControlGroup struct {
Name string
}
// IsMatch returns true if the AccessControlGroup name matches one of the groups of the Subject.
func (acg AccessControlGroup) IsMatch(subject Subject) (match bool) {
return utils.IsStringInSlice(acg.Name, subject.Groups)
}