public void TestRoleApiWithDomains() { var e = new Enforcer(_testModelFixture.GetNewRbacWithDomainsTestModel()); e.BuildRoleLinks(); TestHasRole(e, "alice", "admin", true, "domain1"); TestHasRole(e, "alice", "admin", false, "domain2"); TestGetRoles(e, "alice", AsList("admin"), "domain1"); TestGetRoles(e, "bob", AsList(), "domain1"); TestGetRoles(e, "admin", AsList(), "domain1"); TestGetRoles(e, "non_exist", AsList(), "domain1"); TestGetRoles(e, "alice", AsList(), "domain2"); TestGetRoles(e, "bob", AsList("admin"), "domain2"); TestGetRoles(e, "admin", AsList(), "domain2"); TestGetRoles(e, "non_exist", AsList(), "domain2"); _ = e.DeleteRoleForUser("alice", "admin", "domain1"); _ = e.AddRoleForUser("bob", "admin", "domain1"); TestGetRoles(e, "alice", AsList(), "domain1"); TestGetRoles(e, "bob", AsList("admin"), "domain1"); TestGetRoles(e, "admin", AsList(), "domain1"); TestGetRoles(e, "non_exist", AsList(), "domain1"); TestGetRoles(e, "alice", AsList(), "domain2"); TestGetRoles(e, "bob", AsList("admin"), "domain2"); TestGetRoles(e, "admin", AsList(), "domain2"); TestGetRoles(e, "non_exist", AsList(), "domain2"); _ = e.AddRoleForUser("alice", "admin", "domain1"); _ = e.DeleteRolesForUser("bob", "domain1"); TestGetRoles(e, "alice", AsList("admin"), "domain1"); TestGetRoles(e, "bob", AsList(), "domain1"); TestGetRoles(e, "admin", AsList(), "domain1"); TestGetRoles(e, "non_exist", AsList(), "domain1"); TestGetRoles(e, "alice", AsList(), "domain2"); TestGetRoles(e, "bob", AsList("admin"), "domain2"); TestGetRoles(e, "admin", AsList(), "domain2"); TestGetRoles(e, "non_exist", AsList(), "domain2"); _ = e.AddRolesForUser("bob", AsList("admin", "admin1", "admin2"), "domain1"); TestGetRoles(e, "bob", AsList("admin", "admin1", "admin2"), "domain1"); TestGetPermissions(e, "admin", AsList( AsList("admin", "domain1", "data1", "read"), AsList("admin", "domain1", "data1", "write")), "domain1"); TestGetPermissions(e, "admin", AsList( AsList("admin", "domain2", "data2", "read"), AsList("admin", "domain2", "data2", "write")), "domain2"); }
public void testRBACModelInMemory() { Model m = CoreEnforcer.NewModel(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("g", "g", "_, _"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act"); Enforcer e = new Enforcer(m); e.AddPermissionForUser("alice", "data1", "read"); e.AddPermissionForUser("bob", "data2", "write"); e.AddPermissionForUser("data2_admin", "data2", "read"); e.AddPermissionForUser("data2_admin", "data2", "write"); e.AddRoleForUser("alice", "data2_admin"); testEnforce(e, "alice", "data1", "read", true); testEnforce(e, "alice", "data1", "write", false); testEnforce(e, "alice", "data2", "read", true); testEnforce(e, "alice", "data2", "write", true); testEnforce(e, "bob", "data1", "read", false); testEnforce(e, "bob", "data1", "write", false); testEnforce(e, "bob", "data2", "read", false); testEnforce(e, "bob", "data2", "write", true); }
public void TestRbacModelInMemory() { var m = Model.Model.Create(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("g", "g", "_, _"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act"); var e = new Enforcer(m); e.AddPermissionForUser("alice", "data1", "read"); e.AddPermissionForUser("bob", "data2", "write"); e.AddPermissionForUser("data2_admin", "data2", "read"); e.AddPermissionForUser("data2_admin", "data2", "write"); e.AddRoleForUser("alice", "data2_admin"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }
public void testRBACModelInMemory2() { String text = "[request_definition]\n" + "r = sub, obj, act\n" + "\n" + "[policy_definition]\n" + "p = sub, obj, act\n" + "\n" + "[role_definition]\n" + "g = _, _\n" + "\n" + "[policy_effect]\n" + "e = some(where (p.eft == allow))\n" + "\n" + "[matchers]\n" + "m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act\n"; Model m = CoreEnforcer.NewModel(text); Enforcer e = new Enforcer(m); e.AddPermissionForUser("alice", "data1", "read"); e.AddPermissionForUser("bob", "data2", "write"); e.AddPermissionForUser("data2_admin", "data2", "read"); e.AddPermissionForUser("data2_admin", "data2", "write"); e.AddRoleForUser("alice", "data2_admin"); testEnforce(e, "alice", "data1", "read", true); testEnforce(e, "alice", "data1", "write", false); testEnforce(e, "alice", "data2", "read", true); testEnforce(e, "alice", "data2", "write", true); testEnforce(e, "bob", "data1", "read", false); testEnforce(e, "bob", "data1", "write", false); testEnforce(e, "bob", "data2", "read", false); testEnforce(e, "bob", "data2", "write", true); }
public void TestRbacModelInMemory2() { string text = "[request_definition]\n" + "r = sub, obj, act\n" + "\n" + "[policy_definition]\n" + "p = sub, obj, act\n" + "\n" + "[role_definition]\n" + "g = _, _\n" + "\n" + "[policy_effect]\n" + "e = some(where (p.eft == allow))\n" + "\n" + "[matchers]\n" + "m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act\n"; var m = Model.Model.CreateDefaultFromText(text); var e = new Enforcer(m); e.AddPermissionForUser("alice", "data1", "read"); e.AddPermissionForUser("bob", "data2", "write"); e.AddPermissionForUser("data2_admin", "data2", "read"); e.AddPermissionForUser("data2_admin", "data2", "write"); e.AddRoleForUser("alice", "data2_admin"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }
public IActionResult addGeneralRoleWithoutModel(string userName, string roleName) { bool response = _enforcer.AddRoleForUser(userName, roleName); return(Ok(response)); }
public void TestRoleApi() { var e = new Enforcer(_testModelFixture.GetNewRbacTestModel()); e.BuildRoleLinks(); TestGetRoles(e, "alice", AsList("data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); TestGetRoles(e, "non_exist", AsList()); TestHasRole(e, "alice", "data1_admin", false); TestHasRole(e, "alice", "data2_admin", true); e.AddRoleForUser("alice", "data1_admin"); TestGetRoles(e, "alice", AsList("data1_admin", "data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); e.DeleteRoleForUser("alice", "data1_admin"); TestGetRoles(e, "alice", AsList("data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); e.DeleteRolesForUser("alice"); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); e.AddRoleForUser("alice", "data1_admin"); e.DeleteUser("alice"); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); e.AddRoleForUser("alice", "data2_admin"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); e.DeleteRole("data2_admin"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", false); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }
public void Test_RoleAPI() { Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv"); TestGetRoles(e, "alice", AsList("data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); TestGetRoles(e, "non_exist", AsList()); TestHasRole(e, "alice", "data1_admin", false); TestHasRole(e, "alice", "data2_admin", true); e.AddRoleForUser("alice", "data1_admin"); TestGetRoles(e, "alice", AsList("data1_admin", "data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); e.DeleteRoleForUser("alice", "data1_admin"); TestGetRoles(e, "alice", AsList("data2_admin")); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); e.DeleteRolesForUser("alice"); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); e.AddRoleForUser("alice", "data1_admin"); e.DeleteUser("alice"); TestGetRoles(e, "alice", AsList()); TestGetRoles(e, "bob", AsList()); TestGetRoles(e, "data2_admin", AsList()); e.AddRoleForUser("alice", "data2_admin"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); e.DeleteRole("data2_admin"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", false); TestEnforce(e, "alice", "data2", "write", false); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }