public void TestModifyGroupingPolicy() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetRoles(e, "alice", AsList("data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "eve", AsList()); TestGetRoles(e, "non_exist", AsList()); e.RemoveGroupingPolicy("alice", "data2_admin"); e.AddGroupingPolicy("bob", "data1_admin"); e.AddGroupingPolicy("eve", "data3_admin"); var groupingRules = AsList( AsList("ham", "data4_admin"), AsList("jack", "data5_admin") ); _ = e.AddGroupingPolicies(groupingRules); TestGetRoles(e, "ham", AsList("data4_admin")); TestGetRoles(e, "jack", AsList("data5_admin")); _ = e.RemoveGroupingPolicies(groupingRules); TestGetRoles(e, "alice", AsList()); var namedGroupingPolicy = AsList("alice", "data2_admin"); TestGetRoles(e, "alice", AsList()); e.AddNamedGroupingPolicy("g", namedGroupingPolicy); TestGetRoles(e, "alice", AsList("data2_admin")); e.RemoveNamedGroupingPolicy("g", namedGroupingPolicy); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList("data1_admin")); TestGetRoles(e, "eve", AsList("data3_admin")); TestGetRoles(e, "non_exist", AsList()); TestGetUsers(e, "data1_admin", AsList("bob")); TestGetUsers(e, "data2_admin", AsList()); TestGetUsers(e, "data3_admin", AsList("eve")); e.RemoveFilteredGroupingPolicy(0, "bob"); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "eve", AsList("data3_admin")); TestGetRoles(e, "non_exist", AsList()); TestGetUsers(e, "data1_admin", AsList()); TestGetUsers(e, "data2_admin", AsList()); TestGetUsers(e, "data3_admin", AsList("eve")); }
public void TestGetDomainsForUser() { var e = new Enforcer(TestModelFixture.GetNewTestModel( _testModelFixture._rbacWithDomainsModelText, _testModelFixture._rbacWithDomainsPolicy2Text)); e.BuildRoleLinks(); e.TestGetDomainsForUser("alice", new[] { "domain1", "domain2" }); e.TestGetDomainsForUser("bob", new[] { "domain2", "domain3" }); e.TestGetDomainsForUser("user", new[] { "domain3" }); }
public async Task TestRbacModelWithDomainsAtRuntimeAsync() { var e = new Enforcer(TestModelFixture.GetNewTestModel(_testModelFixture._rbacWithDomainsModelText)); e.BuildRoleLinks(); await e.AddPolicyAsync("admin", "domain1", "data1", "read"); await e.AddPolicyAsync("admin", "domain1", "data1", "write"); await e.AddPolicyAsync("admin", "domain2", "data2", "read"); await e.AddPolicyAsync("admin", "domain2", "data2", "write"); await e.AddGroupingPolicyAsync("alice", "admin", "domain1"); await e.AddGroupingPolicyAsync("bob", "admin", "domain2"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", true); TestDomainEnforce(e, "alice", "domain1", "data1", "write", true); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); // Remove all policy rules related to domain1 and data1. await e.RemoveFilteredPolicyAsync(1, "domain1", "data1"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", false); TestDomainEnforce(e, "alice", "domain1", "data1", "write", false); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); // Remove the specified policy rule. await e.RemovePolicyAsync("admin", "domain2", "data2", "read"); TestDomainEnforce(e, "alice", "domain1", "data1", "read", false); TestDomainEnforce(e, "alice", "domain1", "data1", "write", false); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", false); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); }
public void TestGetRolesFromUserWithDomains() { var e = new Enforcer(TestModelFixture.GetNewTestModel( _testModelFixture._rbacWithDomainsModelText, _testModelFixture._rbacWithHierarchyWithDomainsPolicyText)); e.BuildRoleLinks(); // This is only able to retrieve the first level of roles. TestGetRolesInDomain(e, "alice", "domain1", AsList("role:global_admin")); // Retrieve all inherit roles. It supports domains as well. TestGetImplicitRolesInDomain(e, "alice", "domain1", AsList("role:global_admin", "role:reader", "role:writer")); }
public void TestGetImplicitPermissionsForUserWithDomain() { var e = new Enforcer(TestModelFixture.GetNewTestModel( _testModelFixture._rbacWithDomainsModelText, _testModelFixture._rbacWithHierarchyWithDomainsPolicyText)); e.BuildRoleLinks(); TestGetImplicitPermissions(e, "alice", AsList( AsList("alice", "domain1", "data2", "read"), AsList("role:reader", "domain1", "data1", "read"), AsList("role:writer", "domain1", "data1", "write")), "domain1"); }
public void TestPriorityModel() { var e = new Enforcer(_testModelFixture.GetNewPriorityTestModel()); e.BuildRoleLinks(); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", false); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", true); TestEnforce(e, "bob", "data2", "write", false); }
public void TestRbacModelWithDomains() { var e = new Enforcer(_testModelFixture.GetNewRbacWithDomainsTestModel()); e.BuildRoleLinks(); TestDomainEnforce(e, "alice", "domain1", "data1", "read", true); TestDomainEnforce(e, "alice", "domain1", "data1", "write", true); TestDomainEnforce(e, "alice", "domain1", "data2", "read", false); TestDomainEnforce(e, "alice", "domain1", "data2", "write", false); TestDomainEnforce(e, "bob", "domain2", "data1", "read", false); TestDomainEnforce(e, "bob", "domain2", "data1", "write", false); TestDomainEnforce(e, "bob", "domain2", "data2", "read", true); TestDomainEnforce(e, "bob", "domain2", "data2", "write", true); }
public void TestRbacModelWithCustomRoleManager() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.SetRoleManager(new CustomRoleManager()); e.BuildRoleLinks(); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }
public async Task TestPermissionApiAsync() { var e = new Enforcer(_testModelFixture.GetBasicWithoutResourceTestModel()); e.BuildRoleLinks(); await TestEnforceWithoutUsersAsync(e, "alice", "read", true); await TestEnforceWithoutUsersAsync(e, "alice", "write", false); await TestEnforceWithoutUsersAsync(e, "bob", "read", false); await TestEnforceWithoutUsersAsync(e, "bob", "write", true); TestGetPermissions(e, "alice", AsList(AsList("alice", "read"))); TestGetPermissions(e, "bob", AsList(AsList("bob", "write"))); TestHasPermission(e, "alice", AsList("read"), true); TestHasPermission(e, "alice", AsList("write"), false); TestHasPermission(e, "bob", AsList("read"), false); TestHasPermission(e, "bob", AsList("write"), true); _ = await e.DeletePermissionAsync("read"); await TestEnforceWithoutUsersAsync(e, "alice", "read", false); await TestEnforceWithoutUsersAsync(e, "alice", "write", false); await TestEnforceWithoutUsersAsync(e, "bob", "read", false); await TestEnforceWithoutUsersAsync(e, "bob", "write", true); _ = await e.AddPermissionForUserAsync("bob", "read"); await TestEnforceWithoutUsersAsync(e, "alice", "read", false); await TestEnforceWithoutUsersAsync(e, "alice", "write", false); await TestEnforceWithoutUsersAsync(e, "bob", "read", true); await TestEnforceWithoutUsersAsync(e, "bob", "write", true); _ = await e.DeletePermissionForUserAsync("bob", "read"); await TestEnforceWithoutUsersAsync(e, "alice", "read", false); await TestEnforceWithoutUsersAsync(e, "alice", "write", false); await TestEnforceWithoutUsersAsync(e, "bob", "read", false); await TestEnforceWithoutUsersAsync(e, "bob", "write", true); _ = await e.DeletePermissionsForUserAsync("bob"); await TestEnforceWithoutUsersAsync(e, "alice", "read", false); await TestEnforceWithoutUsersAsync(e, "alice", "write", false); await TestEnforceWithoutUsersAsync(e, "bob", "read", false); await TestEnforceWithoutUsersAsync(e, "bob", "write", false); }
public async Task TestModifyGroupingPolicyAsync() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetRoles(e, "alice", AsList("data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "eve", AsList()); TestGetRoles(e, "non_exist", AsList()); await e.RemoveGroupingPolicyAsync("alice", "data2_admin"); await e.AddGroupingPolicyAsync("bob", "data1_admin"); await e.AddGroupingPolicyAsync("eve", "data3_admin"); var namedGroupingPolicy = AsList("alice", "data2_admin"); TestGetRoles(e, "alice", AsList()); await e.AddNamedGroupingPolicyAsync("g", namedGroupingPolicy); TestGetRoles(e, "alice", AsList("data2_admin")); await e.RemoveNamedGroupingPolicyAsync("g", namedGroupingPolicy); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList("data1_admin")); TestGetRoles(e, "eve", AsList("data3_admin")); TestGetRoles(e, "non_exist", AsList()); TestGetUsers(e, "data1_admin", AsList("bob")); TestGetUsers(e, "data2_admin", AsList()); TestGetUsers(e, "data3_admin", AsList("eve")); await e.RemoveFilteredGroupingPolicyAsync(0, "bob"); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "eve", AsList("data3_admin")); TestGetRoles(e, "non_exist", AsList()); TestGetUsers(e, "data1_admin", AsList()); TestGetUsers(e, "data2_admin", AsList()); TestGetUsers(e, "data3_admin", AsList("eve")); }
public void TestAddRolesForUser() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); _ = e.AddRolesForUser("alice", AsList("data1_admin", "data2_admin", "data3_admin")); // The "alice" already has "data2_admin" , it will be return false. So "alice" just has "data2_admin". TestGetRoles(e, "alice", AsList("data2_admin")); // delete role _ = e.DeleteRoleForUser("alice", "data2_admin"); _ = e.AddRolesForUser("alice", AsList("data1_admin", "data2_admin", "data3_admin")); TestGetRoles(e, "alice", AsList("data1_admin", "data2_admin", "data3_admin")); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", true); }
public void GetImplicitRolesForUser() { // Arrange var e = new Enforcer(TestModelFixture.GetNewTestModel( _testModelFixture._rbacModelText, _testModelFixture._rbacWithHierarchyPolicyText)); e.BuildRoleLinks(); // Assert TestGetPermissions(e, "alice", AsList( AsList("alice", "data1", "read"))); TestGetPermissions(e, "bob", AsList( AsList("bob", "data2", "write"))); Assert.Equal(new[] { "admin", "data1_admin", "data2_admin" }, e.GetImplicitRolesForUser("alice")); Assert.Equal(new string[0], e.GetImplicitRolesForUser("bob")); }
public void TestGetPolicyApi() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"))); TestGetFilteredPolicy(e, 0, AsList(AsList("alice", "data1", "read")), "alice"); TestGetFilteredPolicy(e, 0, AsList(AsList("bob", "data2", "write")), "bob"); TestGetFilteredPolicy(e, 0, AsList(AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write")), "data2_admin"); TestGetFilteredPolicy(e, 1, AsList(AsList("alice", "data1", "read")), "data1"); TestGetFilteredPolicy(e, 1, AsList(AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write")), "data2"); TestGetFilteredPolicy(e, 2, AsList(AsList("alice", "data1", "read"), AsList("data2_admin", "data2", "read")), "read"); TestGetFilteredPolicy(e, 2, AsList(AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "write")), "write"); TestGetFilteredPolicy(e, 0, AsList(AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write")), "data2_admin", "data2"); // Note: "" (empty string) in fieldValues means matching all values. TestGetFilteredPolicy(e, 0, AsList(AsList("data2_admin", "data2", "read")), "data2_admin", "", "read"); TestGetFilteredPolicy(e, 1, AsList(AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "write")), "data2", "write"); TestHasPolicy(e, AsList("alice", "data1", "read"), true); TestHasPolicy(e, AsList("bob", "data2", "write"), true); TestHasPolicy(e, AsList("alice", "data2", "read"), false); TestHasPolicy(e, AsList("bob", "data3", "write"), false); TestGetGroupingPolicy(e, AsList(AsList("alice", "data2_admin"))); TestGetFilteredGroupingPolicy(e, 0, AsList(AsList("alice", "data2_admin")), "alice"); TestGetFilteredGroupingPolicy(e, 0, new List <List <string> >(), "bob"); TestGetFilteredGroupingPolicy(e, 1, new List <List <string> >(), "data1_admin"); TestGetFilteredGroupingPolicy(e, 1, AsList(AsList("alice", "data2_admin")), "data2_admin"); // Note: "" (empty string) in fieldValues means matching all values. TestGetFilteredGroupingPolicy(e, 0, AsList(AsList("alice", "data2_admin")), "", "data2_admin"); TestHasGroupingPolicy(e, AsList("alice", "data2_admin"), true); TestHasGroupingPolicy(e, AsList("bob", "data2_admin"), false); }
public void TestGetImplicitPermissionsForUser() { var e = new Enforcer(TestModelFixture.GetNewTestModel( _testModelFixture._rbacModelText, _testModelFixture._rbacWithHierarchyPolicyText)); e.BuildRoleLinks(); TestGetPermissions(e, "alice", AsList( AsList("alice", "data1", "read"))); TestGetPermissions(e, "bob", AsList( AsList("bob", "data2", "write"))); TestGetImplicitPermissions(e, "alice", AsList( AsList("alice", "data1", "read"), AsList("data1_admin", "data1", "read"), AsList("data1_admin", "data1", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"))); TestGetImplicitPermissions(e, "bob", AsList( AsList("bob", "data2", "write"))); }
public void TestPriorityExplicitDenyOverrideModel() { var e = new Enforcer(_testModelFixture.GetNewPriorityExplicitDenyOverrideModel()); e.BuildRoleLinks(); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data2", "read", true); // adding a new group, simulating behaviour when two different groups are added to the same person. e.AddPolicy("10", "data2_deny_group_new", "data2", "write", "deny"); e.AddGroupingPolicy("alice", "data2_deny_group_new"); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data2", "read", true); // expected enforcement result should be true, // as there is a policy with a lower rank 10, that produces allow result. e.AddPolicy("5", "alice", "data2", "write", "allow"); TestEnforce(e, "alice", "data2", "write", true); // adding deny policy for alice for the same obj, // to ensure that if there is at least one deny, final result will be deny. e.AddPolicy("5", "alice", "data2", "write", "deny"); TestEnforce(e, "alice", "data2", "write", false); // adding higher fake higher priority policy for alice, // expected enforcement result should be true (ignore this policy). e.AddPolicy("2", "alice", "data2", "write", "allow"); TestEnforce(e, "alice", "data2", "write", true); e.AddPolicy("1", "fake-subject", "fake-object", "very-fake-action", "allow"); TestEnforce(e, "alice", "data2", "write", true); // adding higher (less of 0) priority policy for alice, // to override group policies again. e.AddPolicy("-1", "alice", "data2", "write", "deny"); TestEnforce(e, "alice", "data2", "write", false); }
public void TestGetImplicitUsersForPermission() { // Arrange var e = new Enforcer(TestModelFixture.GetNewTestModel( _testModelFixture._rbacModelText, _testModelFixture._rbacWithHierarchyPolicyText)); e.BuildRoleLinks(); Assert.Equal(new[] { "alice" }, e.GetImplicitUsersForPermission("data1", "read")); Assert.Equal(new[] { "alice" }, e.GetImplicitUsersForPermission("data1", "write")); Assert.Equal(new[] { "alice" }, e.GetImplicitUsersForPermission("data2", "read")); Assert.Equal(new[] { "alice", "bob" }, e.GetImplicitUsersForPermission("data2", "write")); // Act e.GetModel().ClearPolicy(); _ = e.AddPolicy("admin", "data1", "read"); _ = e.AddPolicy("bob", "data1", "read"); _ = e.AddGroupingPolicy("alice", "admin"); // Assert Assert.Equal(new[] { "bob", "alice" }, e.GetImplicitUsersForPermission("data1", "read")); }
public void TestModifyPolicy() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"))); e.RemovePolicy("alice", "data1", "read"); e.RemovePolicy("bob", "data2", "write"); e.RemovePolicy("alice", "data1", "read"); e.AddPolicy("eve", "data3", "read"); e.AddPolicy("eve", "data3", "read"); var namedPolicy = AsList("eve", "data3", "read"); e.RemoveNamedPolicy("p", namedPolicy); e.AddNamedPolicy("p", namedPolicy); TestGetPolicy(e, AsList( AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1, "data2"); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1, Array.Empty <string>()); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1, ""); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); }
public async Task TestModifyPolicyAsync() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"))); await e.RemovePolicyAsync("alice", "data1", "read"); await e.RemovePolicyAsync("bob", "data2", "write"); await e.RemovePolicyAsync("alice", "data1", "read"); await e.AddPolicyAsync("eve", "data3", "read"); await e.AddPolicyAsync("eve", "data3", "read"); var namedPolicy = AsList("eve", "data3", "read"); await e.RemoveNamedPolicyAsync("p", namedPolicy); await e.AddNamedPolicyAsync("p", namedPolicy); TestGetPolicy(e, AsList( AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("eve", "data3", "read"))); await e.RemoveFilteredPolicyAsync(1, "data2"); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); }
public async Task TestRoleApiAsync() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetRoles(e, "alice", AsList("data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); TestGetRoles(e, "non_exist", AsList()); TestHasRole(e, "alice", "data1_admin", false); TestHasRole(e, "alice", "data2_admin", true); await e.AddRoleForUserAsync("alice", "data1_admin"); TestGetRoles(e, "alice", AsList("data1_admin", "data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); await e.DeleteRoleForUserAsync("alice", "data1_admin"); TestGetRoles(e, "alice", AsList("data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); await e.DeleteRolesForUserAsync("alice"); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); await e.AddRoleForUserAsync("alice", "data1_admin"); await e.DeleteUserAsync("alice"); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); await e.AddRoleForUserAsync("alice", "data2_admin"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); await e.DeleteRoleAsync("data2_admin"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", false); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }
public void TestModifyPolicy() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetPolicy(e, AsList( AsList("alice", "data1", "read"), AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"))); e.RemovePolicy("alice", "data1", "read"); e.RemovePolicy("bob", "data2", "write"); e.RemovePolicy("alice", "data1", "read"); e.AddPolicy("eve", "data3", "read"); e.AddPolicy("eve", "data3", "read"); var rules = AsList( AsList("jack", "data4", "read"), AsList("jack", "data4", "read"), AsList("jack", "data4", "read"), AsList("katy", "data4", "write"), AsList("leyo", "data4", "read"), AsList("katy", "data4", "write"), AsList("katy", "data4", "write"), AsList("ham", "data4", "write") ); _ = e.AddPolicies(rules); _ = e.AddPolicies(rules); TestGetPolicy(e, AsList( AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("eve", "data3", "read"), AsList("jack", "data4", "read"), AsList("katy", "data4", "write"), AsList("leyo", "data4", "read"), AsList("ham", "data4", "write") ) ); _ = e.RemovePolicies(rules); _ = e.RemovePolicies(rules); var namedPolicy = AsList("eve", "data3", "read"); e.RemoveNamedPolicy("p", namedPolicy); e.AddNamedPolicy("p", namedPolicy); TestGetPolicy(e, AsList( AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write"), AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1, "data2"); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); e.RemoveFilteredPolicy(1, ""); TestGetPolicy(e, AsList(AsList("eve", "data3", "read"))); }