| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 |
- package authpublic
- import (
- "slices"
- "strings"
- "github.com/OliveTin/OliveTin/internal/config"
- log "github.com/sirupsen/logrus"
- )
- // User represents a person.
- type AuthenticatedUser struct {
- Username string
- UsergroupLine string
- Provider string
- SID string
- Acls []string
- EffectivePolicy *config.ConfigurationPolicy
- }
- func (u *AuthenticatedUser) IsGuest() bool {
- return u.Username == "guest" && u.Provider == "system"
- }
- func (u *AuthenticatedUser) parseUsergroupLine(sep string) []string {
- ret := []string{}
- if sep != "" {
- for _, v := range strings.Split(u.UsergroupLine, sep) {
- trimmed := strings.TrimSpace(v)
- if trimmed != "" {
- ret = append(ret, trimmed)
- }
- }
- } else {
- ret = strings.Fields(u.UsergroupLine)
- }
- log.Debugf("parseUsergroupLine: %v, %v, sep:%v", u.UsergroupLine, ret, sep)
- return ret
- }
- func (u *AuthenticatedUser) MatchesUsergroupAcl(matchUsergroups []string, sep string) bool {
- groupList := u.parseUsergroupLine(sep)
- for _, group := range groupList {
- if slices.Contains(matchUsergroups, group) {
- log.Debugf("Usergroup %v found in %+v (len: %v)", group, groupList, len(groupList))
- return true
- }
- }
- return false
- }
- func (u *AuthenticatedUser) BuildUserAcls(cfg *config.Config) {
- for _, acl := range cfg.AccessControlLists {
- if slices.Contains(acl.MatchUsernames, u.Username) {
- u.Acls = append(u.Acls, acl.Name)
- continue
- }
- if u.MatchesUsergroupAcl(acl.MatchUsergroups, cfg.AuthHttpHeaderUserGroupSep) {
- u.Acls = append(u.Acls, acl.Name)
- continue
- }
- }
- u.EffectivePolicy = getEffectivePolicy(cfg, u)
- }
- func getEffectivePolicy(cfg *config.Config, u *AuthenticatedUser) *config.ConfigurationPolicy {
- ret := &config.ConfigurationPolicy{
- ShowDiagnostics: cfg.DefaultPolicy.ShowDiagnostics,
- ShowLogList: cfg.DefaultPolicy.ShowLogList,
- ShowVersionNumber: cfg.DefaultPolicy.ShowVersionNumber,
- }
- for _, acl := range cfg.AccessControlLists {
- if slices.Contains(u.Acls, acl.Name) {
- ret = buildConfigurationPolicy(ret, acl.Policy)
- }
- }
- return ret
- }
- func buildConfigurationPolicy(ret *config.ConfigurationPolicy, policy config.ConfigurationPolicy) *config.ConfigurationPolicy {
- if policy.ShowDiagnostics {
- ret.ShowDiagnostics = policy.ShowDiagnostics
- }
- if policy.ShowLogList {
- ret.ShowLogList = policy.ShowLogList
- }
- if policy.ShowVersionNumber {
- ret.ShowVersionNumber = policy.ShowVersionNumber
- }
- return ret
- }
|