The library is missing functionality for public-access i.e. the ability to add a tuple of the form user:* <relation> <object>. If the authorization model is designed to accept the wildcard, then a tuple with will allow access for all users and ensures any check of the form can user alice access resource foo will work without explicitly defining Alice's access.
I've added tests to confirm this works and also updated the regex expression to allow the wildcard character (I also cleaned up the regex where I think it should've been A-Za-z instead of A-za-z).
One important note is that with the current regex match, the string user:*abc#test matches everything up to the and the rest is discarded. Because the wildcard card should only ever be alone I tried to update the regex to enforce this and came up with the below which uses a negative lookahead match but unfortunately Go's stdlib regex parser doesn't support negative lookahead.
`([A-Za-z0-9][A-Za-z0-9-]):([A-Za-z0-9][A-Za-z0-9@.+-]|[](?![^#]))(#([A-Za-z0-9][A-Za-z0-9-]*))?`
Description
The library is missing functionality for public-access i.e. the ability to add a tuple of the form
user:* <relation> <object>
. If the authorization model is designed to accept the wildcard, then a tuple with will allow access for all users and ensures any check of the formcan user alice access resource foo
will work without explicitly defining Alice's access.I've added tests to confirm this works and also updated the regex expression to allow the wildcard character (I also cleaned up the regex where I think it should've been
A-Za-z
instead ofA-za-z
).One important note is that with the current regex match, the string
user:*abc#test
matches everything up to the and the rest is discarded. Because the wildcard card should only ever be alone I tried to update the regex to enforce this and came up with the below which uses a negative lookahead match but unfortunately Go's stdlib regex parser doesn't support negative lookahead. `([A-Za-z0-9][A-Za-z0-9-]):([A-Za-z0-9][A-Za-z0-9@.+-]|[](?![^#]))(#([A-Za-z0-9][A-Za-z0-9-]*))?`Engineering checklist
Check only items that apply
Merging instructions
The preferred way of merging: