public async Task TestMultipleGroupTypeModelInMemoryAsync()
{
var m = Model.Model.CreateDefault();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("g", "g", "_, _");
m.AddDef("g", "g2", "_, _");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act");
var e = new Enforcer(m);
await e.AddPolicyAsync("alice", "data1", "read");
await e.AddPolicyAsync("bob", "data2", "write");
await e.AddPolicyAsync("data_group_admin", "data_group", "write");
await e.AddNamedGroupingPolicyAsync("g", "alice", "data_group_admin");
await e.AddNamedGroupingPolicyAsync("g2", "data1", "data_group");
await e.AddNamedGroupingPolicyAsync("g2", "data2", "data_group");
Assert.True(await e.EnforceAsync("alice", "data1", "read"));
Assert.True(await e.EnforceAsync("alice", "data1", "write"));
Assert.False(await e.EnforceAsync("alice", "data2", "read"));
Assert.True(await e.EnforceAsync("alice", "data2", "write"));
}
public async Task TestRbacModelWithDomainsAtRuntimeAsync()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(_testModelFixture._rbacWithDomainsModelText));
e.BuildRoleLinks();
await e.AddPolicyAsync("admin", "domain1", "data1", "read");
await e.AddPolicyAsync("admin", "domain1", "data1", "write");
await e.AddPolicyAsync("admin", "domain2", "data2", "read");
await e.AddPolicyAsync("admin", "domain2", "data2", "write");
await e.AddGroupingPolicyAsync("alice", "admin", "domain1");
await e.AddGroupingPolicyAsync("bob", "admin", "domain2");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", true);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", true);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", true);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
// Remove all policy rules related to domain1 and data1.
await e.RemoveFilteredPolicyAsync(1, "domain1", "data1");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", true);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
// Remove the specified policy rule.
await e.RemovePolicyAsync("admin", "domain2", "data2", "read");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
}
public async Task TestModifyPolicyAsync()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetPolicy(e, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write")));
await e.RemovePolicyAsync("alice", "data1", "read");
await e.RemovePolicyAsync("bob", "data2", "write");
await e.RemovePolicyAsync("alice", "data1", "read");
await e.AddPolicyAsync("eve", "data3", "read");
await e.AddPolicyAsync("eve", "data3", "read");
var namedPolicy = AsList("eve", "data3", "read");
await e.RemoveNamedPolicyAsync("p", namedPolicy);
await e.AddNamedPolicyAsync("p", namedPolicy);
TestGetPolicy(e, AsList(
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write"),
AsList("eve", "data3", "read")));
await e.RemoveFilteredPolicyAsync(1, "data2");
TestGetPolicy(e, AsList(AsList("eve", "data3", "read")));
}
public async Task TestAdapterAutoSaveAsync()
{
var adapter = new CasbinDbAdapter <int, CasbinRule <int> >(_asyncContext);
var enforcer = new Enforcer(_modelProvideFixture.GetNewRbacModel(), adapter);
TestGetPolicy(enforcer, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() == 5);
await enforcer.AddPolicyAsync("alice", "data1", "write");
TestGetPolicy(enforcer, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write"),
AsList("alice", "data1", "write")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() == 6);
await enforcer.RemovePolicyAsync("alice", "data1", "write");
TestGetPolicy(enforcer, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() == 5);
await enforcer.RemoveFilteredPolicyAsync(0, "data2_admin");
TestGetPolicy(enforcer, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() == 3);
}
public async Task TestAdapterAutoSaveAsync()
{
var adapter = new EFCoreAdapter <int, CasbinRule <int> >(_asyncContext);
var enforcer = new Enforcer(_modelProvideFixture.GetNewRbacModel(), adapter);
#region Load policy test
TestGetPolicy(enforcer, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() is 5);
#endregion
#region Add policy test
await enforcer.AddPolicyAsync("alice", "data1", "write");
TestGetPolicy(enforcer, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write"),
AsList("alice", "data1", "write")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() is 6);
#endregion
#region Remove policy test
await enforcer.RemovePolicyAsync("alice", "data1", "write");
TestGetPolicy(enforcer, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() is 5);
await enforcer.RemoveFilteredPolicyAsync(0, "data2_admin");
TestGetPolicy(enforcer, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() is 3);
#endregion
#region Batch APIs test
await enforcer.AddPoliciesAsync(new []
{
new List <string> {
"alice", "data2", "write"
},
new List <string> {
"bob", "data1", "read"
}
});
TestGetPolicy(enforcer, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("alice", "data2", "write"),
AsList("bob", "data1", "read")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() is 5);
await enforcer.RemovePoliciesAsync(new []
{
new List <string> {
"alice", "data1", "read"
},
new List <string> {
"bob", "data2", "write"
}
});
TestGetPolicy(enforcer, AsList(
AsList("alice", "data2", "write"),
AsList("bob", "data1", "read")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() is 3);
#endregion
#region IFilteredAdapter test
await enforcer.LoadFilteredPolicyAsync(new Filter
{
P = new List <string> {
"bob", "data1", "read"
},
});
TestGetPolicy(enforcer, AsList(
AsList("bob", "data1", "read")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() is 3);
await enforcer.LoadFilteredPolicyAsync(new Filter
{
P = new List <string> {
"", "", "write"
},
});
TestGetPolicy(enforcer, AsList(
AsList("alice", "data2", "write")
));
Assert.True(_asyncContext.CasbinRule.AsNoTracking().Count() is 3);
#endregion
}
public Task AssignPolicyToRole(string role, Guid familyId, string resource, string action)
{
return(_enforcer.AddPolicyAsync(role, familyId.ToString(), resource, action));
}