MCPcopy
hub / github.com/apache/casbin / TestConstraintSOD

Function TestConstraintSOD

constraint_test.go:25–76  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

23)
24
25func TestConstraintSOD(t *testing.T) {
26 modelText := `
27[request_definition]
28r = sub, obj, act
29
30[policy_definition]
31p = sub, obj, act
32
33[role_definition]
34g = _, _
35
36[constraint_definition]
37c = sod("role1", "role2")
38
39[policy_effect]
40e = some(where (p.eft == allow))
41
42[matchers]
43m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
44`
45
46 m, err := model.NewModelFromString(modelText)
47 if err != nil {
48 t.Fatalf("Failed to create model: %v", err)
49 }
50
51 e, err := NewEnforcer(m)
52 if err != nil {
53 t.Fatalf("Failed to create enforcer: %v", err)
54 }
55
56 // Add a user to role1 should succeed
57 _, err = e.AddRoleForUser("alice", "role1")
58 if err != nil {
59 t.Fatalf("Failed to add role1 to alice: %v", err)
60 }
61
62 // Add a different user to role2 should succeed
63 _, err = e.AddRoleForUser("bob", "role2")
64 if err != nil {
65 t.Fatalf("Failed to add role2 to bob: %v", err)
66 }
67
68 // Try to add role2 to alice should fail (SOD violation)
69 _, err = e.AddRoleForUser("alice", "role2")
70 if err == nil {
71 t.Fatal("Expected constraint violation error, got nil")
72 }
73 if !strings.Contains(err.Error(), "constraint violation") {
74 t.Fatalf("Expected constraint violation error, got: %v", err)
75 }
76}
77
78func TestConstraintSODMax(t *testing.T) {
79 modelText := `

Callers

nothing calls this directly

Calls 4

AddRoleForUserMethod · 0.95
NewModelFromStringFunction · 0.92
NewEnforcerFunction · 0.85
ErrorMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…