mirror of
https://github.com/moul/sshportal.git
synced 2025-01-29 02:50:15 +08:00
40 lines
989 B
Go
40 lines
989 B
Go
package main
|
|
|
|
import "sort"
|
|
|
|
type ByWeight []*ACL
|
|
|
|
func (a ByWeight) Len() int { return len(a) }
|
|
func (a ByWeight) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
|
|
func (a ByWeight) Less(i, j int) bool { return a[i].Weight < a[j].Weight }
|
|
|
|
func CheckACLs(user User, host Host) (string, error) {
|
|
// shared ACLs between user and host
|
|
aclMap := map[uint]*ACL{}
|
|
for _, userGroup := range user.Groups {
|
|
for _, userGroupACL := range userGroup.ACLs {
|
|
for _, hostGroup := range host.Groups {
|
|
for _, hostGroupACL := range hostGroup.ACLs {
|
|
if userGroupACL.ID == hostGroupACL.ID {
|
|
aclMap[userGroupACL.ID] = userGroupACL
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
// FIXME: add ACLs that match host pattern
|
|
|
|
// deny by default if no shared ACL
|
|
if len(aclMap) == 0 {
|
|
return "deny", nil // default action
|
|
}
|
|
|
|
// transofrm map to slice and sort it
|
|
acls := []*ACL{}
|
|
for _, acl := range aclMap {
|
|
acls = append(acls, acl)
|
|
}
|
|
sort.Sort(ByWeight(acls))
|
|
|
|
return acls[0].Action, nil
|
|
}
|