public async Task TestNotUsedRbacModelInMemoryAsync() { var m = Model.Model.Create(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("g", "g", "_, _"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act"); var e = new Enforcer(m); await e.AddPermissionForUserAsync("alice", "data1", "read"); await e.AddPermissionForUserAsync("bob", "data2", "write"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", false); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }
public async Task TestRbacModelInMemory2Async() { string text = "[request_definition]\n" + "r = sub, obj, act\n" + "\n" + "[policy_definition]\n" + "p = sub, obj, act\n" + "\n" + "[role_definition]\n" + "g = _, _\n" + "\n" + "[policy_effect]\n" + "e = some(where (p.eft == allow))\n" + "\n" + "[matchers]\n" + "m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act\n"; var m = Model.Model.CreateFromText(text); var e = new Enforcer(m); await e.AddPermissionForUserAsync("alice", "data1", "read"); await e.AddPermissionForUserAsync("bob", "data2", "write"); await e.AddPermissionForUserAsync("data2_admin", "data2", "read"); await e.AddPermissionForUserAsync("data2_admin", "data2", "write"); await e.AddRoleForUserAsync("alice", "data2_admin"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }
public async Task TestRbacModelInMemoryIndeterminateAsync() { var m = Model.Model.CreateDefault(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("g", "g", "_, _"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act"); var e = new Enforcer(m); await e.AddPermissionForUserAsync("alice", "data1", "invalid"); await TestEnforceAsync(e, "alice", "data1", "read", false); }
public async Task TestPermissionApiAsync() { var e = new Enforcer(_testModelFixture.GetBasicWithoutResourceTestModel()); e.BuildRoleLinks(); await TestEnforceWithoutUsersAsync(e, "alice", "read", true); await TestEnforceWithoutUsersAsync(e, "alice", "write", false); await TestEnforceWithoutUsersAsync(e, "bob", "read", false); await TestEnforceWithoutUsersAsync(e, "bob", "write", true); TestGetPermissions(e, "alice", AsList(AsList("alice", "read"))); TestGetPermissions(e, "bob", AsList(AsList("bob", "write"))); TestHasPermission(e, "alice", AsList("read"), true); TestHasPermission(e, "alice", AsList("write"), false); TestHasPermission(e, "bob", AsList("read"), false); TestHasPermission(e, "bob", AsList("write"), true); _ = await e.DeletePermissionAsync("read"); await TestEnforceWithoutUsersAsync(e, "alice", "read", false); await TestEnforceWithoutUsersAsync(e, "alice", "write", false); await TestEnforceWithoutUsersAsync(e, "bob", "read", false); await TestEnforceWithoutUsersAsync(e, "bob", "write", true); _ = await e.AddPermissionForUserAsync("bob", "read"); await TestEnforceWithoutUsersAsync(e, "alice", "read", false); await TestEnforceWithoutUsersAsync(e, "alice", "write", false); await TestEnforceWithoutUsersAsync(e, "bob", "read", true); await TestEnforceWithoutUsersAsync(e, "bob", "write", true); _ = await e.DeletePermissionForUserAsync("bob", "read"); await TestEnforceWithoutUsersAsync(e, "alice", "read", false); await TestEnforceWithoutUsersAsync(e, "alice", "write", false); await TestEnforceWithoutUsersAsync(e, "bob", "read", false); await TestEnforceWithoutUsersAsync(e, "bob", "write", true); _ = await e.DeletePermissionsForUserAsync("bob"); await TestEnforceWithoutUsersAsync(e, "alice", "read", false); await TestEnforceWithoutUsersAsync(e, "alice", "write", false); await TestEnforceWithoutUsersAsync(e, "bob", "read", false); await TestEnforceWithoutUsersAsync(e, "bob", "write", false); }