public void TestGetAndSetModel()
{
var e = new Enforcer("examples/basic_model.conf", "examples/basic_policy.csv");
var e2 = new Enforcer("examples/basic_with_root_model.conf", "examples/basic_policy.csv");
TestEnforce(e, "root", "data1", "read", false);
e.SetModel(e2.GetModel());
TestEnforce(e, "root", "data1", "read", true);
}
public void TestGetDomainsForUser()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(
_testModelFixture._rbacWithDomainsModelText,
_testModelFixture._rbacWithDomainsPolicy2Text));
e.BuildRoleLinks();
e.TestGetDomainsForUser("alice", new[] { "domain1", "domain2" });
e.TestGetDomainsForUser("bob", new[] { "domain2", "domain3" });
e.TestGetDomainsForUser("user", new[] { "domain3" });
}
private void GlobalSetupFromFile(string modelFileName, string policyFileName = null)
{
if (policyFileName is null)
{
NowEnforcer = new Enforcer(GetTestFilePath(modelFileName));
NowEnforcer.EnableCache(true);
return;
}
NowEnforcer = new Enforcer(GetTestFilePath(modelFileName), GetTestFilePath(policyFileName));
NowEnforcer.EnableCache(true);
}
private void Awake()
{
if (instance != null)
{
Destroy(this.gameObject);
}
else
{
instance = this;
GameObject.DontDestroyOnLoad(this.gameObject);
}
}
public void Test_RBACModelWithDomains()
{
Enforcer e = new Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv");
testDomainEnforce(e, "alice", "domain1", "data1", "read", true);
testDomainEnforce(e, "alice", "domain1", "data1", "write", true);
testDomainEnforce(e, "alice", "domain1", "data2", "read", false);
testDomainEnforce(e, "alice", "domain1", "data2", "write", false);
testDomainEnforce(e, "bob", "domain2", "data1", "read", false);
testDomainEnforce(e, "bob", "domain2", "data1", "write", false);
testDomainEnforce(e, "bob", "domain2", "data2", "read", true);
testDomainEnforce(e, "bob", "domain2", "data2", "write", true);
}
public void Test_BasicModel()
{
Enforcer e = new Enforcer("examples/basic_model.conf", "examples/basic_policy.csv");
testEnforce(e, "alice", "data1", "read", true);
testEnforce(e, "alice", "data1", "write", false);
testEnforce(e, "alice", "data2", "read", false);
testEnforce(e, "alice", "data2", "write", false);
testEnforce(e, "bob", "data1", "read", false);
testEnforce(e, "bob", "data1", "write", false);
testEnforce(e, "bob", "data2", "read", false);
testEnforce(e, "bob", "data2", "write", true);
}
public async Task TestSetAdapterFromFileAsync()
{
var e = new Enforcer("examples/basic_model.conf");
TestEnforce(e, "alice", "data1", "read", false);
IAdapter a = new DefaultFileAdapter("examples/basic_policy.csv");
e.SetAdapter(a);
await e.LoadPolicyAsync();
TestEnforce(e, "alice", "data1", "read", true);
}
public void Test_BasicModelNoPolicy()
{
Enforcer e = new Enforcer("examples/basic_model.conf");
TestEnforce(e, "alice", "data1", "read", false);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", false);
}
public void TestBasicModelNoPolicy()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(_testModelFixture._basicModelText));
TestEnforce(e, "alice", "data1", "read", false);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", false);
}
public void Test_RBACModelWithResourceRoles()
{
Enforcer e = new Enforcer("examples/rbac_with_resource_roles_model.conf", "examples/rbac_with_resource_roles_policy.csv");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", true);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", true);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
public void Test_RBACModelWithDeny()
{
Enforcer e = new Enforcer("examples/rbac_with_deny_model.conf", "examples/rbac_with_deny_policy.csv");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", true);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
public void ShouldUpdate()
{
var sampleWatcher = new SampleWatcher();
Assert.False(sampleWatcher.Called);
var enforcer = new Enforcer(_testModelFixture.GetNewRbacTestModel(),
new DefaultFileAdapter(TestModelFixture.GetTestFile("rbac_policy_for_watcher_test.csv")));
enforcer.SetWatcher(sampleWatcher, false);
enforcer.SavePolicy();
Assert.True(sampleWatcher.Called);
}
public void testSetAdapterFromFile()
{
Enforcer e = new Enforcer("examples/basic_model.conf");
testEnforce(e, "alice", "data1", "read", false);
IAdapter a = new DefaultFileAdapter("examples/basic_policy.csv");
e.SetAdapter(a);
e.LoadPolicy();
testEnforce(e, "alice", "data1", "read", true);
}
public void TestBasicModel()
{
var e = new Enforcer(_testModelFixture.GetBasicTestModel());
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
public void Test_PriorityModel()
{
Enforcer e = new Enforcer("examples/priority_model.conf", "examples/priority_policy.csv");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", true);
TestEnforce(e, "bob", "data2", "write", false);
}
public IBooleanOperation GroupedAnd(IEnumerable <string> fields, params string[] query)
{
Enforcer.ArgumentNotNull(fields, "fields");
Enforcer.ArgumentNotNull(query, "query");
var fieldVals = new List <IExamineValue>();
foreach (var f in query)
{
fieldVals.Add(new ExamineValue(Examineness.Explicit, f));
}
return(this.GroupedAnd(fields.ToArray(), fieldVals.ToArray()));
}
public async Task TestRbacModelWithDomainsAtRuntimeAsync()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(_testModelFixture._rbacWithDomainsModelText));
e.BuildRoleLinks();
await e.AddPolicyAsync("admin", "domain1", "data1", "read");
await e.AddPolicyAsync("admin", "domain1", "data1", "write");
await e.AddPolicyAsync("admin", "domain2", "data2", "read");
await e.AddPolicyAsync("admin", "domain2", "data2", "write");
await e.AddGroupingPolicyAsync("alice", "admin", "domain1");
await e.AddGroupingPolicyAsync("bob", "admin", "domain2");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", true);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", true);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", true);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
// Remove all policy rules related to domain1 and data1.
await e.RemoveFilteredPolicyAsync(1, "domain1", "data1");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", true);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
// Remove the specified policy rule.
await e.RemovePolicyAsync("admin", "domain2", "data2", "read");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
}
public async Task ShouldUpdateAsync()
{
var sampleWatcher = new SampleWatcher();
Assert.False(sampleWatcher.AsyncCalled);
var enforcer = new Enforcer(_testModelFixture.GetBasicTestModel(),
new DefaultFileAdapter(TestModelFixture.GetTestFile("rbac_policy_for_async_watcher_test.csv")));
enforcer.SetWatcher(sampleWatcher);
await enforcer.SavePolicyAsync();
Assert.True(sampleWatcher.AsyncCalled);
}
public void TestKeyMatchModelInMemoryDeny()
{
Model.Model m = CoreEnforcer.NewModel();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("e", "e", "!some(where (p.eft == deny))");
m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)");
IAdapter a = new DefaultFileAdapter("examples/keymatch_policy.csv");
Enforcer e = new Enforcer(m, a);
TestEnforce(e, "alice", "/alice_data/resource2", "POST", true);
}
public void TestGetRolesFromUserWithDomains()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(
_testModelFixture._rbacWithDomainsModelText,
_testModelFixture._rbacWithHierarchyWithDomainsPolicyText));
e.BuildRoleLinks();
// This is only able to retrieve the first level of roles.
TestGetRolesInDomain(e, "alice", "domain1", AsList("role:global_admin"));
// Retrieve all inherit roles. It supports domains as well.
TestGetImplicitRolesInDomain(e, "alice", "domain1", AsList("role:global_admin", "role:reader", "role:writer"));
}
public void testInitWithAdapter()
{
IAdapter adapter = new DefaultFileAdapter("examples/basic_policy.csv");
Enforcer e = new Enforcer("examples/basic_model.conf", adapter);
testEnforce(e, "alice", "data1", "read", true);
testEnforce(e, "alice", "data1", "write", false);
testEnforce(e, "alice", "data2", "read", false);
testEnforce(e, "alice", "data2", "write", false);
testEnforce(e, "bob", "data1", "read", false);
testEnforce(e, "bob", "data1", "write", false);
testEnforce(e, "bob", "data2", "read", false);
testEnforce(e, "bob", "data2", "write", true);
}
internal LuceneSearchCriteria(string type, Analyzer analyzer, string[] fields, bool allowLeadingWildcards, BooleanOperation occurance)
{
//TODO: It would be nice to be able to pass in the existing field definitions here so
// we'd know what fields have sorting enabled so we don't have to use the special sorting syntax for field types
Enforcer.ArgumentNotNull(fields, "fields");
SearchIndexType = type;
Query = new BooleanQuery();
this.BooleanOperation = occurance;
this.QueryParser = new MultiFieldQueryParser(_luceneVersion, fields, analyzer);
this.QueryParser.SetAllowLeadingWildcard(allowLeadingWildcards);
this._occurance = occurance.ToLuceneOccurance();
}
public void TestGetImplicitPermissionsForUserWithDomain()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(
_testModelFixture._rbacWithDomainsModelText,
_testModelFixture._rbacWithHierarchyWithDomainsPolicyText));
e.BuildRoleLinks();
TestGetImplicitPermissions(e, "alice", AsList(
AsList("alice", "domain1", "data2", "read"),
AsList("role:reader", "domain1", "data1", "read"),
AsList("role:writer", "domain1", "data1", "write")),
"domain1");
}
public void TestEnforceWithMatcherApi()
{
var e = new Enforcer(_testModelFixture.GetBasicTestModel());
string matcher = "r.sub != p.sub && r.obj == p.obj && r.act == p.act";
e.TestEnforceWithMatcher(matcher, "alice", "data1", "read", false);
e.TestEnforceWithMatcher(matcher, "alice", "data1", "write", false);
e.TestEnforceWithMatcher(matcher, "alice", "data2", "read", false);
e.TestEnforceWithMatcher(matcher, "alice", "data2", "write", true);
e.TestEnforceWithMatcher(matcher, "bob", "data1", "read", true);
e.TestEnforceWithMatcher(matcher, "bob", "data1", "write", false);
e.TestEnforceWithMatcher(matcher, "bob", "data2", "read", false);
e.TestEnforceWithMatcher(matcher, "bob", "data2", "write", false);
}
public void TestEnforceWithMultipleEval()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(
_testModelFixture._rbacMultipleEvalModelText,
_testModelFixture._rbacMultipleEvalPolicyText));
bool result = e.Enforce(
"domain1",
new { Role = "admin" },
new { Name = "admin_panel" },
"view");
Assert.True(result);
}
public void TestRbacModelWithDomains()
{
var e = new Enforcer(_testModelFixture.GetNewRbacWithDomainsTestModel());
e.BuildRoleLinks();
TestDomainEnforce(e, "alice", "domain1", "data1", "read", true);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", true);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", true);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
}
public void TestPriorityModel()
{
var e = new Enforcer(_testModelFixture.GetNewPriorityTestModel());
e.BuildRoleLinks();
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", true);
TestEnforce(e, "bob", "data2", "write", false);
}
public void TestRBACModelInMemoryIndeterminate()
{
Model.Model m = CoreEnforcer.NewModel();
m.AddDef("r", "r", "sub, obj, act");
m.AddDef("p", "p", "sub, obj, act");
m.AddDef("g", "g", "_, _");
m.AddDef("e", "e", "some(where (p.eft == allow))");
m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act");
Enforcer e = new Enforcer(m);
e.AddPermissionForUser("alice", "data1", "invalid");
TestEnforce(e, "alice", "data1", "read", false);
}
public static void CheckEnvironmentAccess(string sub, string obj, string act, string env)
{
var e = new Enforcer("./casbin-config/env_model.conf", "./casbin-config/env_policy.csv");
if (e.Enforce(sub, obj, act, env))
{
// permit alice to read data1
Console.WriteLine("Access Granted");
}
else
{
// deny the request, show an error
Console.WriteLine("Access Denied");
}
}
public void TestTypConvertorAttribute()
{
var adapter = new EFCoreAdapter <Guid>(_context);
var enforcer = new Enforcer(_modelProvideFixture.GetNewAbacModel(), adapter);
enforcer.LoadPolicy();
var flag = enforcer.Enforce(new
{
IsTenantMember = "true",
Age = 30
}, "/data2", "write");
Assert.True(flag);
}
static void Main(string[] args)
{
var lineRule = new LineRule(
directory: Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory),
filename: "example_enforcer.ini",
search: "example line=",
rule: "example line=chicken");
Console.WriteLine("Automatic? (Y/N)");
if (!Console.ReadLine().ToUpper().StartsWith("Y"))
{
Console.WriteLine("Please enter directory to watch.");
var dir = Console.ReadLine();
Console.WriteLine("Please enter filename.");
var filename = Console.ReadLine();
Console.WriteLine("Please enter line to enforce.");
var line = Console.ReadLine();
Console.WriteLine("Please enter rule.");
var rule = Console.ReadLine();
lineRule = new LineRule(dir, filename, line, rule);
}
File.WriteAllText(lineRule.FullPath, lineRule.Rule + Environment.NewLine);
using (var enforcer = new Enforcer(lineRule))
{
enforcer.Begin(() => Console.WriteLine("Changed!"));
Console.WriteLine("Watching...");
Console.ReadKey();
Console.WriteLine("Finished...");
}
}
