public async Task TestModifyGroupingPolicyAsync()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList());
TestGetRoles(e, "non_exist", AsList());
await e.RemoveGroupingPolicyAsync("alice", "data2_admin");
await e.AddGroupingPolicyAsync("bob", "data1_admin");
await e.AddGroupingPolicyAsync("eve", "data3_admin");
var groupingRules = AsList(
AsList("ham", "data4_admin"),
AsList("jack", "data5_admin")
);
_ = await e.AddGroupingPoliciesAsync(groupingRules);
TestGetRoles(e, "ham", AsList("data4_admin"));
TestGetRoles(e, "jack", AsList("data5_admin"));
_ = await e.RemoveGroupingPoliciesAsync(groupingRules);
TestGetRoles(e, "alice", AsList());
var namedGroupingPolicy = AsList("alice", "data2_admin");
TestGetRoles(e, "alice", AsList());
await e.AddNamedGroupingPolicyAsync("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList("data2_admin"));
await e.RemoveNamedGroupingPolicyAsync("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList("data1_admin"));
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList("bob"));
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
await e.RemoveFilteredGroupingPolicyAsync(0, "bob");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList());
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
}
public async Task TestRbacModelWithDomainsAtRuntimeAsync()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(_testModelFixture._rbacWithDomainsModelText));
e.BuildRoleLinks();
await e.AddPolicyAsync("admin", "domain1", "data1", "read");
await e.AddPolicyAsync("admin", "domain1", "data1", "write");
await e.AddPolicyAsync("admin", "domain2", "data2", "read");
await e.AddPolicyAsync("admin", "domain2", "data2", "write");
await e.AddGroupingPolicyAsync("alice", "admin", "domain1");
await e.AddGroupingPolicyAsync("bob", "admin", "domain2");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", true);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", true);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", true);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
// Remove all policy rules related to domain1 and data1.
await e.RemoveFilteredPolicyAsync(1, "domain1", "data1");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", true);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
// Remove the specified policy rule.
await e.RemovePolicyAsync("admin", "domain2", "data2", "read");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
}
public async Task TestRbacModelWithCustomDataAsync()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
// You can add custom data to a grouping policy, Casbin will ignore it. It is only meaningful to the caller.
// This feature can be used to store information like whether "bob" is an end user (so no subject will inherit "bob")
// For Casbin, it is equivalent to: e.addGroupingPolicy("bob", "data2_admin")
await e.AddGroupingPolicyAsync("bob", "data2_admin", "custom_data");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", true);
TestEnforce(e, "alice", "data2", "write", true);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", true);
TestEnforce(e, "bob", "data2", "write", true);
// You should also take the custom data as a parameter when deleting a grouping policy.
// e.removeGroupingPolicy("bob", "data2_admin") won't work.
// Or you can remove it by using removeFilteredGroupingPolicy().
await e.RemoveGroupingPolicyAsync("bob", "data2_admin", "custom_data");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", true);
TestEnforce(e, "alice", "data2", "write", true);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
