示例#1
0
文件: guard.go 项目: zeisss/ladon
func Matches(p policy.Policy, patterns []string, match string) (bool, error) {
	var reg *regexp.Regexp
	var err error
	var matches bool
	for _, h := range patterns {
		reg, err = compiler.CompileRegex(h, p.GetStartDelimiter(), p.GetEndDelimiter())
		if err != nil {
			return false, err
		}

		matches = reg.MatchString(match)
		if matches {
			return true, nil
		}
	}
	return false, nil
}
示例#2
0
文件: guard.go 项目: zeisss/ladon
func (g *Guard) PassesConditions(p policy.Policy, ctx *Context, permission, resource, subject string) (passes bool) {
	var extra map[string]interface{}
	passes = len(p.GetConditions()) == 0
	for _, condition := range p.GetConditions() {
		op, ok := g.GetOperator(condition.GetOperator())
		if !ok {
			if !g.disableLogging {
				log.WithFields(log.Fields{
					"subjects": p.GetSubjects(),
					"subject":  subject,
				}).Warn("Could not check conditions.")
			}
			return false
		}

		extra = condition.GetExtra()
		extra["permission"] = permission
		extra["resource"] = resource
		extra["subject"] = subject
		if !op(extra, ctx) {
			return false
		}

		passes = true
	}
	return passes
}