public void TestMultipleGroupTypeModelInMemory()
{
var m = Model.Model.CreateDefault();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("g", "g", "_, _");
m.AddDef("g", "g2", "_, _");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act");
var e = new Enforcer(m);
e.AddPolicy("alice", "data1", "read");
e.AddPolicy("bob", "data2", "write");
e.AddPolicy("data_group_admin", "data_group", "write");
e.AddNamedGroupingPolicy("g", "alice", "data_group_admin");
e.AddNamedGroupingPolicy("g2", "data1", "data_group");
e.AddNamedGroupingPolicy("g2", "data2", "data_group");
Assert.True(e.Enforce("alice", "data1", "read"));
Assert.True(e.Enforce("alice", "data1", "write"));
Assert.False(e.Enforce("alice", "data2", "read"));
Assert.True(e.Enforce("alice", "data2", "write"));
}
public void TestModifyGroupingPolicy()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList());
TestGetRoles(e, "non_exist", AsList());
e.RemoveGroupingPolicy("alice", "data2_admin");
e.AddGroupingPolicy("bob", "data1_admin");
e.AddGroupingPolicy("eve", "data3_admin");
var groupingRules = AsList(
AsList("ham", "data4_admin"),
AsList("jack", "data5_admin")
);
_ = e.AddGroupingPolicies(groupingRules);
TestGetRoles(e, "ham", AsList("data4_admin"));
TestGetRoles(e, "jack", AsList("data5_admin"));
_ = e.RemoveGroupingPolicies(groupingRules);
TestGetRoles(e, "alice", AsList());
var namedGroupingPolicy = AsList("alice", "data2_admin");
TestGetRoles(e, "alice", AsList());
e.AddNamedGroupingPolicy("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList("data2_admin"));
e.RemoveNamedGroupingPolicy("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList("data1_admin"));
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList("bob"));
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
e.RemoveFilteredGroupingPolicy(0, "bob");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList());
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
}
public void TestModifyGroupingPolicyAPI()
{
Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv");
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList());
TestGetRoles(e, "non_exist", AsList());
e.RemoveGroupingPolicy("alice", "data2_admin");
e.AddGroupingPolicy("bob", "data1_admin");
e.AddGroupingPolicy("eve", "data3_admin");
List <String> namedGroupingPolicy = AsList("alice", "data2_admin");
TestGetRoles(e, "alice", AsList());
e.AddNamedGroupingPolicy("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList("data2_admin"));
e.RemoveNamedGroupingPolicy("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList("data1_admin"));
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList("bob"));
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
e.RemoveFilteredGroupingPolicy(0, "bob");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList());
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
}
