FilesExpand file tree

 master

/

rbac_api_test.go

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

122 lines (95 loc) · 4.12 KB

 master

/

rbac_api_test.go

Top

File metadata and controls

• Code
• Blame

122 lines (95 loc) · 4.12 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

// Copyright 2017 The casbin Authors. All Rights Reserved.

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

// http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.

package casbin

import (

"github.com/casbin/casbin/util"

"log"

"testing"

)

func testGetRoles(t *testing.T, e *Enforcer, name string, res []string) {

myRes := e.GetRolesForUser(name)

log.Print("Roles for ", name, ": ", myRes)

if !util.SetEquals(res, myRes) {

t.Error("Roles for ", name, ": ", myRes, ", supposed to be ", res)

}

}

func TestRoleAPI(t *testing.T) {

e := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")

testGetRoles(t, e, "alice", []string{"data2_admin"})

testGetRoles(t, e, "bob", []string{})

testGetRoles(t, e, "data2_admin", []string{})

testGetRoles(t, e, "non_exist", []string{})

e.AddRoleForUser("alice", "data1_admin")

testGetRoles(t, e, "alice", []string{"data1_admin", "data2_admin"})

testGetRoles(t, e, "bob", []string{})

testGetRoles(t, e, "data2_admin", []string{})

e.DeleteRolesForUser("alice")

testGetRoles(t, e, "alice", []string{})

testGetRoles(t, e, "bob", []string{})

testGetRoles(t, e, "data2_admin", []string{})

e.AddRoleForUser("alice", "data1_admin")

e.DeleteUser("alice")

testGetRoles(t, e, "alice", []string{})

testGetRoles(t, e, "bob", []string{})

testGetRoles(t, e, "data2_admin", []string{})

e.AddRoleForUser("alice", "data2_admin")

testEnforce(t, e, "alice", "data1", "read", true)

testEnforce(t, e, "alice", "data1", "write", false)

testEnforce(t, e, "alice", "data2", "read", true)

testEnforce(t, e, "alice", "data2", "write", true)

testEnforce(t, e, "bob", "data1", "read", false)

testEnforce(t, e, "bob", "data1", "write", false)

testEnforce(t, e, "bob", "data2", "read", false)

testEnforce(t, e, "bob", "data2", "write", true)

e.DeleteRole("data2_admin")

testEnforce(t, e, "alice", "data1", "read", true)

testEnforce(t, e, "alice", "data1", "write", false)

testEnforce(t, e, "alice", "data2", "read", false)

testEnforce(t, e, "alice", "data2", "write", false)

testEnforce(t, e, "bob", "data1", "read", false)

testEnforce(t, e, "bob", "data1", "write", false)

testEnforce(t, e, "bob", "data2", "read", false)

testEnforce(t, e, "bob", "data2", "write", true)

}

func testGetPermissions(t *testing.T, e *Enforcer, name string, res []string) {

myRes := e.GetPermissionsForUser(name)

log.Print("Permissions for ", name, ": ", myRes)

if !util.SetEquals(res, myRes) {

t.Error("Permissions for ", name, ": ", myRes, ", supposed to be ", res)

}

}

func TestPermissionAPI(t *testing.T) {

e := NewEnforcer("examples/basic_model_without_resources.conf", "examples/basic_policy_without_resources.csv")

testEnforceWithoutUsers(t, e, "alice", "read", true)

testEnforceWithoutUsers(t, e, "alice", "write", false)

testEnforceWithoutUsers(t, e, "bob", "read", false)

testEnforceWithoutUsers(t, e, "bob", "write", true)

testGetPermissions(t, e, "alice", []string{"read"})

testGetPermissions(t, e, "bob", []string{"write"})

e.DeletePermission("read")

testEnforceWithoutUsers(t, e, "alice", "read", false)

testEnforceWithoutUsers(t, e, "alice", "write", false)

testEnforceWithoutUsers(t, e, "bob", "read", false)

testEnforceWithoutUsers(t, e, "bob", "write", true)

e.AddPermissionForUser("bob", "read")

testEnforceWithoutUsers(t, e, "alice", "read", false)

testEnforceWithoutUsers(t, e, "alice", "write", false)

testEnforceWithoutUsers(t, e, "bob", "read", true)

testEnforceWithoutUsers(t, e, "bob", "write", true)

e.DeletePermissionsForUser("bob")

testEnforceWithoutUsers(t, e, "alice", "read", false)

testEnforceWithoutUsers(t, e, "alice", "write", false)

testEnforceWithoutUsers(t, e, "bob", "read", false)

testEnforceWithoutUsers(t, e, "bob", "write", false)

}