public async Task TestNotUsedRbacModelInMemoryAsync()
{
var m = Model.Model.Create();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("g", "g", "_, _");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act");
var e = new Enforcer(m);
await e.AddPermissionForUserAsync("alice", "data1", "read");
await e.AddPermissionForUserAsync("bob", "data2", "write");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
public async Task TestRbacModelInMemory2Async()
{
string text =
"[request_definition]\n"
+ "r = sub, obj, act\n"
+ "\n"
+ "[policy_definition]\n"
+ "p = sub, obj, act\n"
+ "\n"
+ "[role_definition]\n"
+ "g = _, _\n"
+ "\n"
+ "[policy_effect]\n"
+ "e = some(where (p.eft == allow))\n"
+ "\n"
+ "[matchers]\n"
+ "m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act\n";
var m = Model.Model.CreateFromText(text);
var e = new Enforcer(m);
await e.AddPermissionForUserAsync("alice", "data1", "read");
await e.AddPermissionForUserAsync("bob", "data2", "write");
await e.AddPermissionForUserAsync("data2_admin", "data2", "read");
await e.AddPermissionForUserAsync("data2_admin", "data2", "write");
await e.AddRoleForUserAsync("alice", "data2_admin");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", true);
TestEnforce(e, "alice", "data2", "write", true);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
public async Task TestRbacModelInMemoryIndeterminateAsync()
{
var m = Model.Model.CreateDefault();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("g", "g", "_, _");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act");
var e = new Enforcer(m);
await e.AddPermissionForUserAsync("alice", "data1", "invalid");
await TestEnforceAsync(e, "alice", "data1", "read", false);
}
public async Task TestPermissionApiAsync()
{
var e = new Enforcer(_testModelFixture.GetBasicWithoutResourceTestModel());
e.BuildRoleLinks();
await TestEnforceWithoutUsersAsync(e, "alice", "read", true);
await TestEnforceWithoutUsersAsync(e, "alice", "write", false);
await TestEnforceWithoutUsersAsync(e, "bob", "read", false);
await TestEnforceWithoutUsersAsync(e, "bob", "write", true);
TestGetPermissions(e, "alice", AsList(AsList("alice", "read")));
TestGetPermissions(e, "bob", AsList(AsList("bob", "write")));
TestHasPermission(e, "alice", AsList("read"), true);
TestHasPermission(e, "alice", AsList("write"), false);
TestHasPermission(e, "bob", AsList("read"), false);
TestHasPermission(e, "bob", AsList("write"), true);
_ = await e.DeletePermissionAsync("read");
await TestEnforceWithoutUsersAsync(e, "alice", "read", false);
await TestEnforceWithoutUsersAsync(e, "alice", "write", false);
await TestEnforceWithoutUsersAsync(e, "bob", "read", false);
await TestEnforceWithoutUsersAsync(e, "bob", "write", true);
_ = await e.AddPermissionForUserAsync("bob", "read");
await TestEnforceWithoutUsersAsync(e, "alice", "read", false);
await TestEnforceWithoutUsersAsync(e, "alice", "write", false);
await TestEnforceWithoutUsersAsync(e, "bob", "read", true);
await TestEnforceWithoutUsersAsync(e, "bob", "write", true);
_ = await e.DeletePermissionForUserAsync("bob", "read");
await TestEnforceWithoutUsersAsync(e, "alice", "read", false);
await TestEnforceWithoutUsersAsync(e, "alice", "write", false);
await TestEnforceWithoutUsersAsync(e, "bob", "read", false);
await TestEnforceWithoutUsersAsync(e, "bob", "write", true);
_ = await e.DeletePermissionsForUserAsync("bob");
await TestEnforceWithoutUsersAsync(e, "alice", "read", false);
await TestEnforceWithoutUsersAsync(e, "alice", "write", false);
await TestEnforceWithoutUsersAsync(e, "bob", "read", false);
await TestEnforceWithoutUsersAsync(e, "bob", "write", false);
}
