Example #1
0
        public void TestEnforceExApi()
        {
            var e = new Enforcer(_testModelFixture.GetBasicTestModel());

            TestEnforceEx(e, "alice", "data1", "read", new List <string> {
                "alice", "data1", "read"
            });
            TestEnforceEx(e, "alice", "data1", "write", new List <string>());
            TestEnforceEx(e, "alice", "data2", "read", new List <string>());
            TestEnforceEx(e, "alice", "data2", "write", new List <string>());
            TestEnforceEx(e, "bob", "data1", "read", new List <string>());
            TestEnforceEx(e, "bob", "data1", "write", new List <string>());
            TestEnforceEx(e, "bob", "data2", "read", new List <string>());
            TestEnforceEx(e, "bob", "data2", "write", new List <string> {
                "bob", "data2", "write"
            });

            e = new Enforcer(_testModelFixture.GetNewRbacTestModel());

            TestEnforceEx(e, "alice", "data1", "read", new List <string> {
                "alice", "data1", "read"
            });
            TestEnforceEx(e, "alice", "data1", "write", new List <string>());
            TestEnforceEx(e, "alice", "data2", "read", new List <string> {
                "data2_admin", "data2", "read"
            });
            TestEnforceEx(e, "alice", "data2", "write", new List <string> {
                "data2_admin", "data2", "write"
            });
            TestEnforceEx(e, "bob", "data1", "read", new List <string>());
            TestEnforceEx(e, "bob", "data1", "write", new List <string>());
            TestEnforceEx(e, "bob", "data2", "read", new List <string>());
            TestEnforceEx(e, "bob", "data2", "write", new List <string> {
                "bob", "data2", "write"
            });

            e = new Enforcer(_testModelFixture.GetNewPriorityTestModel());
            e.BuildRoleLinks();

            TestEnforceEx(e, "alice", "data1", "read", new List <string> {
                "alice", "data1", "read", "allow"
            });
            TestEnforceEx(e, "alice", "data1", "write",
                          new List <string> {
                "data1_deny_group", "data1", "write", "deny"
            });
            TestEnforceEx(e, "alice", "data2", "read", new List <string>());
            TestEnforceEx(e, "alice", "data2", "write", new List <string>());
            TestEnforceEx(e, "bob", "data1", "write", new List <string>());
            TestEnforceEx(e, "bob", "data2", "read",
                          new List <string> {
                "data2_allow_group", "data2", "read", "allow"
            });
            TestEnforceEx(e, "bob", "data2", "write", new List <string> {
                "bob", "data2", "write", "deny"
            });
        }
Example #2
0
        public void TestRbacModel()
        {
            var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());

            e.BuildRoleLinks();

            TestEnforce(e, "alice", "data1", "read", true);
            TestEnforce(e, "alice", "data1", "write", false);
            TestEnforce(e, "alice", "data2", "read", true);
            TestEnforce(e, "alice", "data2", "write", true);
            TestEnforce(e, "bob", "data1", "read", false);
            TestEnforce(e, "bob", "data1", "write", false);
            TestEnforce(e, "bob", "data2", "read", false);
            TestEnforce(e, "bob", "data2", "write", true);
        }
        public void TestGetPolicyApi()
        {
            var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());

            e.BuildRoleLinks();

            TestGetPolicy(e, AsList(
                              AsList("alice", "data1", "read"),
                              AsList("bob", "data2", "write"),
                              AsList("data2_admin", "data2", "read"),
                              AsList("data2_admin", "data2", "write")));

            TestGetFilteredPolicy(e, 0, AsList(AsList("alice", "data1", "read")), "alice");
            TestGetFilteredPolicy(e, 0, AsList(AsList("bob", "data2", "write")), "bob");
            TestGetFilteredPolicy(e, 0, AsList(AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write")), "data2_admin");
            TestGetFilteredPolicy(e, 1, AsList(AsList("alice", "data1", "read")), "data1");
            TestGetFilteredPolicy(e, 1, AsList(AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write")), "data2");
            TestGetFilteredPolicy(e, 2, AsList(AsList("alice", "data1", "read"), AsList("data2_admin", "data2", "read")), "read");
            TestGetFilteredPolicy(e, 2, AsList(AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "write")), "write");

            TestGetFilteredPolicy(e, 0, AsList(AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write")), "data2_admin", "data2");
            // Note: "" (empty string) in fieldValues means matching all values.
            TestGetFilteredPolicy(e, 0, AsList(AsList("data2_admin", "data2", "read")), "data2_admin", "", "read");
            TestGetFilteredPolicy(e, 1, AsList(AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "write")), "data2", "write");

            TestHasPolicy(e, AsList("alice", "data1", "read"), true);
            TestHasPolicy(e, AsList("bob", "data2", "write"), true);
            TestHasPolicy(e, AsList("alice", "data2", "read"), false);
            TestHasPolicy(e, AsList("bob", "data3", "write"), false);

            TestGetGroupingPolicy(e, AsList(AsList("alice", "data2_admin")));

            TestGetFilteredGroupingPolicy(e, 0, AsList(AsList("alice", "data2_admin")), "alice");
            TestGetFilteredGroupingPolicy(e, 0, new List <List <string> >(), "bob");
            TestGetFilteredGroupingPolicy(e, 1, new List <List <string> >(), "data1_admin");
            TestGetFilteredGroupingPolicy(e, 1, AsList(AsList("alice", "data2_admin")), "data2_admin");
            // Note: "" (empty string) in fieldValues means matching all values.
            TestGetFilteredGroupingPolicy(e, 0, AsList(AsList("alice", "data2_admin")), "", "data2_admin");

            TestHasGroupingPolicy(e, AsList("alice", "data2_admin"), true);
            TestHasGroupingPolicy(e, AsList("bob", "data2_admin"), false);
        }
Example #4
0
        public void ShouldUpdate()
        {
            var sampleWatcher = new SampleWatcher();

            Assert.False(sampleWatcher.Called);

            var enforcer = new Enforcer(_testModelFixture.GetNewRbacTestModel(),
                                        new DefaultFileAdapter(TestModelFixture.GetTestFile("rbac_policy_for_watcher_test.csv")));

            enforcer.SetWatcher(sampleWatcher, false);
            enforcer.SavePolicy();
            Assert.True(sampleWatcher.Called);
        }
Example #5
0
        public void TestRoleApi()
        {
            var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());

            e.BuildRoleLinks();

            TestGetRoles(e, "alice", AsList("data2_admin"));
            TestGetRoles(e, "bob", AsList());
            TestGetRoles(e, "data2_admin", AsList());
            TestGetRoles(e, "non_exist", AsList());

            TestHasRole(e, "alice", "data1_admin", false);
            TestHasRole(e, "alice", "data2_admin", true);

            e.AddRoleForUser("alice", "data1_admin");

            TestGetRoles(e, "alice", AsList("data1_admin", "data2_admin"));
            TestGetRoles(e, "bob", AsList());
            TestGetRoles(e, "data2_admin", AsList());

            e.DeleteRoleForUser("alice", "data1_admin");

            TestGetRoles(e, "alice", AsList("data2_admin"));
            TestGetRoles(e, "bob", AsList());
            TestGetRoles(e, "data2_admin", AsList());

            e.DeleteRolesForUser("alice");

            TestGetRoles(e, "alice", AsList());
            TestGetRoles(e, "bob", AsList());
            TestGetRoles(e, "data2_admin", AsList());

            e.AddRoleForUser("alice", "data1_admin");
            e.DeleteUser("alice");

            TestGetRoles(e, "alice", AsList());
            TestGetRoles(e, "bob", AsList());
            TestGetRoles(e, "data2_admin", AsList());

            e.AddRoleForUser("alice", "data2_admin");

            TestEnforce(e, "alice", "data1", "read", false);
            TestEnforce(e, "alice", "data1", "write", false);

            TestEnforce(e, "alice", "data2", "read", true);
            TestEnforce(e, "alice", "data2", "write", true);

            TestEnforce(e, "bob", "data1", "read", false);
            TestEnforce(e, "bob", "data1", "write", false);
            TestEnforce(e, "bob", "data2", "read", false);
            TestEnforce(e, "bob", "data2", "write", true);

            e.DeleteRole("data2_admin");

            TestEnforce(e, "alice", "data1", "read", false);
            TestEnforce(e, "alice", "data1", "write", false);
            TestEnforce(e, "alice", "data2", "read", false);
            TestEnforce(e, "alice", "data2", "write", false);
            TestEnforce(e, "bob", "data1", "read", false);
            TestEnforce(e, "bob", "data1", "write", false);
            TestEnforce(e, "bob", "data2", "read", false);
            TestEnforce(e, "bob", "data2", "write", true);
        }