(t *testing.T)
| 229 | } |
| 230 | |
| 231 | func TestConstraintWithoutRBAC(t *testing.T) { |
| 232 | modelText := ` |
| 233 | [request_definition] |
| 234 | r = sub, obj, act |
| 235 | |
| 236 | [policy_definition] |
| 237 | p = sub, obj, act |
| 238 | |
| 239 | [constraint_definition] |
| 240 | c = sod("role1", "role2") |
| 241 | |
| 242 | [policy_effect] |
| 243 | e = some(where (p.eft == allow)) |
| 244 | |
| 245 | [matchers] |
| 246 | m = r.sub == p.sub && r.obj == p.obj && r.act == p.act |
| 247 | ` |
| 248 | |
| 249 | _, err := model.NewModelFromString(modelText) |
| 250 | if err == nil { |
| 251 | t.Fatal("Expected error for constraints without RBAC, got nil") |
| 252 | } |
| 253 | if err != errors.ErrConstraintRequiresRBAC { |
| 254 | t.Fatalf("Expected ErrConstraintRequiresRBAC, got: %v", err) |
| 255 | } |
| 256 | } |
| 257 | |
| 258 | func TestConstraintParsingError(t *testing.T) { |
| 259 | modelText := ` |
nothing calls this directly
no test coverage detected
searching dependent graphs…