func (p policy) matches(a authorizer.Attributes) bool {
if p.subjectMatches(a) {
if p.Readonly == false || (p.Readonly == a.IsReadOnly()) {
switch {
case p.NonResourcePath != "":
if p.NonResourcePath == a.GetNonResourcePath() {
return true
}
// When the path is a non-resource path it cannot match.
case len(a.GetNonResourcePath()) == 0 && (p.Resource == "" || (p.Resource == a.GetResource())):
if p.Namespace == "" || (p.Namespace == a.GetNamespace()) {
return true
}
}
}
}
return false
}