2021-03-05 04:18:31 +00:00
|
|
|
package authorization
|
|
|
|
|
|
|
|
import (
|
|
|
|
"regexp"
|
|
|
|
)
|
|
|
|
|
2022-06-28 02:51:05 +00:00
|
|
|
// NewAccessControlResource creates a AccessControlResource or AccessControlResourceGroup.
|
|
|
|
func NewAccessControlResource(pattern regexp.Regexp) AccessControlResource {
|
|
|
|
var iuser, igroup = -1, -1
|
|
|
|
|
|
|
|
for i, group := range pattern.SubexpNames() {
|
|
|
|
switch group {
|
|
|
|
case subexpNameUser:
|
|
|
|
iuser = i
|
|
|
|
case subexpNameGroup:
|
|
|
|
igroup = i
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if iuser != -1 || igroup != -1 {
|
|
|
|
return AccessControlResource{RegexpGroupStringSubjectMatcher{pattern, iuser, igroup}}
|
|
|
|
}
|
|
|
|
|
|
|
|
return AccessControlResource{RegexpStringSubjectMatcher{pattern}}
|
|
|
|
}
|
|
|
|
|
|
|
|
// AccessControlResource represents an ACL resource that matches without named groups.
|
2021-03-05 04:18:31 +00:00
|
|
|
type AccessControlResource struct {
|
2022-06-28 02:51:05 +00:00
|
|
|
Matcher StringSubjectMatcher
|
2021-03-05 04:18:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// IsMatch returns true if the ACL resource match the object path.
|
2022-06-28 02:51:05 +00:00
|
|
|
func (acl AccessControlResource) IsMatch(subject Subject, object Object) (match bool) {
|
|
|
|
return acl.Matcher.IsMatch(object.Path, subject)
|
2021-03-05 04:18:31 +00:00
|
|
|
}
|