func Matches(p policy.Policy, patterns []string, match string) (bool, error) { var reg *regexp.Regexp var err error var matches bool for _, h := range patterns { reg, err = compiler.CompileRegex(h, p.GetStartDelimiter(), p.GetEndDelimiter()) if err != nil { return false, err } matches = reg.MatchString(match) if matches { return true, nil } } return false, nil }
func (g *Guard) PassesConditions(p policy.Policy, ctx *Context, permission, resource, subject string) (passes bool) { var extra map[string]interface{} passes = len(p.GetConditions()) == 0 for _, condition := range p.GetConditions() { op, ok := g.GetOperator(condition.GetOperator()) if !ok { if !g.disableLogging { log.WithFields(log.Fields{ "subjects": p.GetSubjects(), "subject": subject, }).Warn("Could not check conditions.") } return false } extra = condition.GetExtra() extra["permission"] = permission extra["resource"] = resource extra["subject"] = subject if !op(extra, ctx) { return false } passes = true } return passes }