(t *testing.T)
| 859 | } |
| 860 | |
| 861 | func TestGetImplicitObjectPatternsForUser(t *testing.T) { |
| 862 | // Test with domain pattern model |
| 863 | e, _ := NewEnforcer("examples/rbac_with_domain_pattern_model.conf", "examples/rbac_with_domain_pattern_policy.csv") |
| 864 | e.AddNamedDomainMatchingFunc("g", "KeyMatch", util.KeyMatch) |
| 865 | |
| 866 | // Test case 1: admin user with wildcard domain access |
| 867 | testGetImplicitObjectPatternsForUser(t, e, "admin", "domain1", "read", []string{"data1", "data3"}) |
| 868 | testGetImplicitObjectPatternsForUser(t, e, "admin", "domain1", "write", []string{"data1"}) |
| 869 | |
| 870 | // Test case 2: alice user inheriting admin role in domain2 |
| 871 | testGetImplicitObjectPatternsForUser(t, e, "alice", "domain2", "read", []string{"data2", "data3"}) |
| 872 | testGetImplicitObjectPatternsForUser(t, e, "alice", "domain2", "write", []string{"data2"}) |
| 873 | |
| 874 | // Test case 3: bob user with specific domain access |
| 875 | testGetImplicitObjectPatternsForUser(t, e, "bob", "domain2", "read", []string{"data2", "data3"}) |
| 876 | testGetImplicitObjectPatternsForUser(t, e, "bob", "domain2", "write", []string{"data2"}) |
| 877 | |
| 878 | // Test case 4: non-existent domain (admin has wildcard access to data3) |
| 879 | testGetImplicitObjectPatternsForUser(t, e, "admin", "non_existent", "read", []string{"data3"}) |
| 880 | |
| 881 | // Test case 5: non-existent action |
| 882 | testGetImplicitObjectPatternsForUser(t, e, "admin", "domain1", "non_existent", []string{}) |
| 883 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…