(t *testing.T)
| 624 | } |
| 625 | |
| 626 | func TestLinkConditionFunc(t *testing.T) { |
| 627 | TrueFunc := func(args ...string) (bool, error) { |
| 628 | if len(args) != 0 { |
| 629 | return args[0] == "_" || args[0] == "true", nil |
| 630 | } |
| 631 | return false, nil |
| 632 | } |
| 633 | |
| 634 | FalseFunc := func(args ...string) (bool, error) { |
| 635 | if len(args) != 0 { |
| 636 | return args[0] == "_" || args[0] == "false", nil |
| 637 | } |
| 638 | return false, nil |
| 639 | } |
| 640 | |
| 641 | m, _ := model.NewModelFromFile("examples/rbac_with_temporal_roles_model.conf") |
| 642 | e, _ := NewEnforcer(m) |
| 643 | |
| 644 | _, _ = e.AddPolicies([][]string{ |
| 645 | {"alice", "data1", "read"}, |
| 646 | {"alice", "data1", "write"}, |
| 647 | {"data2_admin", "data2", "read"}, |
| 648 | {"data2_admin", "data2", "write"}, |
| 649 | {"data3_admin", "data3", "read"}, |
| 650 | {"data3_admin", "data3", "write"}, |
| 651 | {"data4_admin", "data4", "read"}, |
| 652 | {"data4_admin", "data4", "write"}, |
| 653 | {"data5_admin", "data5", "read"}, |
| 654 | {"data5_admin", "data5", "write"}, |
| 655 | }) |
| 656 | |
| 657 | _, _ = e.AddGroupingPolicies([][]string{ |
| 658 | {"alice", "data2_admin", "_", "_"}, |
| 659 | {"alice", "data3_admin", "_", "_"}, |
| 660 | {"alice", "data4_admin", "_", "_"}, |
| 661 | {"alice", "data5_admin", "_", "_"}, |
| 662 | }) |
| 663 | |
| 664 | e.AddNamedLinkConditionFunc("g", "alice", "data2_admin", TrueFunc) |
| 665 | e.AddNamedLinkConditionFunc("g", "alice", "data3_admin", TrueFunc) |
| 666 | e.AddNamedLinkConditionFunc("g", "alice", "data4_admin", FalseFunc) |
| 667 | e.AddNamedLinkConditionFunc("g", "alice", "data5_admin", FalseFunc) |
| 668 | |
| 669 | e.SetNamedLinkConditionFuncParams("g", "alice", "data2_admin", "true") |
| 670 | e.SetNamedLinkConditionFuncParams("g", "alice", "data3_admin", "not true") |
| 671 | e.SetNamedLinkConditionFuncParams("g", "alice", "data4_admin", "false") |
| 672 | e.SetNamedLinkConditionFuncParams("g", "alice", "data5_admin", "not false") |
| 673 | |
| 674 | testEnforce(t, e, "alice", "data1", "read", true) |
| 675 | testEnforce(t, e, "alice", "data1", "write", true) |
| 676 | testEnforce(t, e, "alice", "data2", "read", true) |
| 677 | testEnforce(t, e, "alice", "data2", "write", true) |
| 678 | testEnforce(t, e, "alice", "data3", "read", false) |
| 679 | testEnforce(t, e, "alice", "data3", "write", false) |
| 680 | testEnforce(t, e, "alice", "data4", "read", true) |
| 681 | testEnforce(t, e, "alice", "data4", "write", true) |
| 682 | testEnforce(t, e, "alice", "data5", "read", false) |
| 683 | testEnforce(t, e, "alice", "data5", "write", false) |
nothing calls this directly
no test coverage detected
searching dependent graphs…