abac/simple_policy_engine.go

package abac

type SimplePolicyEngine struct {
	rules []Rule
}

type Rule struct {
	Effect    string    `json:"effect"`
	Action    string    `json:"action"`
	Condition Condition `json:"condition"`
}

type Condition struct {
	AttributeKey   string `json:"attribute_key"`
	AttributeValue string `json:"attribute_value"`
}

func (engine *SimplePolicyEngine) EvaluatePolicy(userAttributes, resourceAttributes []Attribute, action string) PolicyDecision {
    for _, rule := range engine.rules {
        if rule.Action == action {
            if rule.Condition.AttributeKey != "" && rule.Condition.AttributeValue != "" {
                attributeFound := false
                for _, attribute := range userAttributes {
                    if attribute.Key == rule.Condition.AttributeKey && attribute.Value == rule.Condition.AttributeValue {
                        attributeFound = true
                        break
                    }
                }

                if !attributeFound {
                    continue
                }
            }

            return PolicyDecision(rule.Effect == "Allow")
        }
    }

    return Deny
}