(t *testing.T)
| 636 | } |
| 637 | |
| 638 | func TestGetImplicitUsersForResourceWithResourceRoles(t *testing.T) { |
| 639 | e, _ := NewEnforcer("examples/rbac_with_resource_roles_model.conf", "examples/rbac_with_resource_roles_policy.csv") |
| 640 | |
| 641 | // Test data1 resource - should return users who have access through g2 relationships |
| 642 | data1Users, err := e.GetNamedImplicitUsersForResource("g2", "data1") |
| 643 | if err != nil { |
| 644 | t.Fatalf("GetNamedImplicitUsersForResource failed: %v", err) |
| 645 | } |
| 646 | |
| 647 | expectedData1Users := 2 // [alice data1 read] + [alice data_group write] |
| 648 | if len(data1Users) != expectedData1Users { |
| 649 | t.Errorf("Expected %d users for data1 resource, got %d: %v", expectedData1Users, len(data1Users), data1Users) |
| 650 | } |
| 651 | |
| 652 | // Test data2 resource - should return users who have access through g2 relationships |
| 653 | data2Users, err := e.GetNamedImplicitUsersForResource("g2", "data2") |
| 654 | if err != nil { |
| 655 | t.Fatalf("GetNamedImplicitUsersForResource failed: %v", err) |
| 656 | } |
| 657 | |
| 658 | expectedData2Users := 2 // [bob data2 write] + [alice data_group write] |
| 659 | if len(data2Users) != expectedData2Users { |
| 660 | t.Errorf("Expected %d users for data2 resource, got %d: %v", expectedData2Users, len(data2Users), data2Users) |
| 661 | } |
| 662 | |
| 663 | // Test with "g" policy type - should return users who have access through g relationships |
| 664 | data1UsersG, err := e.GetNamedImplicitUsersForResource("g", "data1") |
| 665 | if err != nil { |
| 666 | t.Fatalf("GetNamedImplicitUsersForResource with g failed: %v", err) |
| 667 | } |
| 668 | |
| 669 | expectedData1UsersG := 1 // [alice data1 read] only |
| 670 | if len(data1UsersG) != expectedData1UsersG { |
| 671 | t.Errorf("Expected %d users for data1 resource with g policy, got %d: %v", expectedData1UsersG, len(data1UsersG), data1UsersG) |
| 672 | } |
| 673 | } |
| 674 | |
| 675 | func testGetImplicitUsersForResourceByDomain(t *testing.T, e *Enforcer, res [][]string, resource string, domain string) { |
| 676 | t.Helper() |
nothing calls this directly
no test coverage detected
searching dependent graphs…