authelia/docs/content/en/reference/guides/rule-operators.md

135 lines
3.1 KiB
Markdown

---
title: "Access Control Rule Guide"
description: "A reference guide on access control rule operators"
lead: "This section contains a reference guide on access control rule operators."
date: 2022-09-09T15:44:23+10:00
draft: false
images: []
menu:
reference:
parent: "guides"
weight: 220
toc: true
---
## Operators
Rule operators are effectively words which alter the behaviour of particular access control rules. The following table
is a guide on their use.
| Operator | Effect |
|:-------------:|:--------------------------------------------------------------:|
| `equal` | Matches when the item value is equal to the provided value |
| `not equal` | Matches when the item value is not equal to the provided value |
| `present` | Matches when the item is present with any value |
| `absent` | Matches when the item is not present at all |
| `pattern` | Matches when the item matches the regex pattern |
| `not pattern` | Matches when the item doesn't match the regex pattern |
## Multi-level Logical Criteria
Criteria which is described as multi-level logical criteria indicates that it is a list of lists. The first level i.e.
the list least indented to the right will be referred to the `OR-list`, and the list most indented to the right will be
referred to the `AND-list`.
The OR-list matches if any of the criteria from it's AND-list's matches; in other words, a *__logical OR__*. The
AND-list matches if all of it's criteria matches the given request; in other words, a *__logical AND__*.
In addition to these rules, if the AND-list only needs one item, it can be represented without the second level.
### Examples
#### List of Lists
The following examples show various abstract examples to express a rule that matches either c, or a AND b;
i.e `(a AND b) OR (c)`. In relation to access control rules all of these should be treated the same. This format should
not be used for the configuration item type `list(list(object))`, see [List of List Objects](#list-of-list-objects)
instead.
##### Fully Expressed
```yaml
rule:
- - 'a'
- 'b'
- - 'c'
```
##### Omitted Level
```yaml
rule:
- - 'a'
- 'b'
- 'c'
```
##### Compact
```yaml
rule:
- ['a', 'b']
- ['c']
```
##### Compact with Omitted Level
```yaml
rule:
- ['a', 'b']
- 'c'
```
##### Super Compact
```yaml
rule: [['a', 'b'], ['c']]
```
#### List of List Objects
The following examples show various abstract examples that mirror the above rules however the AND-list is a list of
objects where the key is named `value`. This format should only be used for the configuration item type
`list(list(object))`, see [List of Lists](#list-of-lists) if you're not looking for a `list(list(object))`
##### Fully Expressed
```yaml
rule:
- - value: 'a'
- value: 'b'
- - value: 'c'
```
##### Omitted Level
```yaml
rule:
- - 'a'
- 'b'
- value: 'c'
```
##### Compact
```yaml
rule:
- ['a', 'b']
- ['c']
```
##### Compact with Omitted Level
```yaml
rule:
- ['a', 'b']
- 'c'
```
##### Super Compact
```yaml
rule: [['a', 'b'], ['c']]
```