(t *testing.T)
| 357 | } |
| 358 | |
| 359 | func TestImplicitPermissionAPI(t *testing.T) { |
| 360 | e, _ := NewEnforcer("examples/rbac_model.conf", "examples/rbac_with_hierarchy_policy.csv") |
| 361 | |
| 362 | testGetPermissions(t, e, "alice", [][]string{{"alice", "data1", "read"}}) |
| 363 | testGetPermissions(t, e, "bob", [][]string{{"bob", "data2", "write"}}) |
| 364 | |
| 365 | testGetImplicitPermissions(t, e, "alice", [][]string{{"alice", "data1", "read"}, {"data1_admin", "data1", "read"}, {"data1_admin", "data1", "write"}, {"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}}) |
| 366 | testGetImplicitPermissions(t, e, "bob", [][]string{{"bob", "data2", "write"}}) |
| 367 | |
| 368 | e, _ = NewEnforcer("examples/rbac_with_domain_pattern_model.conf", "examples/rbac_with_domain_pattern_policy.csv") |
| 369 | e.AddNamedDomainMatchingFunc("g", "KeyMatch", util.KeyMatch) |
| 370 | |
| 371 | testGetImplicitPermissions(t, e, "admin", [][]string{{"admin", "domain1", "data1", "read"}, {"admin", "domain1", "data1", "write"}, {"admin", "domain1", "data3", "read"}}, "domain1") |
| 372 | |
| 373 | _, err := e.GetImplicitPermissionsForUser("admin", "domain1", "domain2") |
| 374 | if err == nil { |
| 375 | t.Error("GetImplicitPermissionsForUser should not support multiple domains") |
| 376 | } |
| 377 | |
| 378 | testGetImplicitPermissions(t, e, "alice", |
| 379 | [][]string{{"admin", "domain2", "data2", "read"}, {"admin", "domain2", "data2", "write"}, {"admin", "domain2", "data3", "read"}}, |
| 380 | "domain2") |
| 381 | |
| 382 | e, _ = NewEnforcer("examples/rbac_with_multiple_policy_model.conf", "examples/rbac_with_multiple_policy_policy.csv") |
| 383 | |
| 384 | testGetNamedImplicitPermissions(t, e, "p", "g", "alice", [][]string{{"user", "/data", "GET"}, {"admin", "/data", "POST"}}) |
| 385 | testGetNamedImplicitPermissions(t, e, "p2", "g", "alice", [][]string{{"user", "view"}, {"admin", "create"}}) |
| 386 | |
| 387 | testGetNamedImplicitPermissions(t, e, "p", "g2", "alice", [][]string{{"user", "/data", "GET"}}) |
| 388 | testGetNamedImplicitPermissions(t, e, "p2", "g2", "alice", [][]string{{"user", "view"}}) |
| 389 | } |
| 390 | |
| 391 | func TestImplicitPermissionAPIWithDomain(t *testing.T) { |
| 392 | e, _ := NewEnforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_hierarchy_with_domains_policy.csv") |
nothing calls this directly
no test coverage detected
searching dependent graphs…