diff --git a/acl.go b/acl.go index 709dfcb..ba665f7 100644 --- a/acl.go +++ b/acl.go @@ -148,6 +148,10 @@ func (a aclRuleSet) HasAccess(user string, groups []string, r *http.Request) acl } } + if str.StringInSlice("@_authenticated", a.Allow) && user != "" { + return accessAllow + } + // Neither user nor group are handled return accessDunno } diff --git a/acl_test.go b/acl_test.go index b379236..3aa9d40 100644 --- a/acl_test.go +++ b/acl_test.go @@ -59,6 +59,30 @@ func TestRuleSetMatcher(t *testing.T) { } } +func TestGroupAuthenticated(t *testing.T) { + r := aclRuleSet{ + Rules: []aclRule{ + { + Field: "field_a", + MatchString: aclTestString("expected"), + }, + }, + Allow: []string{"@_authenticated"}, + } + fields := map[string]string{ + "field_a": "expected", + } + + if r.HasAccess(aclTestUser, aclTestGroups, aclTestRequest(fields)) != accessAllow { + t.Error("Access was denied") + } + + r.Allow = []string{"testgroup"} + if r.HasAccess(aclTestUser, aclTestGroups, aclTestRequest(fields)) == accessAllow { + t.Error("Access was allowed") + } +} + func TestInvertedRegexMatcher(t *testing.T) { fields := map[string]string{ "field_a": "expected",