public void TestRBACModelInMemory() { Model.Model m = CoreEnforcer.NewModel(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("g", "g", "_, _"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act"); Enforcer e = new Enforcer(m); e.AddPermissionForUser("alice", "data1", "read"); e.AddPermissionForUser("bob", "data2", "write"); e.AddPermissionForUser("data2_admin", "data2", "read"); e.AddPermissionForUser("data2_admin", "data2", "write"); e.AddRoleForUser("alice", "data2_admin"); TestEnforce(e, "alice", "data1", "read", true); TestEnforce(e, "alice", "data1", "write", false); TestEnforce(e, "alice", "data2", "read", true); TestEnforce(e, "alice", "data2", "write", true); TestEnforce(e, "bob", "data1", "read", false); TestEnforce(e, "bob", "data1", "write", false); TestEnforce(e, "bob", "data2", "read", false); TestEnforce(e, "bob", "data2", "write", true); }
public void TestKeyMatchModelInMemory() { Model.Model m = CoreEnforcer.NewModel(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)"); IAdapter a = new DefaultFileAdapter("examples/keymatch_policy.csv"); Enforcer e = new Enforcer(m, a); TestEnforce(e, "alice", "/alice_data/resource1", "GET", true); TestEnforce(e, "alice", "/alice_data/resource1", "POST", true); TestEnforce(e, "alice", "/alice_data/resource2", "GET", true); TestEnforce(e, "alice", "/alice_data/resource2", "POST", false); TestEnforce(e, "alice", "/bob_data/resource1", "GET", false); TestEnforce(e, "alice", "/bob_data/resource1", "POST", false); TestEnforce(e, "alice", "/bob_data/resource2", "GET", false); TestEnforce(e, "alice", "/bob_data/resource2", "POST", false); TestEnforce(e, "bob", "/alice_data/resource1", "GET", false); TestEnforce(e, "bob", "/alice_data/resource1", "POST", false); TestEnforce(e, "bob", "/alice_data/resource2", "GET", true); TestEnforce(e, "bob", "/alice_data/resource2", "POST", false); TestEnforce(e, "bob", "/bob_data/resource1", "GET", false); TestEnforce(e, "bob", "/bob_data/resource1", "POST", true); TestEnforce(e, "bob", "/bob_data/resource2", "GET", false); TestEnforce(e, "bob", "/bob_data/resource2", "POST", true); TestEnforce(e, "cathy", "/cathy_data", "GET", true); TestEnforce(e, "cathy", "/cathy_data", "POST", true); TestEnforce(e, "cathy", "/cathy_data", "DELETE", false); e = new Enforcer(m); a.LoadPolicy(e.GetModel()); TestEnforce(e, "alice", "/alice_data/resource1", "GET", true); TestEnforce(e, "alice", "/alice_data/resource1", "POST", true); TestEnforce(e, "alice", "/alice_data/resource2", "GET", true); TestEnforce(e, "alice", "/alice_data/resource2", "POST", false); TestEnforce(e, "alice", "/bob_data/resource1", "GET", false); TestEnforce(e, "alice", "/bob_data/resource1", "POST", false); TestEnforce(e, "alice", "/bob_data/resource2", "GET", false); TestEnforce(e, "alice", "/bob_data/resource2", "POST", false); TestEnforce(e, "bob", "/alice_data/resource1", "GET", false); TestEnforce(e, "bob", "/alice_data/resource1", "POST", false); TestEnforce(e, "bob", "/alice_data/resource2", "GET", true); TestEnforce(e, "bob", "/alice_data/resource2", "POST", false); TestEnforce(e, "bob", "/bob_data/resource1", "GET", false); TestEnforce(e, "bob", "/bob_data/resource1", "POST", true); TestEnforce(e, "bob", "/bob_data/resource2", "GET", false); TestEnforce(e, "bob", "/bob_data/resource2", "POST", true); TestEnforce(e, "cathy", "/cathy_data", "GET", true); TestEnforce(e, "cathy", "/cathy_data", "POST", true); TestEnforce(e, "cathy", "/cathy_data", "DELETE", false); }
public void TestKeyMatchModelInMemoryDeny() { Model.Model m = CoreEnforcer.NewModel(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("e", "e", "!some(where (p.eft == deny))"); m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)"); IAdapter a = new DefaultFileAdapter("examples/keymatch_policy.csv"); Enforcer e = new Enforcer(m, a); TestEnforce(e, "alice", "/alice_data/resource2", "POST", true); }
public void testRBACModelInMemoryIndeterminate() { Model.Model m = CoreEnforcer.NewModel(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("g", "g", "_, _"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act"); Enforcer e = new Enforcer(m); e.AddPermissionForUser("alice", "data1", "invalid"); testEnforce(e, "alice", "data1", "read", false); }
public void TestInitEmpty() { Enforcer e = new Enforcer(); Model.Model m = CoreEnforcer.NewModel(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)"); IAdapter a = new DefaultFileAdapter("examples/keymatch_policy.csv"); e.SetModel(m); e.SetAdapter(a); e.LoadPolicy(); TestEnforce(e, "alice", "/alice_data/resource1", "GET", true); }
public void TestInitEmptyByInputStream() { Enforcer e = new Enforcer(); Model.Model m = CoreEnforcer.NewModel(); m.AddDef("r", "r", "sub, obj, act"); m.AddDef("p", "p", "sub, obj, act"); m.AddDef("e", "e", "some(where (p.eft == allow))"); m.AddDef("m", "m", "r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)"); using (var fs = new FileStream("examples/keymatch_policy.csv", FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { IAdapter a = new DefaultFileAdapter(fs); e.SetModel(m); e.SetAdapter(a); e.LoadPolicy(); TestEnforce(e, "alice", "/alice_data/resource1", "GET", true); } }