From 8a605f44b017621eb2bd739d6c7c1de213d7a13f Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Sun, 26 Jan 2020 23:12:00 +0100
Subject: Don't do stupid things like use a dn as a pattern

Also add metadata fields in objects created on initialization
---
 acl.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'acl.go')

diff --git a/acl.go b/acl.go
index 483e8fd..ec6e4de 100644
--- a/acl.go
+++ b/acl.go
@@ -87,8 +87,14 @@ func (entry *ACLEntry) Check(login *Login, action string, target string, attribu
 		}
 	}
 
-	rule_target_with_self := strings.ReplaceAll(entry.target, "SELF", login.user)
-	if !match(rule_target_with_self, target) {
+	matchTarget := match(entry.target, target)
+	if !matchTarget && len(target) >= len(login.user) {
+		start := len(target) - len(login.user)
+		if target[start:] == login.user {
+			matchTarget = match(entry.target, target[:start]+"SELF")
+		}
+	}
+	if !matchTarget {
 		return false
 	}
 
-- 
cgit v1.2.3