(t *testing.T)
| 145 | } |
| 146 | |
| 147 | func TestRBACModelInMemory2(t *testing.T) { |
| 148 | text := |
| 149 | ` |
| 150 | [request_definition] |
| 151 | r = sub, obj, act |
| 152 | |
| 153 | [policy_definition] |
| 154 | p = sub, obj, act |
| 155 | |
| 156 | [role_definition] |
| 157 | g = _, _ |
| 158 | |
| 159 | [policy_effect] |
| 160 | e = some(where (p.eft == allow)) |
| 161 | |
| 162 | [matchers] |
| 163 | m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act |
| 164 | ` |
| 165 | m, _ := model.NewModelFromString(text) |
| 166 | // The above is the same as: |
| 167 | // m := NewModel() |
| 168 | // m.LoadModelFromText(text) |
| 169 | |
| 170 | e, _ := NewEnforcer(m) |
| 171 | |
| 172 | _, _ = e.AddPermissionForUser("alice", "data1", "read") |
| 173 | _, _ = e.AddPermissionForUser("bob", "data2", "write") |
| 174 | _, _ = e.AddPermissionForUser("data2_admin", "data2", "read") |
| 175 | _, _ = e.AddPermissionForUser("data2_admin", "data2", "write") |
| 176 | _, _ = e.AddRoleForUser("alice", "data2_admin") |
| 177 | |
| 178 | testEnforce(t, e, "alice", "data1", "read", true) |
| 179 | testEnforce(t, e, "alice", "data1", "write", false) |
| 180 | testEnforce(t, e, "alice", "data2", "read", true) |
| 181 | testEnforce(t, e, "alice", "data2", "write", true) |
| 182 | testEnforce(t, e, "bob", "data1", "read", false) |
| 183 | testEnforce(t, e, "bob", "data1", "write", false) |
| 184 | testEnforce(t, e, "bob", "data2", "read", false) |
| 185 | testEnforce(t, e, "bob", "data2", "write", true) |
| 186 | } |
| 187 | |
| 188 | func TestNotUsedRBACModelInMemory(t *testing.T) { |
| 189 | m := model.NewModel() |
nothing calls this directly
no test coverage detected
searching dependent graphs…