示例#1
0
        public void testKeyMatchModelInMemory()
        {
            Model m = CoreEnforcer.NewModel();

            m.AddDef("r", "r", "sub, obj, act");
            m.AddDef("p", "p", "sub, obj, act");
            m.AddDef("e", "e", "some(where (p.eft == allow))");
            m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)");

            IAdapter a = new DefaultFileAdapter("examples/keymatch_policy.csv");

            Enforcer e = new Enforcer(m, a);

            testEnforce(e, "alice", "/alice_data/resource1", "GET", true);
            testEnforce(e, "alice", "/alice_data/resource1", "POST", true);
            testEnforce(e, "alice", "/alice_data/resource2", "GET", true);
            testEnforce(e, "alice", "/alice_data/resource2", "POST", false);
            testEnforce(e, "alice", "/bob_data/resource1", "GET", false);
            testEnforce(e, "alice", "/bob_data/resource1", "POST", false);
            testEnforce(e, "alice", "/bob_data/resource2", "GET", false);
            testEnforce(e, "alice", "/bob_data/resource2", "POST", false);

            testEnforce(e, "bob", "/alice_data/resource1", "GET", false);
            testEnforce(e, "bob", "/alice_data/resource1", "POST", false);
            testEnforce(e, "bob", "/alice_data/resource2", "GET", true);
            testEnforce(e, "bob", "/alice_data/resource2", "POST", false);
            testEnforce(e, "bob", "/bob_data/resource1", "GET", false);
            testEnforce(e, "bob", "/bob_data/resource1", "POST", true);
            testEnforce(e, "bob", "/bob_data/resource2", "GET", false);
            testEnforce(e, "bob", "/bob_data/resource2", "POST", true);

            testEnforce(e, "cathy", "/cathy_data", "GET", true);
            testEnforce(e, "cathy", "/cathy_data", "POST", true);
            testEnforce(e, "cathy", "/cathy_data", "DELETE", false);

            e = new Enforcer(m);
            a.LoadPolicy(e.GetModel());

            testEnforce(e, "alice", "/alice_data/resource1", "GET", true);
            testEnforce(e, "alice", "/alice_data/resource1", "POST", true);
            testEnforce(e, "alice", "/alice_data/resource2", "GET", true);
            testEnforce(e, "alice", "/alice_data/resource2", "POST", false);
            testEnforce(e, "alice", "/bob_data/resource1", "GET", false);
            testEnforce(e, "alice", "/bob_data/resource1", "POST", false);
            testEnforce(e, "alice", "/bob_data/resource2", "GET", false);
            testEnforce(e, "alice", "/bob_data/resource2", "POST", false);

            testEnforce(e, "bob", "/alice_data/resource1", "GET", false);
            testEnforce(e, "bob", "/alice_data/resource1", "POST", false);
            testEnforce(e, "bob", "/alice_data/resource2", "GET", true);
            testEnforce(e, "bob", "/alice_data/resource2", "POST", false);
            testEnforce(e, "bob", "/bob_data/resource1", "GET", false);
            testEnforce(e, "bob", "/bob_data/resource1", "POST", true);
            testEnforce(e, "bob", "/bob_data/resource2", "GET", false);
            testEnforce(e, "bob", "/bob_data/resource2", "POST", true);

            testEnforce(e, "cathy", "/cathy_data", "GET", true);
            testEnforce(e, "cathy", "/cathy_data", "POST", true);
            testEnforce(e, "cathy", "/cathy_data", "DELETE", false);
        }
        public virtual Model?GetModel()
        {
            if (_model is not null)
            {
                return(_model);
            }

            string?modelPath = _options.Value.DefaultModelPath;

            if (string.IsNullOrWhiteSpace(modelPath))
            {
                if (_options.Value.DefaultEnforcerFactory is not null)
                {
                    return(null);
                }
                modelPath = _fallbackModelPath;
            }

            if (!File.Exists(modelPath))
            {
                throw new FileNotFoundException("Can not find the model file path.", modelPath);
            }

            // it will changed at next Casbin.NET version (v1.3.2 or later)
            _model ??= CoreEnforcer.NewModel(_options.Value.DefaultModelPath, null);
            return(_model);
        }
示例#3
0
        public void testRBACModelInMemory()
        {
            Model m = CoreEnforcer.NewModel();

            m.AddDef("r", "r", "sub, obj, act");
            m.AddDef("p", "p", "sub, obj, act");
            m.AddDef("g", "g", "_, _");
            m.AddDef("e", "e", "some(where (p.eft == allow))");
            m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act");

            Enforcer e = new Enforcer(m);

            e.AddPermissionForUser("alice", "data1", "read");
            e.AddPermissionForUser("bob", "data2", "write");
            e.AddPermissionForUser("data2_admin", "data2", "read");
            e.AddPermissionForUser("data2_admin", "data2", "write");
            e.AddRoleForUser("alice", "data2_admin");

            testEnforce(e, "alice", "data1", "read", true);
            testEnforce(e, "alice", "data1", "write", false);
            testEnforce(e, "alice", "data2", "read", true);
            testEnforce(e, "alice", "data2", "write", true);
            testEnforce(e, "bob", "data1", "read", false);
            testEnforce(e, "bob", "data1", "write", false);
            testEnforce(e, "bob", "data2", "read", false);
            testEnforce(e, "bob", "data2", "write", true);
        }
示例#4
0
        private async ValueTask <CasbinSamModel> GetSamModelAsync(string scopeId)
        {
            if (_casbinModelCache.TryGetModel(scopeId, out var samModel))
            {
                return(samModel);
            }

            samModel = new CasbinSamModel(scopeId, CoreEnforcer.NewModel(),
                                          await _versionTokenProvider.GenerateVersionTokenAsync());

            return(_casbinModelCache.AddOrUpdateModel(scopeId, samModel));
        }
示例#5
0
        public void TestKeyMatchModelInMemoryDeny()
        {
            Model.Model m = CoreEnforcer.NewModel();
            m.AddDef("r", "r", "sub, obj, act");
            m.AddDef("p", "p", "sub, obj, act");
            m.AddDef("e", "e", "!some(where (p.eft == deny))");
            m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)");

            IAdapter a = new DefaultFileAdapter("examples/keymatch_policy.csv");

            Enforcer e = new Enforcer(m, a);

            TestEnforce(e, "alice", "/alice_data/resource2", "POST", true);
        }
示例#6
0
        public void TestRBACModelInMemoryIndeterminate()
        {
            Model.Model m = CoreEnforcer.NewModel();
            m.AddDef("r", "r", "sub, obj, act");
            m.AddDef("p", "p", "sub, obj, act");
            m.AddDef("g", "g", "_, _");
            m.AddDef("e", "e", "some(where (p.eft == allow))");
            m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act");

            Enforcer e = new Enforcer(m);

            e.AddPermissionForUser("alice", "data1", "invalid");

            TestEnforce(e, "alice", "data1", "read", false);
        }
示例#7
0
        public void TestInitEmpty()
        {
            Enforcer e = new Enforcer();

            Model.Model m = CoreEnforcer.NewModel();
            m.AddDef("r", "r", "sub, obj, act");
            m.AddDef("p", "p", "sub, obj, act");
            m.AddDef("e", "e", "some(where (p.eft == allow))");
            m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)");

            IAdapter a = new DefaultFileAdapter("examples/keymatch_policy.csv");

            e.SetModel(m);
            e.SetAdapter(a);
            e.LoadPolicy();

            TestEnforce(e, "alice", "/alice_data/resource1", "GET", true);
        }
示例#8
0
        public void TestInitEmptyByInputStream()
        {
            Enforcer e = new Enforcer();

            Model.Model m = CoreEnforcer.NewModel();
            m.AddDef("r", "r", "sub, obj, act");
            m.AddDef("p", "p", "sub, obj, act");
            m.AddDef("e", "e", "some(where (p.eft == allow))");
            m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)");

            using (var fs = new FileStream("examples/keymatch_policy.csv", FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
            {
                IAdapter a = new DefaultFileAdapter(fs);
                e.SetModel(m);
                e.SetAdapter(a);
                e.LoadPolicy();

                TestEnforce(e, "alice", "/alice_data/resource1", "GET", true);
            }
        }
示例#9
0
        public ServicesFixture()
        {
            var builder = new ServiceCollection().AddCasbinSam();

            builder.Services.AddDbContext <SamDbContext>(configure =>
            {
                configure.UseSqlite("Data Source=casbin_sam_test.db");
            });

            builder.AddManagement()
            .AddEntityFrameworkStores <SamDbContext>();

            ServiceProvider = builder.Services.BuildServiceProvider();

            using var scope = ServiceProvider.CreateScope();
            scope.ServiceProvider.GetRequiredService <SamDbContext>().Database.EnsureCreated();

            var modelCache = ServiceProvider.GetRequiredService <ICasbinSamModelCache <CasbinSamModel> >();
            var scopeId    = SamConstants.DefaultAuthorizationScopeId;

            modelCache.AddOrUpdateModel(scopeId,
                                        new CasbinSamModel(scopeId, CoreEnforcer.NewModel("Examples/store_test_model.conf", null), string.Empty));
        }
示例#10
0
        public void testRBACModelInMemory2()
        {
            String text =
                "[request_definition]\n"
                + "r = sub, obj, act\n"
                + "\n"
                + "[policy_definition]\n"
                + "p = sub, obj, act\n"
                + "\n"
                + "[role_definition]\n"
                + "g = _, _\n"
                + "\n"
                + "[policy_effect]\n"
                + "e = some(where (p.eft == allow))\n"
                + "\n"
                + "[matchers]\n"
                + "m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act\n";

            Model m = CoreEnforcer.NewModel(text);

            Enforcer e = new Enforcer(m);

            e.AddPermissionForUser("alice", "data1", "read");
            e.AddPermissionForUser("bob", "data2", "write");
            e.AddPermissionForUser("data2_admin", "data2", "read");
            e.AddPermissionForUser("data2_admin", "data2", "write");
            e.AddRoleForUser("alice", "data2_admin");

            testEnforce(e, "alice", "data1", "read", true);
            testEnforce(e, "alice", "data1", "write", false);
            testEnforce(e, "alice", "data2", "read", true);
            testEnforce(e, "alice", "data2", "write", true);
            testEnforce(e, "bob", "data1", "read", false);
            testEnforce(e, "bob", "data1", "write", false);
            testEnforce(e, "bob", "data2", "read", false);
            testEnforce(e, "bob", "data2", "write", true);
        }
 public Model GetNewRbacModel()
 {
     return(CoreEnforcer.NewModel(_rbacModelText));
 }