(t *testing.T)
| 123 | } |
| 124 | |
| 125 | func TestConstraintRoleMax(t *testing.T) { |
| 126 | modelText := ` |
| 127 | [request_definition] |
| 128 | r = sub, obj, act |
| 129 | |
| 130 | [policy_definition] |
| 131 | p = sub, obj, act |
| 132 | |
| 133 | [role_definition] |
| 134 | g = _, _ |
| 135 | |
| 136 | [constraint_definition] |
| 137 | c = roleMax("admin", 2) |
| 138 | |
| 139 | [policy_effect] |
| 140 | e = some(where (p.eft == allow)) |
| 141 | |
| 142 | [matchers] |
| 143 | m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act |
| 144 | ` |
| 145 | |
| 146 | m, err := model.NewModelFromString(modelText) |
| 147 | if err != nil { |
| 148 | t.Fatalf("Failed to create model: %v", err) |
| 149 | } |
| 150 | |
| 151 | e, err := NewEnforcer(m) |
| 152 | if err != nil { |
| 153 | t.Fatalf("Failed to create enforcer: %v", err) |
| 154 | } |
| 155 | |
| 156 | // Add first user to admin role should succeed |
| 157 | _, err = e.AddRoleForUser("alice", "admin") |
| 158 | if err != nil { |
| 159 | t.Fatalf("Failed to add admin to alice: %v", err) |
| 160 | } |
| 161 | |
| 162 | // Add second user to admin role should succeed |
| 163 | _, err = e.AddRoleForUser("bob", "admin") |
| 164 | if err != nil { |
| 165 | t.Fatalf("Failed to add admin to bob: %v", err) |
| 166 | } |
| 167 | |
| 168 | // Try to add third user to admin role should fail (exceeds max) |
| 169 | _, err = e.AddRoleForUser("charlie", "admin") |
| 170 | if err == nil { |
| 171 | t.Fatal("Expected constraint violation error, got nil") |
| 172 | } |
| 173 | if !strings.Contains(err.Error(), "constraint violation") { |
| 174 | t.Fatalf("Expected constraint violation error, got: %v", err) |
| 175 | } |
| 176 | } |
| 177 | |
| 178 | func TestConstraintRolePre(t *testing.T) { |
| 179 | modelText := ` |
nothing calls this directly
no test coverage detected
searching dependent graphs…