Add special group for all authenticated users

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-12-20 12:51:17 +00:00 · 2019-04-22 19:54:27 +02:00 · 2019-04-22 19:54:27 +02:00 · 5e46619865
commit 5e46619865
parent 930a23f461
2 changed files with 28 additions and 0 deletions
--- a/acl.go
+++ b/acl.go
@ -148,6 +148,10 @@ func (a aclRuleSet) HasAccess(user string, groups []string, r *http.Request) acl
 		}
 	}

+	if str.StringInSlice("@_authenticated", a.Allow) && user != "" {
+		return accessAllow
+	}
+
 	// Neither user nor group are handled
 	return accessDunno
 }
--- a/acl_test.go
+++ b/acl_test.go
@ -59,6 +59,30 @@ func TestRuleSetMatcher(t *testing.T) {
 	}
 }

+func TestGroupAuthenticated(t *testing.T) {
+	r := aclRuleSet{
+		Rules: []aclRule{
+			{
+				Field:       "field_a",
+				MatchString: aclTestString("expected"),
+			},
+		},
+		Allow: []string{"@_authenticated"},
+	}
+	fields := map[string]string{
+		"field_a": "expected",
+	}
+
+	if r.HasAccess(aclTestUser, aclTestGroups, aclTestRequest(fields)) != accessAllow {
+		t.Error("Access was denied")
+	}
+
+	r.Allow = []string{"testgroup"}
+	if r.HasAccess(aclTestUser, aclTestGroups, aclTestRequest(fields)) == accessAllow {
+		t.Error("Access was allowed")
+	}
+}
+
 func TestInvertedRegexMatcher(t *testing.T) {
 	fields := map[string]string{
 		"field_a": "expected",