public void TestRoleApiWithDomains()
{
var e = new Enforcer(_testModelFixture.GetNewRbacWithDomainsTestModel());
e.BuildRoleLinks();
TestHasRole(e, "alice", "admin", true, "domain1");
TestHasRole(e, "alice", "admin", false, "domain2");
TestGetRoles(e, "alice", AsList("admin"), "domain1");
TestGetRoles(e, "bob", AsList(), "domain1");
TestGetRoles(e, "admin", AsList(), "domain1");
TestGetRoles(e, "non_exist", AsList(), "domain1");
TestGetRoles(e, "alice", AsList(), "domain2");
TestGetRoles(e, "bob", AsList("admin"), "domain2");
TestGetRoles(e, "admin", AsList(), "domain2");
TestGetRoles(e, "non_exist", AsList(), "domain2");
_ = e.DeleteRoleForUser("alice", "admin", "domain1");
_ = e.AddRoleForUser("bob", "admin", "domain1");
TestGetRoles(e, "alice", AsList(), "domain1");
TestGetRoles(e, "bob", AsList("admin"), "domain1");
TestGetRoles(e, "admin", AsList(), "domain1");
TestGetRoles(e, "non_exist", AsList(), "domain1");
TestGetRoles(e, "alice", AsList(), "domain2");
TestGetRoles(e, "bob", AsList("admin"), "domain2");
TestGetRoles(e, "admin", AsList(), "domain2");
TestGetRoles(e, "non_exist", AsList(), "domain2");
_ = e.AddRoleForUser("alice", "admin", "domain1");
_ = e.DeleteRolesForUser("bob", "domain1");
TestGetRoles(e, "alice", AsList("admin"), "domain1");
TestGetRoles(e, "bob", AsList(), "domain1");
TestGetRoles(e, "admin", AsList(), "domain1");
TestGetRoles(e, "non_exist", AsList(), "domain1");
TestGetRoles(e, "alice", AsList(), "domain2");
TestGetRoles(e, "bob", AsList("admin"), "domain2");
TestGetRoles(e, "admin", AsList(), "domain2");
TestGetRoles(e, "non_exist", AsList(), "domain2");
_ = e.AddRolesForUser("bob", AsList("admin", "admin1", "admin2"), "domain1");
TestGetRoles(e, "bob", AsList("admin", "admin1", "admin2"), "domain1");
TestGetPermissions(e, "admin", AsList(
AsList("admin", "domain1", "data1", "read"),
AsList("admin", "domain1", "data1", "write")),
"domain1");
TestGetPermissions(e, "admin", AsList(
AsList("admin", "domain2", "data2", "read"),
AsList("admin", "domain2", "data2", "write")),
"domain2");
}
public void testRBACModelInMemory()
{
Model m = CoreEnforcer.NewModel();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("g", "g", "_, _");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act");
Enforcer e = new Enforcer(m);
e.AddPermissionForUser("alice", "data1", "read");
e.AddPermissionForUser("bob", "data2", "write");
e.AddPermissionForUser("data2_admin", "data2", "read");
e.AddPermissionForUser("data2_admin", "data2", "write");
e.AddRoleForUser("alice", "data2_admin");
testEnforce(e, "alice", "data1", "read", true);
testEnforce(e, "alice", "data1", "write", false);
testEnforce(e, "alice", "data2", "read", true);
testEnforce(e, "alice", "data2", "write", true);
testEnforce(e, "bob", "data1", "read", false);
testEnforce(e, "bob", "data1", "write", false);
testEnforce(e, "bob", "data2", "read", false);
testEnforce(e, "bob", "data2", "write", true);
}
public void TestRbacModelInMemory()
{
var m = Model.Model.Create();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("g", "g", "_, _");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act");
var e = new Enforcer(m);
e.AddPermissionForUser("alice", "data1", "read");
e.AddPermissionForUser("bob", "data2", "write");
e.AddPermissionForUser("data2_admin", "data2", "read");
e.AddPermissionForUser("data2_admin", "data2", "write");
e.AddRoleForUser("alice", "data2_admin");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", true);
TestEnforce(e, "alice", "data2", "write", true);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
public void testRBACModelInMemory2()
{
String text =
"[request_definition]\n"
+ "r = sub, obj, act\n"
+ "\n"
+ "[policy_definition]\n"
+ "p = sub, obj, act\n"
+ "\n"
+ "[role_definition]\n"
+ "g = _, _\n"
+ "\n"
+ "[policy_effect]\n"
+ "e = some(where (p.eft == allow))\n"
+ "\n"
+ "[matchers]\n"
+ "m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act\n";
Model m = CoreEnforcer.NewModel(text);
Enforcer e = new Enforcer(m);
e.AddPermissionForUser("alice", "data1", "read");
e.AddPermissionForUser("bob", "data2", "write");
e.AddPermissionForUser("data2_admin", "data2", "read");
e.AddPermissionForUser("data2_admin", "data2", "write");
e.AddRoleForUser("alice", "data2_admin");
testEnforce(e, "alice", "data1", "read", true);
testEnforce(e, "alice", "data1", "write", false);
testEnforce(e, "alice", "data2", "read", true);
testEnforce(e, "alice", "data2", "write", true);
testEnforce(e, "bob", "data1", "read", false);
testEnforce(e, "bob", "data1", "write", false);
testEnforce(e, "bob", "data2", "read", false);
testEnforce(e, "bob", "data2", "write", true);
}
public void TestRbacModelInMemory2()
{
string text =
"[request_definition]\n"
+ "r = sub, obj, act\n"
+ "\n"
+ "[policy_definition]\n"
+ "p = sub, obj, act\n"
+ "\n"
+ "[role_definition]\n"
+ "g = _, _\n"
+ "\n"
+ "[policy_effect]\n"
+ "e = some(where (p.eft == allow))\n"
+ "\n"
+ "[matchers]\n"
+ "m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act\n";
var m = Model.Model.CreateDefaultFromText(text);
var e = new Enforcer(m);
e.AddPermissionForUser("alice", "data1", "read");
e.AddPermissionForUser("bob", "data2", "write");
e.AddPermissionForUser("data2_admin", "data2", "read");
e.AddPermissionForUser("data2_admin", "data2", "write");
e.AddRoleForUser("alice", "data2_admin");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", true);
TestEnforce(e, "alice", "data2", "write", true);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
public IActionResult addGeneralRoleWithoutModel(string userName, string roleName)
{
bool response = _enforcer.AddRoleForUser(userName, roleName);
return(Ok(response));
}
public void TestRoleApi()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
TestGetRoles(e, "non_exist", AsList());
TestHasRole(e, "alice", "data1_admin", false);
TestHasRole(e, "alice", "data2_admin", true);
e.AddRoleForUser("alice", "data1_admin");
TestGetRoles(e, "alice", AsList("data1_admin", "data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
e.DeleteRoleForUser("alice", "data1_admin");
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
e.DeleteRolesForUser("alice");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
e.AddRoleForUser("alice", "data1_admin");
e.DeleteUser("alice");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
e.AddRoleForUser("alice", "data2_admin");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", true);
TestEnforce(e, "alice", "data2", "write", true);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
e.DeleteRole("data2_admin");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
public void Test_RoleAPI()
{
Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv");
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
TestGetRoles(e, "non_exist", AsList());
TestHasRole(e, "alice", "data1_admin", false);
TestHasRole(e, "alice", "data2_admin", true);
e.AddRoleForUser("alice", "data1_admin");
TestGetRoles(e, "alice", AsList("data1_admin", "data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
e.DeleteRoleForUser("alice", "data1_admin");
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
e.DeleteRolesForUser("alice");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
e.AddRoleForUser("alice", "data1_admin");
e.DeleteUser("alice");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
e.AddRoleForUser("alice", "data2_admin");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", true);
TestEnforce(e, "alice", "data2", "write", true);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
e.DeleteRole("data2_admin");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
