public void TestGetAndSetModel() { var e = new Enforcer("examples/basic_model.conf", "examples/basic_policy.csv"); var e2 = new Enforcer("examples/basic_with_root_model.conf", "examples/basic_policy.csv"); TestEnforce(e, "root", "data1", "read", false); e.SetModel(e2.GetModel()); TestEnforce(e, "root", "data1", "read", true); }
public void TestGetDomainsForUser() { var e = new Enforcer(TestModelFixture.GetNewTestModel( _testModelFixture._rbacWithDomainsModelText, _testModelFixture._rbacWithDomainsPolicy2Text)); e.BuildRoleLinks(); e.TestGetDomainsForUser("alice", new[] { "domain1", "domain2" }); e.TestGetDomainsForUser("bob", new[] { "domain2", "domain3" }); e.TestGetDomainsForUser("user", new[] { "domain3" }); }
private void GlobalSetupFromFile(string modelFileName, string policyFileName = null) { if (policyFileName is null) { NowEnforcer = new Enforcer(GetTestFilePath(modelFileName)); NowEnforcer.EnableCache(true); return; } NowEnforcer = new Enforcer(GetTestFilePath(modelFileName), GetTestFilePath(policyFileName)); NowEnforcer.EnableCache(true); }
private void Awake() { if (instance != null) { Destroy(this.gameObject); } else { instance = this; GameObject.DontDestroyOnLoad(this.gameObject); } }
public void Test_RBACModelWithDomains() { Enforcer e = new Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv"); testDomainEnforce(e, "alice", "domain1", "data1", "read", true); testDomainEnforce(e, "alice", "domain1", "data1", "write", true); testDomainEnforce(e, "alice", "domain1", "data2", "read", false); testDomainEnforce(e, "alice", "domain1", "data2", "write", false); testDomainEnforce(e, "bob", "domain2", "data1", "read", false); testDomainEnforce(e, "bob", "domain2", "data1", "write", false); testDomainEnforce(e, "bob", "domain2", "data2", "read", true); testDomainEnforce(e, "bob", "domain2", "data2", "write", true); }
public void Test_BasicModel() { Enforcer e = new Enforcer("examples/basic_model.conf", "examples/basic_policy.csv"); testEnforce(e, "alice", "data1", "read", true); testEnforce(e, "alice", "data1", "write", false); testEnforce(e, "alice", "data2", "read", false); testEnforce(e, "alice", "data2", "write", false); testEnforce(e, "bob", "data1", "read", false); testEnforce(e, "bob", "data1", "write", false); testEnforce(e, "bob", "data2", "read", false); testEnforce(e, "bob", "data2", "write", true); }
public async Task TestSetAdapterFromFileAsync() { var e = new Enforcer("examples/basic_model.conf"); TestEnforce(e, "alice", "data1", "read", false); IAdapter a = new DefaultFileAdapter("examples/basic_policy.csv"); e.SetAdapter(a); await e.LoadPolicyAsync(); TestEnforce(e, "alice", "data1", "read", true); }
public void Test_BasicModelNoPolicy() { Enforcer e = new Enforcer("examples/basic_model.conf"); TestEnforce(e, "alice", "data1", "read", false); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", false); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", false); }
public void TestBasicModelNoPolicy() { var e = new Enforcer(TestModelFixture.GetNewTestModel(_testModelFixture._basicModelText)); TestEnforce(e, "alice", "data1", "read", false); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", false); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", false); }
public void Test_RBACModelWithResourceRoles() { Enforcer e = new Enforcer("examples/rbac_with_resource_roles_model.conf", "examples/rbac_with_resource_roles_policy.csv"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", true); TestEnforce(e, "alice", "data2", "read", false); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }
public void Test_RBACModelWithDeny() { Enforcer e = new Enforcer("examples/rbac_with_deny_model.conf", "examples/rbac_with_deny_policy.csv"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }
public void ShouldUpdate() { var sampleWatcher = new SampleWatcher(); Assert.False(sampleWatcher.Called); var enforcer = new Enforcer(_testModelFixture.GetNewRbacTestModel(), new DefaultFileAdapter(TestModelFixture.GetTestFile("rbac_policy_for_watcher_test.csv"))); enforcer.SetWatcher(sampleWatcher, false); enforcer.SavePolicy(); Assert.True(sampleWatcher.Called); }
public void testSetAdapterFromFile() { Enforcer e = new Enforcer("examples/basic_model.conf"); testEnforce(e, "alice", "data1", "read", false); IAdapter a = new DefaultFileAdapter("examples/basic_policy.csv"); e.SetAdapter(a); e.LoadPolicy(); testEnforce(e, "alice", "data1", "read", true); }
public void TestBasicModel() { var e = new Enforcer(_testModelFixture.GetBasicTestModel()); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", false); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }
public void Test_PriorityModel() { Enforcer e = new Enforcer("examples/priority_model.conf", "examples/priority_policy.csv"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", false); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", true); TestEnforce(e, "bob", "data2", "write", false); }
public IBooleanOperation GroupedAnd(IEnumerable <string> fields, params string[] query) { Enforcer.ArgumentNotNull(fields, "fields"); Enforcer.ArgumentNotNull(query, "query"); var fieldVals = new List <IExamineValue>(); foreach (var f in query) { fieldVals.Add(new ExamineValue(Examineness.Explicit, f)); } return(this.GroupedAnd(fields.ToArray(), fieldVals.ToArray())); }
public async Task TestRbacModelWithDomainsAtRuntimeAsync() { var e = new Enforcer(TestModelFixture.GetNewTestModel(_testModelFixture._rbacWithDomainsModelText)); e.BuildRoleLinks(); await e.AddPolicyAsync("admin", "domain1", "data1", "read"); await e.AddPolicyAsync("admin", "domain1", "data1", "write"); await e.AddPolicyAsync("admin", "domain2", "data2", "read"); await e.AddPolicyAsync("admin", "domain2", "data2", "write"); await e.AddGroupingPolicyAsync("alice", "admin", "domain1"); await e.AddGroupingPolicyAsync("bob", "admin", "domain2"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", true); TestDomainEnforce(e, "alice", "domain1", "data1", "write", true); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); // Remove all policy rules related to domain1 and data1. await e.RemoveFilteredPolicyAsync(1, "domain1", "data1"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", false); TestDomainEnforce(e, "alice", "domain1", "data1", "write", false); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); // Remove the specified policy rule. await e.RemovePolicyAsync("admin", "domain2", "data2", "read"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", false); TestDomainEnforce(e, "alice", "domain1", "data1", "write", false); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", false); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); }
public async Task ShouldUpdateAsync() { var sampleWatcher = new SampleWatcher(); Assert.False(sampleWatcher.AsyncCalled); var enforcer = new Enforcer(_testModelFixture.GetBasicTestModel(), new DefaultFileAdapter(TestModelFixture.GetTestFile("rbac_policy_for_async_watcher_test.csv"))); enforcer.SetWatcher(sampleWatcher); await enforcer.SavePolicyAsync(); Assert.True(sampleWatcher.AsyncCalled); }
public void TestKeyMatchModelInMemoryDeny() { Model.Model m = CoreEnforcer.NewModel(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("e", "e", "!some(where (p.eft == deny))"); m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)"); IAdapter a = new DefaultFileAdapter("examples/keymatch_policy.csv"); Enforcer e = new Enforcer(m, a); TestEnforce(e, "alice", "/alice_data/resource2", "POST", true); }
public void TestGetRolesFromUserWithDomains() { var e = new Enforcer(TestModelFixture.GetNewTestModel( _testModelFixture._rbacWithDomainsModelText, _testModelFixture._rbacWithHierarchyWithDomainsPolicyText)); e.BuildRoleLinks(); // This is only able to retrieve the first level of roles. TestGetRolesInDomain(e, "alice", "domain1", AsList("role:global_admin")); // Retrieve all inherit roles. It supports domains as well. TestGetImplicitRolesInDomain(e, "alice", "domain1", AsList("role:global_admin", "role:reader", "role:writer")); }
public void testInitWithAdapter() { IAdapter adapter = new DefaultFileAdapter("examples/basic_policy.csv"); Enforcer e = new Enforcer("examples/basic_model.conf", adapter); testEnforce(e, "alice", "data1", "read", true); testEnforce(e, "alice", "data1", "write", false); testEnforce(e, "alice", "data2", "read", false); testEnforce(e, "alice", "data2", "write", false); testEnforce(e, "bob", "data1", "read", false); testEnforce(e, "bob", "data1", "write", false); testEnforce(e, "bob", "data2", "read", false); testEnforce(e, "bob", "data2", "write", true); }
internal LuceneSearchCriteria(string type, Analyzer analyzer, string[] fields, bool allowLeadingWildcards, BooleanOperation occurance) { //TODO: It would be nice to be able to pass in the existing field definitions here so // we'd know what fields have sorting enabled so we don't have to use the special sorting syntax for field types Enforcer.ArgumentNotNull(fields, "fields"); SearchIndexType = type; Query = new BooleanQuery(); this.BooleanOperation = occurance; this.QueryParser = new MultiFieldQueryParser(_luceneVersion, fields, analyzer); this.QueryParser.SetAllowLeadingWildcard(allowLeadingWildcards); this._occurance = occurance.ToLuceneOccurance(); }
public void TestGetImplicitPermissionsForUserWithDomain() { var e = new Enforcer(TestModelFixture.GetNewTestModel( _testModelFixture._rbacWithDomainsModelText, _testModelFixture._rbacWithHierarchyWithDomainsPolicyText)); e.BuildRoleLinks(); TestGetImplicitPermissions(e, "alice", AsList( AsList("alice", "domain1", "data2", "read"), AsList("role:reader", "domain1", "data1", "read"), AsList("role:writer", "domain1", "data1", "write")), "domain1"); }
public void TestEnforceWithMatcherApi() { var e = new Enforcer(_testModelFixture.GetBasicTestModel()); string matcher = "r.sub != p.sub && r.obj == p.obj && r.act == p.act"; e.TestEnforceWithMatcher(matcher, "alice", "data1", "read", false); e.TestEnforceWithMatcher(matcher, "alice", "data1", "write", false); e.TestEnforceWithMatcher(matcher, "alice", "data2", "read", false); e.TestEnforceWithMatcher(matcher, "alice", "data2", "write", true); e.TestEnforceWithMatcher(matcher, "bob", "data1", "read", true); e.TestEnforceWithMatcher(matcher, "bob", "data1", "write", false); e.TestEnforceWithMatcher(matcher, "bob", "data2", "read", false); e.TestEnforceWithMatcher(matcher, "bob", "data2", "write", false); }
public void TestEnforceWithMultipleEval() { var e = new Enforcer(TestModelFixture.GetNewTestModel( _testModelFixture._rbacMultipleEvalModelText, _testModelFixture._rbacMultipleEvalPolicyText)); bool result = e.Enforce( "domain1", new { Role = "admin" }, new { Name = "admin_panel" }, "view"); Assert.True(result); }
public void TestRbacModelWithDomains() { var e = new Enforcer(_testModelFixture.GetNewRbacWithDomainsTestModel()); e.BuildRoleLinks(); TestDomainEnforce(e, "alice", "domain1", "data1", "read", true); TestDomainEnforce(e, "alice", "domain1", "data1", "write", true); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); }
public void TestPriorityModel() { var e = new Enforcer(_testModelFixture.GetNewPriorityTestModel()); e.BuildRoleLinks(); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", false); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", true); TestEnforce(e, "bob", "data2", "write", false); }
public void TestRBACModelInMemoryIndeterminate() { Model.Model m = CoreEnforcer.NewModel(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("g", "g", "_, _"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act"); Enforcer e = new Enforcer(m); e.AddPermissionForUser("alice", "data1", "invalid"); TestEnforce(e, "alice", "data1", "read", false); }
public static void CheckEnvironmentAccess(string sub, string obj, string act, string env) { var e = new Enforcer("./casbin-config/env_model.conf", "./casbin-config/env_policy.csv"); if (e.Enforce(sub, obj, act, env)) { // permit alice to read data1 Console.WriteLine("Access Granted"); } else { // deny the request, show an error Console.WriteLine("Access Denied"); } }
public void TestTypConvertorAttribute() { var adapter = new EFCoreAdapter <Guid>(_context); var enforcer = new Enforcer(_modelProvideFixture.GetNewAbacModel(), adapter); enforcer.LoadPolicy(); var flag = enforcer.Enforce(new { IsTenantMember = "true", Age = 30 }, "/data2", "write"); Assert.True(flag); }
static void Main(string[] args) { var lineRule = new LineRule( directory: Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory), filename: "example_enforcer.ini", search: "example line=", rule: "example line=chicken"); Console.WriteLine("Automatic? (Y/N)"); if (!Console.ReadLine().ToUpper().StartsWith("Y")) { Console.WriteLine("Please enter directory to watch."); var dir = Console.ReadLine(); Console.WriteLine("Please enter filename."); var filename = Console.ReadLine(); Console.WriteLine("Please enter line to enforce."); var line = Console.ReadLine(); Console.WriteLine("Please enter rule."); var rule = Console.ReadLine(); lineRule = new LineRule(dir, filename, line, rule); } File.WriteAllText(lineRule.FullPath, lineRule.Rule + Environment.NewLine); using (var enforcer = new Enforcer(lineRule)) { enforcer.Begin(() => Console.WriteLine("Changed!")); Console.WriteLine("Watching..."); Console.ReadKey(); Console.WriteLine("Finished..."); } }