sshportal/acl.go

41 lines
996 B
Go
Raw Normal View History

2017-11-13 17:13:17 +08:00
package main
import "sort"
type ByWeight []*ACL
2017-11-13 17:13:17 +08:00
func (a ByWeight) Len() int { return len(a) }
func (a ByWeight) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
func (a ByWeight) Less(i, j int) bool { return a[i].Weight < a[j].Weight }
func CheckACLs(user User, host Host) (string, error) {
// shared ACLs between user and host
aclMap := map[uint]*ACL{}
2017-11-13 17:13:17 +08:00
for _, userGroup := range user.Groups {
for _, userGroupACL := range userGroup.ACLs {
for _, hostGroup := range host.Groups {
for _, hostGroupACL := range hostGroup.ACLs {
if userGroupACL.ID == hostGroupACL.ID {
aclMap[userGroupACL.ID] = userGroupACL
}
}
}
}
}
// FIXME: add ACLs that match host pattern
// deny by default if no shared ACL
if len(aclMap) == 0 {
2017-12-04 01:18:17 +08:00
return ACLActionDeny, nil // default action
2017-11-13 17:13:17 +08:00
}
2017-12-04 01:18:17 +08:00
// transform map to slice and sort it
acls := []*ACL{}
2017-11-13 17:13:17 +08:00
for _, acl := range aclMap {
acls = append(acls, acl)
}
sort.Sort(ByWeight(acls))
return acls[0].Action, nil
}