func Matches(p policy.Policy, patterns []string, match string) (bool, error) {
var reg *regexp.Regexp
var err error
var matches bool
for _, h := range patterns {
reg, err = compiler.CompileRegex(h, p.GetStartDelimiter(), p.GetEndDelimiter())
if err != nil {
return false, err
}
matches = reg.MatchString(match)
if matches {
return true, nil
}
}
return false, nil
}
func (g *Guard) PassesConditions(p policy.Policy, ctx *Context, permission, resource, subject string) (passes bool) {
var extra map[string]interface{}
passes = len(p.GetConditions()) == 0
for _, condition := range p.GetConditions() {
op, ok := g.GetOperator(condition.GetOperator())
if !ok {
if !g.disableLogging {
log.WithFields(log.Fields{
"subjects": p.GetSubjects(),
"subject": subject,
}).Warn("Could not check conditions.")
}
return false
}
extra = condition.GetExtra()
extra["permission"] = permission
extra["resource"] = resource
extra["subject"] = subject
if !op(extra, ctx) {
return false
}
passes = true
}
return passes
}