MCPcopy
hub / github.com/apache/casbin / TestRBACModelWithDomainTokenRename

Function TestRBACModelWithDomainTokenRename

model_test.go:244–323  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

242}
243
244func TestRBACModelWithDomainTokenRename(t *testing.T) {
245 // Test that renaming the domain token from "dom" to another name (e.g., "dom1")
246 // still works correctly. This is a regression test for the issue where the
247 // hardcoded "r_dom" and "p_dom" strings prevented proper domain matching.
248
249 // Test with standard "dom" token
250 modelText1 := `
251[request_definition]
252r = sub, dom, obj, act
253
254[policy_definition]
255p = sub, dom, obj, act
256
257[role_definition]
258g = _, _, _
259
260[policy_effect]
261e = some(where (p.eft == allow))
262
263[matchers]
264m = g(r.sub, p.sub, r.dom) && keyMatch(r.dom, p.dom) && r.obj == p.obj && r.act == p.act
265`
266 m1, _ := model.NewModelFromString(modelText1)
267 e1, _ := NewEnforcer(m1)
268 _, _ = e1.AddPolicy("admin", "domain1", "data1", "read")
269 _, _ = e1.AddGroupingPolicy("alice", "admin", "domain*")
270
271 testDomainEnforce(t, e1, "alice", "domain1", "data1", "read", true)
272 testDomainEnforce(t, e1, "alice", "domain2", "data1", "read", false)
273
274 // Test with renamed "dom1" token
275 modelText2 := `
276[request_definition]
277r = sub, dom1, obj, act
278
279[policy_definition]
280p = sub, dom1, obj, act
281
282[role_definition]
283g = _, _, _
284
285[policy_effect]
286e = some(where (p.eft == allow))
287
288[matchers]
289m = g(r.sub, p.sub, r.dom1) && keyMatch(r.dom1, p.dom1) && r.obj == p.obj && r.act == p.act
290`
291 m2, _ := model.NewModelFromString(modelText2)
292 e2, _ := NewEnforcer(m2)
293 _, _ = e2.AddPolicy("admin", "domain1", "data1", "read")
294 _, _ = e2.AddGroupingPolicy("alice", "admin", "domain*")
295
296 testDomainEnforce(t, e2, "alice", "domain1", "data1", "read", true)
297 testDomainEnforce(t, e2, "alice", "domain2", "data1", "read", false)
298
299 // Test with renamed "tenant" token
300 modelText3 := `
301[request_definition]

Callers

nothing calls this directly

Calls 5

AddPolicyMethod · 0.95
AddGroupingPolicyMethod · 0.95
NewModelFromStringFunction · 0.92
NewEnforcerFunction · 0.85
testDomainEnforceFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…