public async Task TestModifyGroupingPolicyAsync() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetRoles(e, "alice", AsList("data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "eve", AsList()); TestGetRoles(e, "non_exist", AsList()); await e.RemoveGroupingPolicyAsync("alice", "data2_admin"); await e.AddGroupingPolicyAsync("bob", "data1_admin"); await e.AddGroupingPolicyAsync("eve", "data3_admin"); var groupingRules = AsList( AsList("ham", "data4_admin"), AsList("jack", "data5_admin") ); _ = await e.AddGroupingPoliciesAsync(groupingRules); TestGetRoles(e, "ham", AsList("data4_admin")); TestGetRoles(e, "jack", AsList("data5_admin")); _ = await e.RemoveGroupingPoliciesAsync(groupingRules); TestGetRoles(e, "alice", AsList()); var namedGroupingPolicy = AsList("alice", "data2_admin"); TestGetRoles(e, "alice", AsList()); await e.AddNamedGroupingPolicyAsync("g", namedGroupingPolicy); TestGetRoles(e, "alice", AsList("data2_admin")); await e.RemoveNamedGroupingPolicyAsync("g", namedGroupingPolicy); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList("data1_admin")); TestGetRoles(e, "eve", AsList("data3_admin")); TestGetRoles(e, "non_exist", AsList()); TestGetUsers(e, "data1_admin", AsList("bob")); TestGetUsers(e, "data2_admin", AsList()); TestGetUsers(e, "data3_admin", AsList("eve")); await e.RemoveFilteredGroupingPolicyAsync(0, "bob"); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "eve", AsList("data3_admin")); TestGetRoles(e, "non_exist", AsList()); TestGetUsers(e, "data1_admin", AsList()); TestGetUsers(e, "data2_admin", AsList()); TestGetUsers(e, "data3_admin", AsList("eve")); }
public async Task TestRbacModelWithDomainsAtRuntimeAsync() { var e = new Enforcer(TestModelFixture.GetNewTestModel(_testModelFixture._rbacWithDomainsModelText)); e.BuildRoleLinks(); await e.AddPolicyAsync("admin", "domain1", "data1", "read"); await e.AddPolicyAsync("admin", "domain1", "data1", "write"); await e.AddPolicyAsync("admin", "domain2", "data2", "read"); await e.AddPolicyAsync("admin", "domain2", "data2", "write"); await e.AddGroupingPolicyAsync("alice", "admin", "domain1"); await e.AddGroupingPolicyAsync("bob", "admin", "domain2"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", true); TestDomainEnforce(e, "alice", "domain1", "data1", "write", true); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); // Remove all policy rules related to domain1 and data1. await e.RemoveFilteredPolicyAsync(1, "domain1", "data1"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", false); TestDomainEnforce(e, "alice", "domain1", "data1", "write", false); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); // Remove the specified policy rule. await e.RemovePolicyAsync("admin", "domain2", "data2", "read"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", false); TestDomainEnforce(e, "alice", "domain1", "data1", "write", false); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", false); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); }
public async Task TestRbacModelWithCustomDataAsync() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); // You can add custom data to a grouping policy, Casbin will ignore it. It is only meaningful to the caller. // This feature can be used to store information like whether "bob" is an end user (so no subject will inherit "bob") // For Casbin, it is equivalent to: e.addGroupingPolicy("bob", "data2_admin") await e.AddGroupingPolicyAsync("bob", "data2_admin", "custom_data"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", true); TestEnforce(e, "bob", "data2", "write", true); // You should also take the custom data as a parameter when deleting a grouping policy. // e.removeGroupingPolicy("bob", "data2_admin") won't work. // Or you can remove it by using removeFilteredGroupingPolicy(). await e.RemoveGroupingPolicyAsync("bob", "data2_admin", "custom_data"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }