GetImplicitObjectPatternsForUser returns all object patterns (with wildcards) that a user has for a given domain and action. For example: p, admin, chronicle/123, location/*, read p, user, chronicle/456, location/789, read g, alice, admin g, bob, user GetImplicitObjectPatternsForUser("alice", "chro
(user string, domain string, action string)
| 661 | // GetImplicitObjectPatternsForUser("alice", "chronicle/123", "read") will return ["location/*"]. |
| 662 | // GetImplicitObjectPatternsForUser("bob", "chronicle/456", "read") will return ["location/789"]. |
| 663 | func (e *Enforcer) GetImplicitObjectPatternsForUser(user string, domain string, action string) ([]string, error) { |
| 664 | roles, err := e.GetImplicitRolesForUser(user, domain) |
| 665 | if err != nil { |
| 666 | return nil, err |
| 667 | } |
| 668 | |
| 669 | subjects := append([]string{user}, roles...) |
| 670 | subjectIndex, _ := e.GetFieldIndex("p", constant.SubjectIndex) |
| 671 | domainIndex, _ := e.GetFieldIndex("p", constant.DomainIndex) |
| 672 | objectIndex, _ := e.GetFieldIndex("p", constant.ObjectIndex) |
| 673 | actionIndex, _ := e.GetFieldIndex("p", constant.ActionIndex) |
| 674 | |
| 675 | patterns := make(map[string]struct{}) |
| 676 | for _, rule := range e.model["p"]["p"].Policy { |
| 677 | sub := rule[subjectIndex] |
| 678 | matched := false |
| 679 | for _, subject := range subjects { |
| 680 | if sub == subject { |
| 681 | matched = true |
| 682 | break |
| 683 | } |
| 684 | } |
| 685 | if !matched { |
| 686 | continue |
| 687 | } |
| 688 | |
| 689 | if !e.matchDomain(domainIndex, domain, rule) { |
| 690 | continue |
| 691 | } |
| 692 | |
| 693 | ruleAction := rule[actionIndex] |
| 694 | if ruleAction != action && ruleAction != "*" { |
| 695 | continue |
| 696 | } |
| 697 | |
| 698 | obj := rule[objectIndex] |
| 699 | patterns[obj] = struct{}{} |
| 700 | } |
| 701 | |
| 702 | result := make([]string, 0, len(patterns)) |
| 703 | for pattern := range patterns { |
| 704 | result = append(result, pattern) |
| 705 | } |
| 706 | |
| 707 | return result, nil |
| 708 | } |
| 709 | |
| 710 | // matchDomain checks if the domain matches the rule domain using pattern matching. |
| 711 | func (e *Enforcer) matchDomain(domainIndex int, domain string, rule []string) bool { |