(t *testing.T)
| 286 | } |
| 287 | |
| 288 | func TestConstraintRollback(t *testing.T) { |
| 289 | modelText := ` |
| 290 | [request_definition] |
| 291 | r = sub, obj, act |
| 292 | |
| 293 | [policy_definition] |
| 294 | p = sub, obj, act |
| 295 | |
| 296 | [role_definition] |
| 297 | g = _, _ |
| 298 | |
| 299 | [constraint_definition] |
| 300 | c = sod("role1", "role2") |
| 301 | |
| 302 | [policy_effect] |
| 303 | e = some(where (p.eft == allow)) |
| 304 | |
| 305 | [matchers] |
| 306 | m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act |
| 307 | ` |
| 308 | |
| 309 | m, err := model.NewModelFromString(modelText) |
| 310 | if err != nil { |
| 311 | t.Fatalf("Failed to create model: %v", err) |
| 312 | } |
| 313 | |
| 314 | e, err := NewEnforcer(m) |
| 315 | if err != nil { |
| 316 | t.Fatalf("Failed to create enforcer: %v", err) |
| 317 | } |
| 318 | |
| 319 | // Add alice to role1 |
| 320 | _, err = e.AddRoleForUser("alice", "role1") |
| 321 | if err != nil { |
| 322 | t.Fatalf("Failed to add role1 to alice: %v", err) |
| 323 | } |
| 324 | |
| 325 | // Try to add alice to role2 (should fail with constraint violation) |
| 326 | _, err = e.AddRoleForUser("alice", "role2") |
| 327 | if err == nil { |
| 328 | t.Fatal("Expected constraint violation error, got nil") |
| 329 | } |
| 330 | if !strings.Contains(err.Error(), "constraint violation") { |
| 331 | t.Fatalf("Expected constraint violation error, got: %v", err) |
| 332 | } |
| 333 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…