(t *testing.T)
| 76 | } |
| 77 | |
| 78 | func TestConstraintSODMax(t *testing.T) { |
| 79 | modelText := ` |
| 80 | [request_definition] |
| 81 | r = sub, obj, act |
| 82 | |
| 83 | [policy_definition] |
| 84 | p = sub, obj, act |
| 85 | |
| 86 | [role_definition] |
| 87 | g = _, _ |
| 88 | |
| 89 | [constraint_definition] |
| 90 | c = sodMax(["role1", "role2", "role3"], 1) |
| 91 | |
| 92 | [policy_effect] |
| 93 | e = some(where (p.eft == allow)) |
| 94 | |
| 95 | [matchers] |
| 96 | m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act |
| 97 | ` |
| 98 | |
| 99 | m, err := model.NewModelFromString(modelText) |
| 100 | if err != nil { |
| 101 | t.Fatalf("Failed to create model: %v", err) |
| 102 | } |
| 103 | |
| 104 | e, err := NewEnforcer(m) |
| 105 | if err != nil { |
| 106 | t.Fatalf("Failed to create enforcer: %v", err) |
| 107 | } |
| 108 | |
| 109 | // Add user to one role should succeed |
| 110 | _, err = e.AddRoleForUser("alice", "role1") |
| 111 | if err != nil { |
| 112 | t.Fatalf("Failed to add role1 to alice: %v", err) |
| 113 | } |
| 114 | |
| 115 | // Try to add user to another role from the set should fail |
| 116 | _, err = e.AddRoleForUser("alice", "role2") |
| 117 | if err == nil { |
| 118 | t.Fatal("Expected constraint violation error, got nil") |
| 119 | } |
| 120 | if !strings.Contains(err.Error(), "constraint violation") { |
| 121 | t.Fatalf("Expected constraint violation error, got: %v", err) |
| 122 | } |
| 123 | } |
| 124 | |
| 125 | func TestConstraintRoleMax(t *testing.T) { |
| 126 | modelText := ` |
nothing calls this directly
no test coverage detected
searching dependent graphs…