package authorization import ( "github.com/authelia/authelia/v4/internal/utils" ) // AccessControlSubjects represents an ACL subject. type AccessControlSubjects struct { Subjects []SubjectMatcher } // AddSubject appends to the AccessControlSubjects based on a subject rule string. func (acs *AccessControlSubjects) AddSubject(subjectRule string) { subject := schemaSubjectToACLSubject(subjectRule) if subject != nil { acs.Subjects = append(acs.Subjects, subject) } } // IsMatch returns true if the ACL subjects match the subject properties. func (acs *AccessControlSubjects) IsMatch(subject Subject) (match bool) { for _, rule := range acs.Subjects { if !rule.IsMatch(subject) { return false } } return true } // AccessControlUser represents an ACL subject of type `user:`. type AccessControlUser struct { Name string } // IsMatch returns true if the AccessControlUser name matches the Subject username. func (acu AccessControlUser) IsMatch(subject Subject) (match bool) { return subject.Username == acu.Name } // AccessControlGroup represents an ACL subject of type `group:`. type AccessControlGroup struct { Name string } // IsMatch returns true if the AccessControlGroup name matches one of the groups of the Subject. func (acg AccessControlGroup) IsMatch(subject Subject) (match bool) { return utils.IsStringInSlice(acg.Name, subject.Groups) }