abac/simple_policy_engine.go

package abac

type SimplePolicyEngine struct {
	rules []Rule
}

type Rule struct {
	Effect    string    `json:"effect"`
	Action    string    `json:"action"`
	Condition Condition `json:"condition"`
}

type Condition struct {
	AttributeKey   string `json:"attribute_key"`
	AttributeValue string `json:"attribute_value"`
}

func (engine *SimplePolicyEngine) EvaluatePolicy(userAttributes, resourceAttributes []Attribute, action string) PolicyDecision {
    for _, rule := range engine.rules {
        if rule.Action == action {
            if rule.Condition.AttributeKey != "" && rule.Condition.AttributeValue != "" {
                attributeFound := false
                for _, attribute := range userAttributes {
                    if attribute.Key == rule.Condition.AttributeKey && attribute.Value == rule.Condition.AttributeValue {
                        attributeFound = true
                        break
                    }
                }

                if !attributeFound {
                    continue
                }
            }

            return PolicyDecision(rule.Effect == "Allow")
        }
    }

    return Deny
}
feat: Initial implementation of an attribute based authentication system 2024-12-26 06:43:25 +00:00			`package abac`

			`type SimplePolicyEngine struct {`
			`rules []Rule`
			`}`

			`type Rule struct {`
			Effect string `json:"effect"`
			Action string `json:"action"`
			Condition Condition `json:"condition"`
			`}`

			`type Condition struct {`
			AttributeKey string `json:"attribute_key"`
			AttributeValue string `json:"attribute_value"`
			`}`

			`func (engine *SimplePolicyEngine) EvaluatePolicy(userAttributes, resourceAttributes []Attribute, action string) PolicyDecision {`
			`for _, rule := range engine.rules {`
			`if rule.Action == action {`
			`if rule.Condition.AttributeKey != "" && rule.Condition.AttributeValue != "" {`
			`attributeFound := false`
			`for _, attribute := range userAttributes {`
			`if attribute.Key == rule.Condition.AttributeKey && attribute.Value == rule.Condition.AttributeValue {`
			`attributeFound = true`
			`break`
			`}`
			`}`

			`if !attributeFound {`
			`continue`
			`}`
			`}`

			`return PolicyDecision(rule.Effect == "Allow")`
			`}`
			`}`

			`return Deny`
			`}`