public void TestMultipleGroupTypeModelInMemory() { var m = Model.Model.CreateDefault(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("g", "g", "_, _"); m.AddDef("g", "g2", "_, _"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act"); var e = new Enforcer(m); e.AddPolicy("alice", "data1", "read"); e.AddPolicy("bob", "data2", "write"); e.AddPolicy("data_group_admin", "data_group", "write"); e.AddNamedGroupingPolicy("g", "alice", "data_group_admin"); e.AddNamedGroupingPolicy("g2", "data1", "data_group"); e.AddNamedGroupingPolicy("g2", "data2", "data_group"); Assert.True(e.Enforce("alice", "data1", "read")); Assert.True(e.Enforce("alice", "data1", "write")); Assert.False(e.Enforce("alice", "data2", "read")); Assert.True(e.Enforce("alice", "data2", "write")); }
public void TestModifyGroupingPolicy() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetRoles(e, "alice", AsList("data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "eve", AsList()); TestGetRoles(e, "non_exist", AsList()); e.RemoveGroupingPolicy("alice", "data2_admin"); e.AddGroupingPolicy("bob", "data1_admin"); e.AddGroupingPolicy("eve", "data3_admin"); var groupingRules = AsList( AsList("ham", "data4_admin"), AsList("jack", "data5_admin") ); _ = e.AddGroupingPolicies(groupingRules); TestGetRoles(e, "ham", AsList("data4_admin")); TestGetRoles(e, "jack", AsList("data5_admin")); _ = e.RemoveGroupingPolicies(groupingRules); TestGetRoles(e, "alice", AsList()); var namedGroupingPolicy = AsList("alice", "data2_admin"); TestGetRoles(e, "alice", AsList()); e.AddNamedGroupingPolicy("g", namedGroupingPolicy); TestGetRoles(e, "alice", AsList("data2_admin")); e.RemoveNamedGroupingPolicy("g", namedGroupingPolicy); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList("data1_admin")); TestGetRoles(e, "eve", AsList("data3_admin")); TestGetRoles(e, "non_exist", AsList()); TestGetUsers(e, "data1_admin", AsList("bob")); TestGetUsers(e, "data2_admin", AsList()); TestGetUsers(e, "data3_admin", AsList("eve")); e.RemoveFilteredGroupingPolicy(0, "bob"); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "eve", AsList("data3_admin")); TestGetRoles(e, "non_exist", AsList()); TestGetUsers(e, "data1_admin", AsList()); TestGetUsers(e, "data2_admin", AsList()); TestGetUsers(e, "data3_admin", AsList("eve")); }
public void TestModifyGroupingPolicyAPI() { Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv"); TestGetRoles(e, "alice", AsList("data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "eve", AsList()); TestGetRoles(e, "non_exist", AsList()); e.RemoveGroupingPolicy("alice", "data2_admin"); e.AddGroupingPolicy("bob", "data1_admin"); e.AddGroupingPolicy("eve", "data3_admin"); List <String> namedGroupingPolicy = AsList("alice", "data2_admin"); TestGetRoles(e, "alice", AsList()); e.AddNamedGroupingPolicy("g", namedGroupingPolicy); TestGetRoles(e, "alice", AsList("data2_admin")); e.RemoveNamedGroupingPolicy("g", namedGroupingPolicy); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList("data1_admin")); TestGetRoles(e, "eve", AsList("data3_admin")); TestGetRoles(e, "non_exist", AsList()); TestGetUsers(e, "data1_admin", AsList("bob")); TestGetUsers(e, "data2_admin", AsList()); TestGetUsers(e, "data3_admin", AsList("eve")); e.RemoveFilteredGroupingPolicy(0, "bob"); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "eve", AsList("data3_admin")); TestGetRoles(e, "non_exist", AsList()); TestGetUsers(e, "data1_admin", AsList()); TestGetUsers(e, "data2_admin", AsList()); TestGetUsers(e, "data3_admin", AsList("eve")); }