public async Task TestMultipleGroupTypeModelInMemoryAsync()
{
var m = Model.Model.CreateDefault();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("g", "g", "_, _");
m.AddDef("g", "g2", "_, _");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act");
var e = new Enforcer(m);
await e.AddPolicyAsync("alice", "data1", "read");
await e.AddPolicyAsync("bob", "data2", "write");
await e.AddPolicyAsync("data_group_admin", "data_group", "write");
await e.AddNamedGroupingPolicyAsync("g", "alice", "data_group_admin");
await e.AddNamedGroupingPolicyAsync("g2", "data1", "data_group");
await e.AddNamedGroupingPolicyAsync("g2", "data2", "data_group");
Assert.True(await e.EnforceAsync("alice", "data1", "read"));
Assert.True(await e.EnforceAsync("alice", "data1", "write"));
Assert.False(await e.EnforceAsync("alice", "data2", "read"));
Assert.True(await e.EnforceAsync("alice", "data2", "write"));
}
public async Task TestModifyGroupingPolicyAsync()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList());
TestGetRoles(e, "non_exist", AsList());
await e.RemoveGroupingPolicyAsync("alice", "data2_admin");
await e.AddGroupingPolicyAsync("bob", "data1_admin");
await e.AddGroupingPolicyAsync("eve", "data3_admin");
var groupingRules = AsList(
AsList("ham", "data4_admin"),
AsList("jack", "data5_admin")
);
_ = await e.AddGroupingPoliciesAsync(groupingRules);
TestGetRoles(e, "ham", AsList("data4_admin"));
TestGetRoles(e, "jack", AsList("data5_admin"));
_ = await e.RemoveGroupingPoliciesAsync(groupingRules);
TestGetRoles(e, "alice", AsList());
var namedGroupingPolicy = AsList("alice", "data2_admin");
TestGetRoles(e, "alice", AsList());
await e.AddNamedGroupingPolicyAsync("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList("data2_admin"));
await e.RemoveNamedGroupingPolicyAsync("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList("data1_admin"));
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList("bob"));
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
await e.RemoveFilteredGroupingPolicyAsync(0, "bob");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList());
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
}