mirror of
https://github.com/moul/sshportal.git
synced 2024-11-15 12:46:17 +08:00
41 lines
986 B
Go
41 lines
986 B
Go
|
package main
|
||
|
|
||
|
import "sort"
|
||
|
|
||
|
type ByWeight []ACL
|
||
|
|
||
|
func (a ByWeight) Len() int { return len(a) }
|
||
|
func (a ByWeight) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
|
||
|
func (a ByWeight) Less(i, j int) bool { return a[i].Weight < a[j].Weight }
|
||
|
|
||
|
func CheckACLs(user User, host Host) (string, error) {
|
||
|
// shared ACLs between user and host
|
||
|
aclMap := map[uint]ACL{}
|
||
|
for _, userGroup := range user.Groups {
|
||
|
for _, userGroupACL := range userGroup.ACLs {
|
||
|
for _, hostGroup := range host.Groups {
|
||
|
for _, hostGroupACL := range hostGroup.ACLs {
|
||
|
if userGroupACL.ID == hostGroupACL.ID {
|
||
|
aclMap[userGroupACL.ID] = userGroupACL
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
// FIXME: add ACLs that match host pattern
|
||
|
|
||
|
// deny by default if no shared ACL
|
||
|
if len(aclMap) == 0 {
|
||
|
return "deny", nil // default action
|
||
|
}
|
||
|
|
||
|
// transofrm map to slice and sort it
|
||
|
acls := []ACL{}
|
||
|
for _, acl := range aclMap {
|
||
|
acls = append(acls, acl)
|
||
|
}
|
||
|
sort.Sort(ByWeight(acls))
|
||
|
|
||
|
return acls[0].Action, nil
|
||
|
}
|