mirror of
https://github.com/Luzifer/nginx-sso.git
synced 2024-12-30 01:31:18 +00:00
Add special group for all authenticated users
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
930a23f461
commit
5e46619865
2 changed files with 28 additions and 0 deletions
4
acl.go
4
acl.go
|
@ -148,6 +148,10 @@ func (a aclRuleSet) HasAccess(user string, groups []string, r *http.Request) acl
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if str.StringInSlice("@_authenticated", a.Allow) && user != "" {
|
||||||
|
return accessAllow
|
||||||
|
}
|
||||||
|
|
||||||
// Neither user nor group are handled
|
// Neither user nor group are handled
|
||||||
return accessDunno
|
return accessDunno
|
||||||
}
|
}
|
||||||
|
|
24
acl_test.go
24
acl_test.go
|
@ -59,6 +59,30 @@ func TestRuleSetMatcher(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestGroupAuthenticated(t *testing.T) {
|
||||||
|
r := aclRuleSet{
|
||||||
|
Rules: []aclRule{
|
||||||
|
{
|
||||||
|
Field: "field_a",
|
||||||
|
MatchString: aclTestString("expected"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Allow: []string{"@_authenticated"},
|
||||||
|
}
|
||||||
|
fields := map[string]string{
|
||||||
|
"field_a": "expected",
|
||||||
|
}
|
||||||
|
|
||||||
|
if r.HasAccess(aclTestUser, aclTestGroups, aclTestRequest(fields)) != accessAllow {
|
||||||
|
t.Error("Access was denied")
|
||||||
|
}
|
||||||
|
|
||||||
|
r.Allow = []string{"testgroup"}
|
||||||
|
if r.HasAccess(aclTestUser, aclTestGroups, aclTestRequest(fields)) == accessAllow {
|
||||||
|
t.Error("Access was allowed")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestInvertedRegexMatcher(t *testing.T) {
|
func TestInvertedRegexMatcher(t *testing.T) {
|
||||||
fields := map[string]string{
|
fields := map[string]string{
|
||||||
"field_a": "expected",
|
"field_a": "expected",
|
||||||
|
|
Loading…
Reference in a new issue