2017-11-13 17:13:17 +08:00
|
|
|
package main
|
|
|
|
|
|
|
|
import "sort"
|
|
|
|
|
2017-11-15 16:52:59 +08:00
|
|
|
type ByWeight []*ACL
|
2017-11-13 17:13:17 +08:00
|
|
|
|
|
|
|
func (a ByWeight) Len() int { return len(a) }
|
|
|
|
func (a ByWeight) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
|
|
|
|
func (a ByWeight) Less(i, j int) bool { return a[i].Weight < a[j].Weight }
|
|
|
|
|
|
|
|
func CheckACLs(user User, host Host) (string, error) {
|
|
|
|
// shared ACLs between user and host
|
2017-11-15 16:52:59 +08:00
|
|
|
aclMap := map[uint]*ACL{}
|
2017-11-13 17:13:17 +08:00
|
|
|
for _, userGroup := range user.Groups {
|
|
|
|
for _, userGroupACL := range userGroup.ACLs {
|
|
|
|
for _, hostGroup := range host.Groups {
|
|
|
|
for _, hostGroupACL := range hostGroup.ACLs {
|
|
|
|
if userGroupACL.ID == hostGroupACL.ID {
|
|
|
|
aclMap[userGroupACL.ID] = userGroupACL
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// FIXME: add ACLs that match host pattern
|
|
|
|
|
|
|
|
// deny by default if no shared ACL
|
|
|
|
if len(aclMap) == 0 {
|
2017-12-04 01:18:17 +08:00
|
|
|
return ACLActionDeny, nil // default action
|
2017-11-13 17:13:17 +08:00
|
|
|
}
|
|
|
|
|
2017-12-04 01:18:17 +08:00
|
|
|
// transform map to slice and sort it
|
2017-11-15 16:52:59 +08:00
|
|
|
acls := []*ACL{}
|
2017-11-13 17:13:17 +08:00
|
|
|
for _, acl := range aclMap {
|
|
|
|
acls = append(acls, acl)
|
|
|
|
}
|
|
|
|
sort.Sort(ByWeight(acls))
|
|
|
|
|
|
|
|
return acls[0].Action, nil
|
|
|
|
}
|