[Feature Request] Network based authorization

[electrofloat]

1. I'd like to have an option to define the allow/deny rules with not just subjects (user/group), but with networks too, like what Authelia does: https://www.authelia.com/configuration/security/access-control/#networks
   With this I could show different dashboards to the same user depending on where they are coming from (for example internal/external networks).
   (this could work the same way as with the user/group now, since the reverse proxy can set the "X-Forwarded-For" header to check the ip).

2. Also.. while I'm at it, a suggestion. If you'd like to add a bit stronger Authelia integration you could check their api whether a user has access to a specific app (domain), so the permission could be set automatically.

3. Question: Do the format of the current allow/deny rules follow Authelia's subject rules? (Meaning in Authelia they can use the OR/AND logic being list of lists. https://www.authelia.com/configuration/security/access-control/#subject)

[knrdl]

Thank you for your interest in this little project. You are requesting a fairly advanced config feature which would take quite a bit of effort to implement. Here's some context for each point:

→ 2. I conceptualized the software to be agnostic of any auth provider, so tighter integration with Authelia isn’t currently planned. That said, I agree that such integration would simplify hubleys config.

→ 3. No, lists of lists are not supported. It's always OR, except in the case of tiles with submenus, where both parent AND child permissions must be satisfied.

→ 1. This would shift from an RBAC model to more of an ABAC one. To implement this [3.] needs to be realized first. Then there could be network:192.168.123.0/24 alongside the existing user:user1 and group:group1.

At this time, I don’t have the capacity or intention to work on this myself. However, I’d be happy to review a PR if you’re interested in contributing!