From 98a307c174843afa3197f42728bfb9142c68576e Mon Sep 17 00:00:00 2001 From: Ingo Oppermann Date: Tue, 13 Jun 2023 10:37:00 +0200 Subject: [PATCH] Remove domain parameter from ResourceMatch function --- iam/access/access.go | 2 +- iam/access/functions.go | 22 ++++++---------------- 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/iam/access/access.go b/iam/access/access.go index 02f02284..cdfe38f5 100644 --- a/iam/access/access.go +++ b/iam/access/access.go @@ -61,7 +61,7 @@ func New(config Config) (Manager, error) { m.AddDef("p", "p", "sub, dom, obj, act") m.AddDef("g", "g", "_, _, _") m.AddDef("e", "e", "some(where (p.eft == allow))") - m.AddDef("m", "m", `g(r.sub, p.sub, r.dom) && r.dom == p.dom && ResourceMatch(r.obj, r.dom, p.obj) && ActionMatch(r.act, p.act) || r.sub == "$superuser"`) + m.AddDef("m", "m", `g(r.sub, p.sub, r.dom) && r.dom == p.dom && ResourceMatch(r.obj, p.obj) && ActionMatch(r.act, p.act) || r.sub == "$superuser"`) e, err := casbin.NewEnforcer(m, am.adapter) if err != nil { diff --git a/iam/access/functions.go b/iam/access/functions.go index 8fef2633..c455dbd9 100644 --- a/iam/access/functions.go +++ b/iam/access/functions.go @@ -3,10 +3,10 @@ package access import ( "strings" - "github.com/gobwas/glob" + "github.com/datarhei/core/v16/glob" ) -func resourceMatch(request, domain, policy string) bool { +func resourceMatch(request, policy string) bool { reqPrefix, reqResource := getPrefix(request) polPrefix, polResource := getPrefix(policy) @@ -18,12 +18,12 @@ func resourceMatch(request, domain, policy string) bool { var err error if reqPrefix == "api" || reqPrefix == "fs" || reqPrefix == "rtmp" || reqPrefix == "srt" { - match, err = globMatch(polResource, reqResource, rune('/')) + match, err = glob.Match(polResource, reqResource, rune('/')) if err != nil { return false } } else { - match, err = globMatch(polResource, reqResource) + match, err = glob.Match(polResource, reqResource) if err != nil { return false } @@ -34,10 +34,9 @@ func resourceMatch(request, domain, policy string) bool { func resourceMatchFunc(args ...interface{}) (interface{}, error) { request := args[0].(string) - domain := args[1].(string) - policy := args[2].(string) + policy := args[1].(string) - return (bool)(resourceMatch(request, domain, policy)), nil + return (bool)(resourceMatch(request, policy)), nil } func actionMatch(request string, policy string) bool { @@ -75,12 +74,3 @@ func getPrefix(s string) (string, string) { return prefix, resource } - -func globMatch(pattern, name string, separators ...rune) (bool, error) { - g, err := glob.Compile(pattern, separators...) - if err != nil { - return false, err - } - - return g.Match(name), nil -}