public void TestModifyGroupingPolicy()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList());
TestGetRoles(e, "non_exist", AsList());
e.RemoveGroupingPolicy("alice", "data2_admin");
e.AddGroupingPolicy("bob", "data1_admin");
e.AddGroupingPolicy("eve", "data3_admin");
var groupingRules = AsList(
AsList("ham", "data4_admin"),
AsList("jack", "data5_admin")
);
_ = e.AddGroupingPolicies(groupingRules);
TestGetRoles(e, "ham", AsList("data4_admin"));
TestGetRoles(e, "jack", AsList("data5_admin"));
_ = e.RemoveGroupingPolicies(groupingRules);
TestGetRoles(e, "alice", AsList());
var namedGroupingPolicy = AsList("alice", "data2_admin");
TestGetRoles(e, "alice", AsList());
e.AddNamedGroupingPolicy("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList("data2_admin"));
e.RemoveNamedGroupingPolicy("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList("data1_admin"));
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList("bob"));
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
e.RemoveFilteredGroupingPolicy(0, "bob");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList());
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
}
public void TestGetDomainsForUser()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(
_testModelFixture._rbacWithDomainsModelText,
_testModelFixture._rbacWithDomainsPolicy2Text));
e.BuildRoleLinks();
e.TestGetDomainsForUser("alice", new[] { "domain1", "domain2" });
e.TestGetDomainsForUser("bob", new[] { "domain2", "domain3" });
e.TestGetDomainsForUser("user", new[] { "domain3" });
}
public async Task TestRbacModelWithDomainsAtRuntimeAsync()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(_testModelFixture._rbacWithDomainsModelText));
e.BuildRoleLinks();
await e.AddPolicyAsync("admin", "domain1", "data1", "read");
await e.AddPolicyAsync("admin", "domain1", "data1", "write");
await e.AddPolicyAsync("admin", "domain2", "data2", "read");
await e.AddPolicyAsync("admin", "domain2", "data2", "write");
await e.AddGroupingPolicyAsync("alice", "admin", "domain1");
await e.AddGroupingPolicyAsync("bob", "admin", "domain2");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", true);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", true);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", true);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
// Remove all policy rules related to domain1 and data1.
await e.RemoveFilteredPolicyAsync(1, "domain1", "data1");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", true);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
// Remove the specified policy rule.
await e.RemovePolicyAsync("admin", "domain2", "data2", "read");
TestDomainEnforce(e, "alice", "domain1", "data1", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
}
public void TestGetRolesFromUserWithDomains()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(
_testModelFixture._rbacWithDomainsModelText,
_testModelFixture._rbacWithHierarchyWithDomainsPolicyText));
e.BuildRoleLinks();
// This is only able to retrieve the first level of roles.
TestGetRolesInDomain(e, "alice", "domain1", AsList("role:global_admin"));
// Retrieve all inherit roles. It supports domains as well.
TestGetImplicitRolesInDomain(e, "alice", "domain1", AsList("role:global_admin", "role:reader", "role:writer"));
}
public void TestGetImplicitPermissionsForUserWithDomain()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(
_testModelFixture._rbacWithDomainsModelText,
_testModelFixture._rbacWithHierarchyWithDomainsPolicyText));
e.BuildRoleLinks();
TestGetImplicitPermissions(e, "alice", AsList(
AsList("alice", "domain1", "data2", "read"),
AsList("role:reader", "domain1", "data1", "read"),
AsList("role:writer", "domain1", "data1", "write")),
"domain1");
}
public void TestPriorityModel()
{
var e = new Enforcer(_testModelFixture.GetNewPriorityTestModel());
e.BuildRoleLinks();
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", true);
TestEnforce(e, "bob", "data2", "write", false);
}
public void TestRbacModelWithDomains()
{
var e = new Enforcer(_testModelFixture.GetNewRbacWithDomainsTestModel());
e.BuildRoleLinks();
TestDomainEnforce(e, "alice", "domain1", "data1", "read", true);
TestDomainEnforce(e, "alice", "domain1", "data1", "write", true);
TestDomainEnforce(e, "alice", "domain1", "data2", "read", false);
TestDomainEnforce(e, "alice", "domain1", "data2", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "read", false);
TestDomainEnforce(e, "bob", "domain2", "data1", "write", false);
TestDomainEnforce(e, "bob", "domain2", "data2", "read", true);
TestDomainEnforce(e, "bob", "domain2", "data2", "write", true);
}
public void TestRbacModelWithCustomRoleManager()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.SetRoleManager(new CustomRoleManager());
e.BuildRoleLinks();
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", true);
TestEnforce(e, "alice", "data2", "write", true);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
public async Task TestPermissionApiAsync()
{
var e = new Enforcer(_testModelFixture.GetBasicWithoutResourceTestModel());
e.BuildRoleLinks();
await TestEnforceWithoutUsersAsync(e, "alice", "read", true);
await TestEnforceWithoutUsersAsync(e, "alice", "write", false);
await TestEnforceWithoutUsersAsync(e, "bob", "read", false);
await TestEnforceWithoutUsersAsync(e, "bob", "write", true);
TestGetPermissions(e, "alice", AsList(AsList("alice", "read")));
TestGetPermissions(e, "bob", AsList(AsList("bob", "write")));
TestHasPermission(e, "alice", AsList("read"), true);
TestHasPermission(e, "alice", AsList("write"), false);
TestHasPermission(e, "bob", AsList("read"), false);
TestHasPermission(e, "bob", AsList("write"), true);
_ = await e.DeletePermissionAsync("read");
await TestEnforceWithoutUsersAsync(e, "alice", "read", false);
await TestEnforceWithoutUsersAsync(e, "alice", "write", false);
await TestEnforceWithoutUsersAsync(e, "bob", "read", false);
await TestEnforceWithoutUsersAsync(e, "bob", "write", true);
_ = await e.AddPermissionForUserAsync("bob", "read");
await TestEnforceWithoutUsersAsync(e, "alice", "read", false);
await TestEnforceWithoutUsersAsync(e, "alice", "write", false);
await TestEnforceWithoutUsersAsync(e, "bob", "read", true);
await TestEnforceWithoutUsersAsync(e, "bob", "write", true);
_ = await e.DeletePermissionForUserAsync("bob", "read");
await TestEnforceWithoutUsersAsync(e, "alice", "read", false);
await TestEnforceWithoutUsersAsync(e, "alice", "write", false);
await TestEnforceWithoutUsersAsync(e, "bob", "read", false);
await TestEnforceWithoutUsersAsync(e, "bob", "write", true);
_ = await e.DeletePermissionsForUserAsync("bob");
await TestEnforceWithoutUsersAsync(e, "alice", "read", false);
await TestEnforceWithoutUsersAsync(e, "alice", "write", false);
await TestEnforceWithoutUsersAsync(e, "bob", "read", false);
await TestEnforceWithoutUsersAsync(e, "bob", "write", false);
}
public async Task TestModifyGroupingPolicyAsync()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList());
TestGetRoles(e, "non_exist", AsList());
await e.RemoveGroupingPolicyAsync("alice", "data2_admin");
await e.AddGroupingPolicyAsync("bob", "data1_admin");
await e.AddGroupingPolicyAsync("eve", "data3_admin");
var namedGroupingPolicy = AsList("alice", "data2_admin");
TestGetRoles(e, "alice", AsList());
await e.AddNamedGroupingPolicyAsync("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList("data2_admin"));
await e.RemoveNamedGroupingPolicyAsync("g", namedGroupingPolicy);
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList("data1_admin"));
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList("bob"));
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
await e.RemoveFilteredGroupingPolicyAsync(0, "bob");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "eve", AsList("data3_admin"));
TestGetRoles(e, "non_exist", AsList());
TestGetUsers(e, "data1_admin", AsList());
TestGetUsers(e, "data2_admin", AsList());
TestGetUsers(e, "data3_admin", AsList("eve"));
}
public void TestAddRolesForUser()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
_ = e.AddRolesForUser("alice", AsList("data1_admin", "data2_admin", "data3_admin"));
// The "alice" already has "data2_admin" , it will be return false. So "alice" just has "data2_admin".
TestGetRoles(e, "alice", AsList("data2_admin"));
// delete role
_ = e.DeleteRoleForUser("alice", "data2_admin");
_ = e.AddRolesForUser("alice", AsList("data1_admin", "data2_admin", "data3_admin"));
TestGetRoles(e, "alice", AsList("data1_admin", "data2_admin", "data3_admin"));
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data2", "read", true);
TestEnforce(e, "alice", "data2", "write", true);
}
public void GetImplicitRolesForUser()
{
// Arrange
var e = new Enforcer(TestModelFixture.GetNewTestModel(
_testModelFixture._rbacModelText,
_testModelFixture._rbacWithHierarchyPolicyText));
e.BuildRoleLinks();
// Assert
TestGetPermissions(e, "alice", AsList(
AsList("alice", "data1", "read")));
TestGetPermissions(e, "bob", AsList(
AsList("bob", "data2", "write")));
Assert.Equal(new[] { "admin", "data1_admin", "data2_admin" },
e.GetImplicitRolesForUser("alice"));
Assert.Equal(new string[0],
e.GetImplicitRolesForUser("bob"));
}
public void TestGetPolicyApi()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetPolicy(e, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write")));
TestGetFilteredPolicy(e, 0, AsList(AsList("alice", "data1", "read")), "alice");
TestGetFilteredPolicy(e, 0, AsList(AsList("bob", "data2", "write")), "bob");
TestGetFilteredPolicy(e, 0, AsList(AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write")), "data2_admin");
TestGetFilteredPolicy(e, 1, AsList(AsList("alice", "data1", "read")), "data1");
TestGetFilteredPolicy(e, 1, AsList(AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write")), "data2");
TestGetFilteredPolicy(e, 2, AsList(AsList("alice", "data1", "read"), AsList("data2_admin", "data2", "read")), "read");
TestGetFilteredPolicy(e, 2, AsList(AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "write")), "write");
TestGetFilteredPolicy(e, 0, AsList(AsList("data2_admin", "data2", "read"), AsList("data2_admin", "data2", "write")), "data2_admin", "data2");
// Note: "" (empty string) in fieldValues means matching all values.
TestGetFilteredPolicy(e, 0, AsList(AsList("data2_admin", "data2", "read")), "data2_admin", "", "read");
TestGetFilteredPolicy(e, 1, AsList(AsList("bob", "data2", "write"), AsList("data2_admin", "data2", "write")), "data2", "write");
TestHasPolicy(e, AsList("alice", "data1", "read"), true);
TestHasPolicy(e, AsList("bob", "data2", "write"), true);
TestHasPolicy(e, AsList("alice", "data2", "read"), false);
TestHasPolicy(e, AsList("bob", "data3", "write"), false);
TestGetGroupingPolicy(e, AsList(AsList("alice", "data2_admin")));
TestGetFilteredGroupingPolicy(e, 0, AsList(AsList("alice", "data2_admin")), "alice");
TestGetFilteredGroupingPolicy(e, 0, new List <List <string> >(), "bob");
TestGetFilteredGroupingPolicy(e, 1, new List <List <string> >(), "data1_admin");
TestGetFilteredGroupingPolicy(e, 1, AsList(AsList("alice", "data2_admin")), "data2_admin");
// Note: "" (empty string) in fieldValues means matching all values.
TestGetFilteredGroupingPolicy(e, 0, AsList(AsList("alice", "data2_admin")), "", "data2_admin");
TestHasGroupingPolicy(e, AsList("alice", "data2_admin"), true);
TestHasGroupingPolicy(e, AsList("bob", "data2_admin"), false);
}
public void TestGetImplicitPermissionsForUser()
{
var e = new Enforcer(TestModelFixture.GetNewTestModel(
_testModelFixture._rbacModelText,
_testModelFixture._rbacWithHierarchyPolicyText));
e.BuildRoleLinks();
TestGetPermissions(e, "alice", AsList(
AsList("alice", "data1", "read")));
TestGetPermissions(e, "bob", AsList(
AsList("bob", "data2", "write")));
TestGetImplicitPermissions(e, "alice", AsList(
AsList("alice", "data1", "read"),
AsList("data1_admin", "data1", "read"),
AsList("data1_admin", "data1", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write")));
TestGetImplicitPermissions(e, "bob", AsList(
AsList("bob", "data2", "write")));
}
public void TestPriorityExplicitDenyOverrideModel()
{
var e = new Enforcer(_testModelFixture.GetNewPriorityExplicitDenyOverrideModel());
e.BuildRoleLinks();
TestEnforce(e, "alice", "data2", "write", true);
TestEnforce(e, "bob", "data2", "read", true);
// adding a new group, simulating behaviour when two different groups are added to the same person.
e.AddPolicy("10", "data2_deny_group_new", "data2", "write", "deny");
e.AddGroupingPolicy("alice", "data2_deny_group_new");
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data2", "read", true);
// expected enforcement result should be true,
// as there is a policy with a lower rank 10, that produces allow result.
e.AddPolicy("5", "alice", "data2", "write", "allow");
TestEnforce(e, "alice", "data2", "write", true);
// adding deny policy for alice for the same obj,
// to ensure that if there is at least one deny, final result will be deny.
e.AddPolicy("5", "alice", "data2", "write", "deny");
TestEnforce(e, "alice", "data2", "write", false);
// adding higher fake higher priority policy for alice,
// expected enforcement result should be true (ignore this policy).
e.AddPolicy("2", "alice", "data2", "write", "allow");
TestEnforce(e, "alice", "data2", "write", true);
e.AddPolicy("1", "fake-subject", "fake-object", "very-fake-action", "allow");
TestEnforce(e, "alice", "data2", "write", true);
// adding higher (less of 0) priority policy for alice,
// to override group policies again.
e.AddPolicy("-1", "alice", "data2", "write", "deny");
TestEnforce(e, "alice", "data2", "write", false);
}
public void TestGetImplicitUsersForPermission()
{
// Arrange
var e = new Enforcer(TestModelFixture.GetNewTestModel(
_testModelFixture._rbacModelText,
_testModelFixture._rbacWithHierarchyPolicyText));
e.BuildRoleLinks();
Assert.Equal(new[] { "alice" }, e.GetImplicitUsersForPermission("data1", "read"));
Assert.Equal(new[] { "alice" }, e.GetImplicitUsersForPermission("data1", "write"));
Assert.Equal(new[] { "alice" }, e.GetImplicitUsersForPermission("data2", "read"));
Assert.Equal(new[] { "alice", "bob" }, e.GetImplicitUsersForPermission("data2", "write"));
// Act
e.GetModel().ClearPolicy();
_ = e.AddPolicy("admin", "data1", "read");
_ = e.AddPolicy("bob", "data1", "read");
_ = e.AddGroupingPolicy("alice", "admin");
// Assert
Assert.Equal(new[] { "bob", "alice" }, e.GetImplicitUsersForPermission("data1", "read"));
}
public void TestModifyPolicy()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetPolicy(e, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write")));
e.RemovePolicy("alice", "data1", "read");
e.RemovePolicy("bob", "data2", "write");
e.RemovePolicy("alice", "data1", "read");
e.AddPolicy("eve", "data3", "read");
e.AddPolicy("eve", "data3", "read");
var namedPolicy = AsList("eve", "data3", "read");
e.RemoveNamedPolicy("p", namedPolicy);
e.AddNamedPolicy("p", namedPolicy);
TestGetPolicy(e, AsList(
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write"),
AsList("eve", "data3", "read")));
e.RemoveFilteredPolicy(1, "data2");
TestGetPolicy(e, AsList(AsList("eve", "data3", "read")));
e.RemoveFilteredPolicy(1, Array.Empty <string>());
TestGetPolicy(e, AsList(AsList("eve", "data3", "read")));
e.RemoveFilteredPolicy(1, "");
TestGetPolicy(e, AsList(AsList("eve", "data3", "read")));
}
public async Task TestModifyPolicyAsync()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetPolicy(e, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write")));
await e.RemovePolicyAsync("alice", "data1", "read");
await e.RemovePolicyAsync("bob", "data2", "write");
await e.RemovePolicyAsync("alice", "data1", "read");
await e.AddPolicyAsync("eve", "data3", "read");
await e.AddPolicyAsync("eve", "data3", "read");
var namedPolicy = AsList("eve", "data3", "read");
await e.RemoveNamedPolicyAsync("p", namedPolicy);
await e.AddNamedPolicyAsync("p", namedPolicy);
TestGetPolicy(e, AsList(
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write"),
AsList("eve", "data3", "read")));
await e.RemoveFilteredPolicyAsync(1, "data2");
TestGetPolicy(e, AsList(AsList("eve", "data3", "read")));
}
public async Task TestRoleApiAsync()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
TestGetRoles(e, "non_exist", AsList());
TestHasRole(e, "alice", "data1_admin", false);
TestHasRole(e, "alice", "data2_admin", true);
await e.AddRoleForUserAsync("alice", "data1_admin");
TestGetRoles(e, "alice", AsList("data1_admin", "data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
await e.DeleteRoleForUserAsync("alice", "data1_admin");
TestGetRoles(e, "alice", AsList("data2_admin"));
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
await e.DeleteRolesForUserAsync("alice");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
await e.AddRoleForUserAsync("alice", "data1_admin");
await e.DeleteUserAsync("alice");
TestGetRoles(e, "alice", AsList());
TestGetRoles(e, "bob", AsList());
TestGetRoles(e, "data2_admin", AsList());
await e.AddRoleForUserAsync("alice", "data2_admin");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", true);
TestEnforce(e, "alice", "data2", "write", true);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
await e.DeleteRoleAsync("data2_admin");
TestEnforce(e, "alice", "data1", "read", true);
TestEnforce(e, "alice", "data1", "write", false);
TestEnforce(e, "alice", "data2", "read", false);
TestEnforce(e, "alice", "data2", "write", false);
TestEnforce(e, "bob", "data1", "read", false);
TestEnforce(e, "bob", "data1", "write", false);
TestEnforce(e, "bob", "data2", "read", false);
TestEnforce(e, "bob", "data2", "write", true);
}
public void TestModifyPolicy()
{
var e = new Enforcer(_testModelFixture.GetNewRbacTestModel());
e.BuildRoleLinks();
TestGetPolicy(e, AsList(
AsList("alice", "data1", "read"),
AsList("bob", "data2", "write"),
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write")));
e.RemovePolicy("alice", "data1", "read");
e.RemovePolicy("bob", "data2", "write");
e.RemovePolicy("alice", "data1", "read");
e.AddPolicy("eve", "data3", "read");
e.AddPolicy("eve", "data3", "read");
var rules = AsList(
AsList("jack", "data4", "read"),
AsList("jack", "data4", "read"),
AsList("jack", "data4", "read"),
AsList("katy", "data4", "write"),
AsList("leyo", "data4", "read"),
AsList("katy", "data4", "write"),
AsList("katy", "data4", "write"),
AsList("ham", "data4", "write")
);
_ = e.AddPolicies(rules);
_ = e.AddPolicies(rules);
TestGetPolicy(e, AsList(
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write"),
AsList("eve", "data3", "read"),
AsList("jack", "data4", "read"),
AsList("katy", "data4", "write"),
AsList("leyo", "data4", "read"),
AsList("ham", "data4", "write")
)
);
_ = e.RemovePolicies(rules);
_ = e.RemovePolicies(rules);
var namedPolicy = AsList("eve", "data3", "read");
e.RemoveNamedPolicy("p", namedPolicy);
e.AddNamedPolicy("p", namedPolicy);
TestGetPolicy(e, AsList(
AsList("data2_admin", "data2", "read"),
AsList("data2_admin", "data2", "write"),
AsList("eve", "data3", "read")));
e.RemoveFilteredPolicy(1, "data2");
TestGetPolicy(e, AsList(AsList("eve", "data3", "read")));
e.RemoveFilteredPolicy(1);
TestGetPolicy(e, AsList(AsList("eve", "data3", "read")));
e.RemoveFilteredPolicy(1, "");
TestGetPolicy(e, AsList(AsList("eve", "data3", "read")));
}
