func (p policy) subjectMatches(a authorizer.Attributes) bool { if p.User != "" { // Require user match if p.User != a.GetUserName() { return false } } if p.Group != "" { // Require group match for _, group := range a.GetGroups() { if p.Group == group { return true } } return false } return true }
func (allowAliceAuthorizer) Authorize(a authorizer.Attributes) error { if a.GetUserName() == "alice" { return nil } return errors.New("I can't allow that. Go ask alice.") }