mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
4dce8f9496
* adjust session refresh to always occur (for disabled users) * feat: adds filtering option for Request Method in ACL's * simplify flow of internal/authorization/authorizer.go's methods * implement query string checking * utilize authorizer.Object fully * make matchers uniform * add tests * add missing request methods * add frontend enhancements to handle request method * add request method to 1FA Handler Suite * add internal ACL representations (preparsing) * expand on access_control next * add docs * remove unnecessary slice for network names and instead just use a plain string * add warning for ineffectual bypass policy (due to subjects) * add user/group wildcard support * fix(authorization): allow subject rules to match anonymous users * feat(api): add new params * docs(api): wording adjustments * test: add request method into testing and proxy docs * test: add several checks and refactor schema validation for ACL * test: add integration test for methods acl * refactor: apply suggestions from code review * docs(authorization): update description
56 lines
1.5 KiB
Go
56 lines
1.5 KiB
Go
package authorization
|
|
|
|
import (
|
|
"github.com/authelia/authelia/internal/utils"
|
|
)
|
|
|
|
// AccessControlSubject abstracts an ACL subject of type `group:` or `user:`.
|
|
type AccessControlSubject interface {
|
|
IsMatch(subject Subject) (match bool)
|
|
}
|
|
|
|
// AccessControlSubjects represents an ACL subject.
|
|
type AccessControlSubjects struct {
|
|
Subjects []AccessControlSubject
|
|
}
|
|
|
|
// AddSubject appends to the AccessControlSubjects based on a subject rule string.
|
|
func (acs *AccessControlSubjects) AddSubject(subjectRule string) {
|
|
subject := schemaSubjectToACLSubject(subjectRule)
|
|
|
|
if subject != nil {
|
|
acs.Subjects = append(acs.Subjects, subject)
|
|
}
|
|
}
|
|
|
|
// IsMatch returns true if the ACL subjects match the subject properties.
|
|
func (acs AccessControlSubjects) IsMatch(subject Subject) (match bool) {
|
|
for _, rule := range acs.Subjects {
|
|
if !rule.IsMatch(subject) {
|
|
return false
|
|
}
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
// AccessControlUser represents an ACL subject of type `user:`.
|
|
type AccessControlUser struct {
|
|
Name string
|
|
}
|
|
|
|
// IsMatch returns true if the AccessControlUser name matches the Subject username.
|
|
func (acu AccessControlUser) IsMatch(subject Subject) (match bool) {
|
|
return subject.Username == acu.Name
|
|
}
|
|
|
|
// AccessControlGroup represents an ACL subject of type `group:`.
|
|
type AccessControlGroup struct {
|
|
Name string
|
|
}
|
|
|
|
// IsMatch returns true if the AccessControlGroup name matches one of the groups of the Subject.
|
|
func (acg AccessControlGroup) IsMatch(subject Subject) (match bool) {
|
|
return utils.IsStringInSlice(acg.Name, subject.Groups)
|
|
}
|