RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/docs/content/en/reference/guides/rule-operators.md

3.1 KiB
Raw Permalink Blame History

title description lead date draft images menu weight toc
Access Control Rule Guide A reference guide on access control rule operators This section contains a reference guide on access control rule operators. 2022-10-19T14:09:22+11:00 false
reference
parent
guides
220 true

Operators

Rule operators are effectively words which alter the behaviour of particular access control rules. The following table is a guide on their use.

Operator Effect
equal Matches when the item value is equal to the provided value
not equal Matches when the item value is not equal to the provided value
present Matches when the item is present with any value
absent Matches when the item is not present at all
pattern Matches when the item matches the regex pattern
not pattern Matches when the item doesn't match the regex pattern

Multi-level Logical Criteria

Criteria which is described as multi-level logical criteria indicates that it is a list of lists. The first level i.e. the list least indented to the right will be referred to the OR-list, and the list most indented to the right will be referred to the AND-list.

The OR-list matches if any of the criteria from it's AND-list's matches; in other words, a logical OR. The AND-list matches if all of it's criteria matches the given request; in other words, a logical AND.

In addition to these rules, if the AND-list only needs one item, it can be represented without the second level.

Examples

List of Lists

The following examples show various abstract examples to express a rule that matches either c, or a AND b; i.e (a AND b) OR (c). In relation to access control rules all of these should be treated the same. This format should not be used for the configuration item type list(list(object)), see List of List Objects instead.

Fully Expressed
rule:
  - - 'a'
    - 'b'
  - - 'c'
Omitted Level
rule:
  - - 'a'
    - 'b'
  - 'c'
Compact
rule:
  - ['a', 'b']
  - ['c']
Compact with Omitted Level
rule:
  - ['a', 'b']
  - 'c'
Super Compact
rule: [['a', 'b'], ['c']]

List of List Objects

The following examples show various abstract examples that mirror the above rules however the AND-list is a list of objects where the key is named value. This format should only be used for the configuration item type list(list(object)), see List of Lists if you're not looking for a list(list(object))

Fully Expressed
rule:
  - - value: 'a'
    - value: 'b'
  - - value: 'c'
Omitted Level
rule:
  - - 'a'
    - 'b'
  - value: 'c'
Compact
rule:
  - ['a', 'b']
  - ['c']
Compact with Omitted Level
rule:
  - ['a', 'b']
  - 'c'
Super Compact
rule: [['a', 'b'], ['c']]