public void TestEnforceExApi()
{
var e = new Enforcer(_testModelFixture.GetBasicTestModel());
TestEnforceEx(e, "alice", "data1", "read", new List <string> {
"alice", "data1", "read"
});
TestEnforceEx(e, "alice", "data1", "write", new List <string>());
TestEnforceEx(e, "alice", "data2", "read", new List <string>());
TestEnforceEx(e, "alice", "data2", "write", new List <string>());
TestEnforceEx(e, "bob", "data1", "read", new List <string>());
TestEnforceEx(e, "bob", "data1", "write", new List <string>());
TestEnforceEx(e, "bob", "data2", "read", new List <string>());
TestEnforceEx(e, "bob", "data2", "write", new List <string> {
"bob", "data2", "write"
});
e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
TestEnforceEx(e, "alice", "data1", "read", new List <string> {
"alice", "data1", "read"
});
TestEnforceEx(e, "alice", "data1", "write", new List <string>());
TestEnforceEx(e, "alice", "data2", "read", new List <string> {
"data2_admin", "data2", "read"
});
TestEnforceEx(e, "alice", "data2", "write", new List <string> {
"data2_admin", "data2", "write"
});
TestEnforceEx(e, "bob", "data1", "read", new List <string>());
TestEnforceEx(e, "bob", "data1", "write", new List <string>());
TestEnforceEx(e, "bob", "data2", "read", new List <string>());
TestEnforceEx(e, "bob", "data2", "write", new List <string> {
"bob", "data2", "write"
});
e = new Enforcer(_testModelFixture.GetNewPriorityTestModel());
e.BuildRoleLinks();
TestEnforceEx(e, "alice", "data1", "read", new List <string> {
"alice", "data1", "read", "allow"
});
TestEnforceEx(e, "alice", "data1", "write",
new List <string> {
"data1_deny_group", "data1", "write", "deny"
});
TestEnforceEx(e, "alice", "data2", "read", new List <string>());
TestEnforceEx(e, "alice", "data2", "write", new List <string>());
TestEnforceEx(e, "bob", "data1", "write", new List <string>());
TestEnforceEx(e, "bob", "data2", "read",
new List <string> {
"data2_allow_group", "data2", "read", "allow"
});
TestEnforceEx(e, "bob", "data2", "write", new List <string> {
"bob", "data2", "write", "deny"
});
}
public void TestBasicModel()
{
var e = new Enforcer(_testModelFixture.GetBasicTestModel());
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
public async Task ShouldUpdateAsync()
{
var sampleWatcher = new SampleWatcher();
Assert.False(sampleWatcher.AsyncCalled);
var enforcer = new Enforcer(_testModelFixture.GetBasicTestModel(),
new DefaultFileAdapter(TestModelFixture.GetTestFile("rbac_policy_for_async_watcher_test.csv")));
enforcer.SetWatcher(sampleWatcher);
await enforcer.SavePolicyAsync();
Assert.True(sampleWatcher.AsyncCalled);
}
public void TestEnforceWithCache()
{
#if !NET452
var e = new Enforcer(_testModelFixture.GetBasicTestModel())
{
Logger = new MockLogger <Enforcer>(_testOutputHelper)
};
#else
var e = new Enforcer(_testModelFixture.GetBasicTestModel());
#endif
e.EnableCache(true);
e.EnableAutoCleanEnforceCache(false);
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
// The cache is enabled, so even if we remove a policy rule, the decision
// for ("alice", "data1", "read") will still be true, as it uses the cached result.
_ = e.RemovePolicy("alice", "data1", "read");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
// Now we invalidate the cache, then all first-coming Enforce() has to be evaluated in real-time.
// The decision for ("alice", "data1", "read") will be false now.
e.EnforceCache.Clear();
TestEnforce(e, "alice", "data1", "read", false);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
}