예제 #1
0
        public async Task TestMultipleGroupTypeModelInMemoryAsync()
        {
            var m = Model.Model.CreateDefault();

            m.AddDef("r", "r", "sub, obj, act");
            m.AddDef("p", "p", "sub, obj, act");
            m.AddDef("g", "g", "_, _");
            m.AddDef("g", "g2", "_, _");
            m.AddDef("e", "e", "some(where (p.eft == allow))");
            m.AddDef("m", "m", "g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act");

            var e = new Enforcer(m);
            await e.AddPolicyAsync("alice", "data1", "read");

            await e.AddPolicyAsync("bob", "data2", "write");

            await e.AddPolicyAsync("data_group_admin", "data_group", "write");

            await e.AddNamedGroupingPolicyAsync("g", "alice", "data_group_admin");

            await e.AddNamedGroupingPolicyAsync("g2", "data1", "data_group");

            await e.AddNamedGroupingPolicyAsync("g2", "data2", "data_group");

            Assert.True(await e.EnforceAsync("alice", "data1", "read"));
            Assert.True(await e.EnforceAsync("alice", "data1", "write"));
            Assert.False(await e.EnforceAsync("alice", "data2", "read"));
            Assert.True(await e.EnforceAsync("alice", "data2", "write"));
        }
예제 #2
0
        public async Task TestModifyGroupingPolicyAsync()
        {
            var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());

            e.BuildRoleLinks();

            TestGetRoles(e, "alice", AsList("data2_admin"));
            TestGetRoles(e, "bob", AsList());
            TestGetRoles(e, "eve", AsList());
            TestGetRoles(e, "non_exist", AsList());

            await e.RemoveGroupingPolicyAsync("alice", "data2_admin");

            await e.AddGroupingPolicyAsync("bob", "data1_admin");

            await e.AddGroupingPolicyAsync("eve", "data3_admin");

            var groupingRules = AsList(
                AsList("ham", "data4_admin"),
                AsList("jack", "data5_admin")
                );

            _ = await e.AddGroupingPoliciesAsync(groupingRules);

            TestGetRoles(e, "ham", AsList("data4_admin"));
            TestGetRoles(e, "jack", AsList("data5_admin"));
            _ = await e.RemoveGroupingPoliciesAsync(groupingRules);

            TestGetRoles(e, "alice", AsList());
            var namedGroupingPolicy = AsList("alice", "data2_admin");

            TestGetRoles(e, "alice", AsList());
            await e.AddNamedGroupingPolicyAsync("g", namedGroupingPolicy);

            TestGetRoles(e, "alice", AsList("data2_admin"));
            await e.RemoveNamedGroupingPolicyAsync("g", namedGroupingPolicy);

            TestGetRoles(e, "alice", AsList());
            TestGetRoles(e, "bob", AsList("data1_admin"));
            TestGetRoles(e, "eve", AsList("data3_admin"));
            TestGetRoles(e, "non_exist", AsList());

            TestGetUsers(e, "data1_admin", AsList("bob"));
            TestGetUsers(e, "data2_admin", AsList());
            TestGetUsers(e, "data3_admin", AsList("eve"));

            await e.RemoveFilteredGroupingPolicyAsync(0, "bob");

            TestGetRoles(e, "alice", AsList());
            TestGetRoles(e, "bob", AsList());
            TestGetRoles(e, "eve", AsList("data3_admin"));
            TestGetRoles(e, "non_exist", AsList());

            TestGetUsers(e, "data1_admin", AsList());
            TestGetUsers(e, "data2_admin", AsList());
            TestGetUsers(e, "data3_admin", AsList("eve"));
        }