in server/src/main/java/com/epam/aidial/core/server/security/RuleMatcher.java [19:60]
public boolean match(ProxyContext context, Collection<Rule> rules) {
// if no rules provided - resource is available to everybody
if (rules.isEmpty()) {
return true;
}
ExtractedClaims claims = context.getExtractedClaims();
if (claims == null) {
return false;
}
Map<String, List<String>> userClaims = claims.userClaims();
for (Rule rule : rules) {
String targetClaim = rule.getSource();
List<String> sources;
if (targetClaim.equals("roles")) {
sources = claims.userRoles();
} else {
sources = userClaims.get(targetClaim);
}
if (sources == null) {
continue;
}
List<String> targets = rule.getTargets();
boolean match = switch (rule.getFunction()) {
case TRUE -> true;
case FALSE -> false;
case EQUAL -> equal(sources, targets);
case CONTAIN -> contain(sources, targets);
case REGEX -> regex(sources, targets);
};
if (match) {
return true;
}
}
return false;
}