func (g *Guard) PassesConditions(p policy.Policy, ctx *Context, permission, resource, subject string) (passes bool) { var extra map[string]interface{} passes = len(p.GetConditions()) == 0 for _, condition := range p.GetConditions() { op, ok := g.GetOperator(condition.GetOperator()) if !ok { if !g.disableLogging { log.WithFields(log.Fields{ "subjects": p.GetSubjects(), "subject": subject, }).Warn("Could not check conditions.") } return false } extra = condition.GetExtra() extra["permission"] = permission extra["resource"] = resource extra["subject"] = subject if !op(extra, ctx) { return false } passes = true } return passes }