function ACLHandler:access()

in kong/kong/plugins/acl/handler.lua [47:138]

• 67 lines of code
• 14 McCabe index (conditional complexity)

function ACLHandler:access(conf)
  
  local config = config_cache[conf]
  if not config then
    local config_type = (conf.deny or EMPTY)[1] and DENY or ALLOW

    config = {
      hide_groups_header = conf.hide_groups_header,
      type = config_type,
      groups = config_type == DENY and conf.deny or conf.allow,
      cache = setmetatable({}, mt_cache),
    }

    config_cache[conf] = config
  end

  local to_be_blocked

  
  local consumer_id = groups.get_current_consumer_id()
  if not consumer_id then
    local authenticated_groups = groups.get_authenticated_groups()
    if not authenticated_groups then
      if kong.client.get_credential() then
        return kong.response.error(403, "You cannot consume this service")
      end

      return kong.response.error(401)
    end

    local in_group = groups.group_in_groups(config.groups, authenticated_groups)
    to_be_blocked = get_to_be_blocked(config, authenticated_groups, in_group)

  else
    local credential = kong.client.get_credential()
    local authenticated_groups
    if not credential then
      
      authenticated_groups = groups.get_authenticated_groups()
    end

    if authenticated_groups then
      consumer_id = nil

      local in_group = groups.group_in_groups(config.groups, authenticated_groups)
      to_be_blocked = get_to_be_blocked(config, authenticated_groups, in_group)

    else
      
      
      local consumer_groups, err = groups.get_consumer_groups(consumer_id)
       if err then
        return error(err)
      end

      if not consumer_groups then
        if config.type == DENY then
          consumer_groups = EMPTY

        else
          if credential then
            return kong.response.error(403, "You cannot consume this service")
          end

          return kong.response.error(401)
        end
      end

      
      
      to_be_blocked = config.cache[consumer_groups]
      if to_be_blocked == nil then
        local in_group = groups.consumer_in_groups(config.groups, consumer_groups)
        to_be_blocked = get_to_be_blocked(config, consumer_groups, in_group)

        
        config.cache[consumer_groups] = to_be_blocked
      end
    end
  end

  if to_be_blocked == true then 
    return kong.response.error(403, "You cannot consume this service")
  end

  if not conf.hide_groups_header and to_be_blocked then
    kong.service.request.set_header(consumer_id and
                                    constants.HEADERS.CONSUMER_GROUPS or
                                    constants.HEADERS.AUTHENTICATED_GROUPS,
                                    to_be_blocked)
  end
end