public void TestModifyPolicyAPI() { Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv"); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"))); e.RemovePolicy("alice", "data1", "read"); e.RemovePolicy("bob", "data2", "write"); e.RemovePolicy("alice", "data1", "read"); e.AddPolicy("eve", "data3", "read"); e.AddPolicy("eve", "data3", "read"); List <String> namedPolicy = AsList("eve", "data3", "read"); e.RemoveNamedPolicy("p", namedPolicy); e.AddNamedPolicy("p", namedPolicy); TestGetPolicy(e, AsList( AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1, "data2"); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); }
public void TestMultipleGroupTypeModelInMemory() { var m = Model.Model.CreateDefault(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("g", "g", "_, _"); m.AddDef("g", "g2", "_, _"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act"); var e = new Enforcer(m); e.AddPolicy("alice", "data1", "read"); e.AddPolicy("bob", "data2", "write"); e.AddPolicy("data_group_admin", "data_group", "write"); e.AddNamedGroupingPolicy("g", "alice", "data_group_admin"); e.AddNamedGroupingPolicy("g2", "data1", "data_group"); e.AddNamedGroupingPolicy("g2", "data2", "data_group"); Assert.True(e.Enforce("alice", "data1", "read")); Assert.True(e.Enforce("alice", "data1", "write")); Assert.False(e.Enforce("alice", "data2", "read")); Assert.True(e.Enforce("alice", "data2", "write")); }
public void GlobalSetup() { for (int i = 0; i < NowPolicyCount; i++) { _enforcer.AddPolicy($"group{i}", $"obj{i / 10}", "read"); } Console.WriteLine($"// Already set {NowPolicyCount} policies."); NowTestUserName = $"name{NowPolicyCount / 2 + 1}"; NowTestDataName = $"data{NowPolicyCount / 2 + 1}"; Console.WriteLine($"// Already set user name to {NowTestUserName}."); Console.WriteLine($"// Already set data name to {NowTestDataName}."); }
public void Test_Adapter_AutoSave() { var efAdapter = new CasbinDbAdapter(_context); Enforcer e = new Enforcer("examples/rbac_model.conf", efAdapter); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write") )); e.AddPolicy("alice", "data1", "write"); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("alice", "data1", "write") )); e.RemovePolicy("alice", "data1", "write"); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write") )); e.RemoveFilteredPolicy(0, "data2_admin"); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write") )); }
public void TestPriorityExplicitModel() { var e = new Enforcer(_testModelFixture.GetNewPriorityExplicitTestModel()); e.BuildRoleLinks(); TestEnforce(e, "alice", "data1", "write", true); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); TestEnforce(e, "data1_deny_group", "data1", "read", false); TestEnforce(e, "data1_deny_group", "data1", "write", false); TestEnforce(e, "data2_allow_group", "data2", "read", true); TestEnforce(e, "data2_allow_group", "data2", "write", true); // add a higher priority policy e.AddPolicy("1", "bob", "data2", "write", "deny"); TestEnforce(e, "alice", "data1", "write", true); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", false); TestEnforce(e, "data1_deny_group", "data1", "read", false); TestEnforce(e, "data1_deny_group", "data1", "write", false); TestEnforce(e, "data2_allow_group", "data2", "read", true); TestEnforce(e, "data2_allow_group", "data2", "write", true); }
public void TestRbacModelWithDomainsAtRuntime() { var e = new Enforcer(TestModelFixture.GetNewTestModel(_testModelFixture._rbacWithDomainsModelText)); e.BuildRoleLinks(); e.AddPolicy("admin", "domain1", "data1", "read"); e.AddPolicy("admin", "domain1", "data1", "write"); e.AddPolicy("admin", "domain2", "data2", "read"); e.AddPolicy("admin", "domain2", "data2", "write"); e.AddGroupingPolicy("alice", "admin", "domain1"); e.AddGroupingPolicy("bob", "admin", "domain2"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", true); TestDomainEnforce(e, "alice", "domain1", "data1", "write", true); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); // Remove all policy rules related to domain1 and data1. e.RemoveFilteredPolicy(1, "domain1", "data1"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", false); TestDomainEnforce(e, "alice", "domain1", "data1", "write", false); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); // Remove the specified policy rule. e.RemovePolicy("admin", "domain2", "data2", "read"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", false); TestDomainEnforce(e, "alice", "domain1", "data1", "write", false); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", false); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); }
public void Test_RBACModelWithDomainsAtRuntime() { Enforcer e = new Enforcer("examples/rbac_with_domains_model.conf"); e.AddPolicy("admin", "domain1", "data1", "read"); e.AddPolicy("admin", "domain1", "data1", "write"); e.AddPolicy("admin", "domain2", "data2", "read"); e.AddPolicy("admin", "domain2", "data2", "write"); e.AddGroupingPolicy("alice", "admin", "domain1"); e.AddGroupingPolicy("bob", "admin", "domain2"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", true); TestDomainEnforce(e, "alice", "domain1", "data1", "write", true); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); // Remove all policy rules related to domain1 and data1. e.RemoveFilteredPolicy(1, "domain1", "data1"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", false); TestDomainEnforce(e, "alice", "domain1", "data1", "write", false); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); // Remove the specified policy rule. e.RemovePolicy("admin", "domain2", "data2", "read"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", false); TestDomainEnforce(e, "alice", "domain1", "data1", "write", false); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", false); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); }
public void TestGetImplicitUsersForPermission() { // Arrange var e = new Enforcer(TestModelFixture.GetNewTestModel( _testModelFixture._rbacModelText, _testModelFixture._rbacWithHierarchyPolicyText)); e.BuildRoleLinks(); Assert.Equal(new[] { "alice" }, e.GetImplicitUsersForPermission("data1", "read")); Assert.Equal(new[] { "alice" }, e.GetImplicitUsersForPermission("data1", "write")); Assert.Equal(new[] { "alice" }, e.GetImplicitUsersForPermission("data2", "read")); Assert.Equal(new[] { "alice", "bob" }, e.GetImplicitUsersForPermission("data2", "write")); // Act e.GetModel().ClearPolicy(); _ = e.AddPolicy("admin", "data1", "read"); _ = e.AddPolicy("bob", "data1", "read"); _ = e.AddGroupingPolicy("alice", "admin"); // Assert Assert.Equal(new[] { "bob", "alice" }, e.GetImplicitUsersForPermission("data1", "read")); }
public void TestModifyPolicy() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"))); e.RemovePolicy("alice", "data1", "read"); e.RemovePolicy("bob", "data2", "write"); e.RemovePolicy("alice", "data1", "read"); e.AddPolicy("eve", "data3", "read"); e.AddPolicy("eve", "data3", "read"); var namedPolicy = AsList("eve", "data3", "read"); e.RemoveNamedPolicy("p", namedPolicy); e.AddNamedPolicy("p", namedPolicy); TestGetPolicy(e, AsList( AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1, "data2"); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1, Array.Empty <string>()); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1, ""); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); }
public void Test_Adapter_AutoSave() { var efAdapter = new CasbinDbAdapter(_contextMock.Object); Enforcer e = new Enforcer("examples/rbac_model.conf", efAdapter); var _context = _contextMock.Object; TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write") )); Assert.True(_context.CasbinRule.Count() == 5); e.AddPolicy("alice", "data1", "write"); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("alice", "data1", "write") )); Assert.True(_context.CasbinRule.Count() == 6); e.RemovePolicy("alice", "data1", "write"); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write") )); Assert.True(_context.CasbinRule.Count() == 5); e.RemoveFilteredPolicy(0, "data2_admin"); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write") )); Assert.True(_context.CasbinRule.Count() == 3); }
public void TestAdapterAutoSave() { var adapter = new CasbinDbAdapter <int>(_context); var enforcer = new Enforcer(_modelProvideFixture.GetNewRbacModel(), adapter); TestGetPolicy(enforcer, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() == 5); enforcer.AddPolicy("alice", "data1", "write"); TestGetPolicy(enforcer, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("alice", "data1", "write") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() == 6); enforcer.RemovePolicy("alice", "data1", "write"); TestGetPolicy(enforcer, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() == 5); enforcer.RemoveFilteredPolicy(0, "data2_admin"); TestGetPolicy(enforcer, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() == 3); }
public void TestPriorityExplicitDenyOverrideModel() { var e = new Enforcer(_testModelFixture.GetNewPriorityExplicitDenyOverrideModel()); e.BuildRoleLinks(); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data2", "read", true); // adding a new group, simulating behaviour when two different groups are added to the same person. e.AddPolicy("10", "data2_deny_group_new", "data2", "write", "deny"); e.AddGroupingPolicy("alice", "data2_deny_group_new"); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data2", "read", true); // expected enforcement result should be true, // as there is a policy with a lower rank 10, that produces allow result. e.AddPolicy("5", "alice", "data2", "write", "allow"); TestEnforce(e, "alice", "data2", "write", true); // adding deny policy for alice for the same obj, // to ensure that if there is at least one deny, final result will be deny. e.AddPolicy("5", "alice", "data2", "write", "deny"); TestEnforce(e, "alice", "data2", "write", false); // adding higher fake higher priority policy for alice, // expected enforcement result should be true (ignore this policy). e.AddPolicy("2", "alice", "data2", "write", "allow"); TestEnforce(e, "alice", "data2", "write", true); e.AddPolicy("1", "fake-subject", "fake-object", "very-fake-action", "allow"); TestEnforce(e, "alice", "data2", "write", true); // adding higher (less of 0) priority policy for alice, // to override group policies again. e.AddPolicy("-1", "alice", "data2", "write", "deny"); TestEnforce(e, "alice", "data2", "write", false); }
public IActionResult addPermissionWithoutDomain(string userName, string domain, string permissionName) { bool response = _enforcer.AddPolicy(userName, domain, permissionName); return(Ok(response)); }
public void TestModifyPolicy() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"))); e.RemovePolicy("alice", "data1", "read"); e.RemovePolicy("bob", "data2", "write"); e.RemovePolicy("alice", "data1", "read"); e.AddPolicy("eve", "data3", "read"); e.AddPolicy("eve", "data3", "read"); var rules = AsList( AsList("jack", "data4", "read"), AsList("jack", "data4", "read"), AsList("jack", "data4", "read"), AsList("katy", "data4", "write"), AsList("leyo", "data4", "read"), AsList("katy", "data4", "write"), AsList("katy", "data4", "write"), AsList("ham", "data4", "write") ); _ = e.AddPolicies(rules); _ = e.AddPolicies(rules); TestGetPolicy(e, AsList( AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("eve", "data3", "read"), AsList("jack", "data4", "read"), AsList("katy", "data4", "write"), AsList("leyo", "data4", "read"), AsList("ham", "data4", "write") ) ); _ = e.RemovePolicies(rules); _ = e.RemovePolicies(rules); var namedPolicy = AsList("eve", "data3", "read"); e.RemoveNamedPolicy("p", namedPolicy); e.AddNamedPolicy("p", namedPolicy); TestGetPolicy(e, AsList( AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1, "data2"); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1, ""); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); }
public void TestAdapterAutoSave() { var adapter = new EFCoreAdapter <int>(_context); var enforcer = new Enforcer(_modelProvideFixture.GetNewRbacModel(), adapter); #region Load policy test TestGetPolicy(enforcer, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() is 5); #endregion #region Add policy test enforcer.AddPolicy("alice", "data1", "write"); TestGetPolicy(enforcer, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("alice", "data1", "write") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() is 6); #endregion #region Remove poliy test enforcer.RemovePolicy("alice", "data1", "write"); TestGetPolicy(enforcer, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() is 5); enforcer.RemoveFilteredPolicy(0, "data2_admin"); TestGetPolicy(enforcer, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() is 3); #endregion #region Batch APIs test enforcer.AddPolicies(new [] { new List <string> { "alice", "data2", "write" }, new List <string> { "bob", "data1", "read" } }); TestGetPolicy(enforcer, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("alice", "data2", "write"), AsList("bob", "data1", "read") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() is 5); enforcer.RemovePolicies(new [] { new List <string> { "alice", "data1", "read" }, new List <string> { "bob", "data2", "write" } }); TestGetPolicy(enforcer, AsList( AsList("alice", "data2", "write"), AsList("bob", "data1", "read") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() is 3); #endregion #region IFilteredAdapter test enforcer.LoadFilteredPolicy(new Filter { P = new List <string> { "bob", "data1", "read" }, }); TestGetPolicy(enforcer, AsList( AsList("bob", "data1", "read") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() is 3); enforcer.LoadFilteredPolicy(new Filter { P = new List <string> { "", "", "write" }, }); TestGetPolicy(enforcer, AsList( AsList("alice", "data2", "write") )); Assert.True(_context.CasbinRule.AsNoTracking().Count() is 3); #endregion }