public void testKeyMatchModelInMemory()
{
Model m = CoreEnforcer.NewModel();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)");
IAdapter a = new DefaultFileAdapter("examples/keymatch_policy.csv");
Enforcer e = new Enforcer(m, a);
testEnforce(e, "alice", "/alice_data/resource1", "GET", true);
testEnforce(e, "alice", "/alice_data/resource1", "POST", true);
testEnforce(e, "alice", "/alice_data/resource2", "GET", true);
testEnforce(e, "alice", "/alice_data/resource2", "POST", false);
testEnforce(e, "alice", "/bob_data/resource1", "GET", false);
testEnforce(e, "alice", "/bob_data/resource1", "POST", false);
testEnforce(e, "alice", "/bob_data/resource2", "GET", false);
testEnforce(e, "alice", "/bob_data/resource2", "POST", false);
testEnforce(e, "bob", "/alice_data/resource1", "GET", false);
testEnforce(e, "bob", "/alice_data/resource1", "POST", false);
testEnforce(e, "bob", "/alice_data/resource2", "GET", true);
testEnforce(e, "bob", "/alice_data/resource2", "POST", false);
testEnforce(e, "bob", "/bob_data/resource1", "GET", false);
testEnforce(e, "bob", "/bob_data/resource1", "POST", true);
testEnforce(e, "bob", "/bob_data/resource2", "GET", false);
testEnforce(e, "bob", "/bob_data/resource2", "POST", true);
testEnforce(e, "cathy", "/cathy_data", "GET", true);
testEnforce(e, "cathy", "/cathy_data", "POST", true);
testEnforce(e, "cathy", "/cathy_data", "DELETE", false);
e = new Enforcer(m);
a.LoadPolicy(e.GetModel());
testEnforce(e, "alice", "/alice_data/resource1", "GET", true);
testEnforce(e, "alice", "/alice_data/resource1", "POST", true);
testEnforce(e, "alice", "/alice_data/resource2", "GET", true);
testEnforce(e, "alice", "/alice_data/resource2", "POST", false);
testEnforce(e, "alice", "/bob_data/resource1", "GET", false);
testEnforce(e, "alice", "/bob_data/resource1", "POST", false);
testEnforce(e, "alice", "/bob_data/resource2", "GET", false);
testEnforce(e, "alice", "/bob_data/resource2", "POST", false);
testEnforce(e, "bob", "/alice_data/resource1", "GET", false);
testEnforce(e, "bob", "/alice_data/resource1", "POST", false);
testEnforce(e, "bob", "/alice_data/resource2", "GET", true);
testEnforce(e, "bob", "/alice_data/resource2", "POST", false);
testEnforce(e, "bob", "/bob_data/resource1", "GET", false);
testEnforce(e, "bob", "/bob_data/resource1", "POST", true);
testEnforce(e, "bob", "/bob_data/resource2", "GET", false);
testEnforce(e, "bob", "/bob_data/resource2", "POST", true);
testEnforce(e, "cathy", "/cathy_data", "GET", true);
testEnforce(e, "cathy", "/cathy_data", "POST", true);
testEnforce(e, "cathy", "/cathy_data", "DELETE", false);
}
public virtual Model?GetModel()
{
if (_model is not null)
{
return(_model);
}
string?modelPath = _options.Value.DefaultModelPath;
if (string.IsNullOrWhiteSpace(modelPath))
{
if (_options.Value.DefaultEnforcerFactory is not null)
{
return(null);
}
modelPath = _fallbackModelPath;
}
if (!File.Exists(modelPath))
{
throw new FileNotFoundException("Can not find the model file path.", modelPath);
}
// it will changed at next Casbin.NET version (v1.3.2 or later)
_model ??= CoreEnforcer.NewModel(_options.Value.DefaultModelPath, null);
return(_model);
}
public void testRBACModelInMemory()
{
Model m = CoreEnforcer.NewModel();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("g", "g", "_, _");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act");
Enforcer e = new Enforcer(m);
e.AddPermissionForUser("alice", "data1", "read");
e.AddPermissionForUser("bob", "data2", "write");
e.AddPermissionForUser("data2_admin", "data2", "read");
e.AddPermissionForUser("data2_admin", "data2", "write");
e.AddRoleForUser("alice", "data2_admin");
testEnforce(e, "alice", "data1", "read", true);
testEnforce(e, "alice", "data1", "write", false);
testEnforce(e, "alice", "data2", "read", true);
testEnforce(e, "alice", "data2", "write", true);
testEnforce(e, "bob", "data1", "read", false);
testEnforce(e, "bob", "data1", "write", false);
testEnforce(e, "bob", "data2", "read", false);
testEnforce(e, "bob", "data2", "write", true);
}
private async ValueTask <CasbinSamModel> GetSamModelAsync(string scopeId)
{
if (_casbinModelCache.TryGetModel(scopeId, out var samModel))
{
return(samModel);
}
samModel = new CasbinSamModel(scopeId, CoreEnforcer.NewModel(),
await _versionTokenProvider.GenerateVersionTokenAsync());
return(_casbinModelCache.AddOrUpdateModel(scopeId, samModel));
}
public void TestKeyMatchModelInMemoryDeny()
{
Model.Model m = CoreEnforcer.NewModel();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("e", "e", "!some(where (p.eft == deny))");
m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)");
IAdapter a = new DefaultFileAdapter("examples/keymatch_policy.csv");
Enforcer e = new Enforcer(m, a);
TestEnforce(e, "alice", "/alice_data/resource2", "POST", true);
}
public void TestRBACModelInMemoryIndeterminate()
{
Model.Model m = CoreEnforcer.NewModel();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("g", "g", "_, _");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act");
Enforcer e = new Enforcer(m);
e.AddPermissionForUser("alice", "data1", "invalid");
TestEnforce(e, "alice", "data1", "read", false);
}
public void TestInitEmpty()
{
Enforcer e = new Enforcer();
Model.Model m = CoreEnforcer.NewModel();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)");
IAdapter a = new DefaultFileAdapter("examples/keymatch_policy.csv");
e.SetModel(m);
e.SetAdapter(a);
e.LoadPolicy();
TestEnforce(e, "alice", "/alice_data/resource1", "GET", true);
}
public void TestInitEmptyByInputStream()
{
Enforcer e = new Enforcer();
Model.Model m = CoreEnforcer.NewModel();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)");
using (var fs = new FileStream("examples/keymatch_policy.csv", FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
IAdapter a = new DefaultFileAdapter(fs);
e.SetModel(m);
e.SetAdapter(a);
e.LoadPolicy();
TestEnforce(e, "alice", "/alice_data/resource1", "GET", true);
}
}
public ServicesFixture()
{
var builder = new ServiceCollection().AddCasbinSam();
builder.Services.AddDbContext <SamDbContext>(configure =>
{
configure.UseSqlite("Data Source=casbin_sam_test.db");
});
builder.AddManagement()
.AddEntityFrameworkStores <SamDbContext>();
ServiceProvider = builder.Services.BuildServiceProvider();
using var scope = ServiceProvider.CreateScope();
scope.ServiceProvider.GetRequiredService <SamDbContext>().Database.EnsureCreated();
var modelCache = ServiceProvider.GetRequiredService <ICasbinSamModelCache <CasbinSamModel> >();
var scopeId = SamConstants.DefaultAuthorizationScopeId;
modelCache.AddOrUpdateModel(scopeId,
new CasbinSamModel(scopeId, CoreEnforcer.NewModel("Examples/store_test_model.conf", null), string.Empty));
}
public void testRBACModelInMemory2()
{
String text =
"[request_definition]\n"
+ "r = sub, obj, act\n"
+ "\n"
+ "[policy_definition]\n"
+ "p = sub, obj, act\n"
+ "\n"
+ "[role_definition]\n"
+ "g = _, _\n"
+ "\n"
+ "[policy_effect]\n"
+ "e = some(where (p.eft == allow))\n"
+ "\n"
+ "[matchers]\n"
+ "m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act\n";
Model m = CoreEnforcer.NewModel(text);
Enforcer e = new Enforcer(m);
e.AddPermissionForUser("alice", "data1", "read");
e.AddPermissionForUser("bob", "data2", "write");
e.AddPermissionForUser("data2_admin", "data2", "read");
e.AddPermissionForUser("data2_admin", "data2", "write");
e.AddRoleForUser("alice", "data2_admin");
testEnforce(e, "alice", "data1", "read", true);
testEnforce(e, "alice", "data1", "write", false);
testEnforce(e, "alice", "data2", "read", true);
testEnforce(e, "alice", "data2", "write", true);
testEnforce(e, "bob", "data1", "read", false);
testEnforce(e, "bob", "data1", "write", false);
testEnforce(e, "bob", "data2", "read", false);
testEnforce(e, "bob", "data2", "write", true);
}
public Model GetNewRbacModel()
{
return(CoreEnforcer.NewModel(_rbacModelText));
}