(t *testing.T)
| 232 | } |
| 233 | |
| 234 | func TestPermissionAPI(t *testing.T) { |
| 235 | e, _ := NewEnforcer("examples/basic_without_resources_model.conf", "examples/basic_without_resources_policy.csv") |
| 236 | |
| 237 | testEnforceWithoutUsers(t, e, "alice", "read", true) |
| 238 | testEnforceWithoutUsers(t, e, "alice", "write", false) |
| 239 | testEnforceWithoutUsers(t, e, "bob", "read", false) |
| 240 | testEnforceWithoutUsers(t, e, "bob", "write", true) |
| 241 | |
| 242 | testGetPermissions(t, e, "alice", [][]string{{"alice", "read"}}) |
| 243 | testGetPermissions(t, e, "bob", [][]string{{"bob", "write"}}) |
| 244 | |
| 245 | testHasPermission(t, e, "alice", []string{"read"}, true) |
| 246 | testHasPermission(t, e, "alice", []string{"write"}, false) |
| 247 | testHasPermission(t, e, "bob", []string{"read"}, false) |
| 248 | testHasPermission(t, e, "bob", []string{"write"}, true) |
| 249 | |
| 250 | _, _ = e.DeletePermission("read") |
| 251 | |
| 252 | testEnforceWithoutUsers(t, e, "alice", "read", false) |
| 253 | testEnforceWithoutUsers(t, e, "alice", "write", false) |
| 254 | testEnforceWithoutUsers(t, e, "bob", "read", false) |
| 255 | testEnforceWithoutUsers(t, e, "bob", "write", true) |
| 256 | |
| 257 | _, _ = e.AddPermissionForUser("bob", "read") |
| 258 | |
| 259 | testEnforceWithoutUsers(t, e, "alice", "read", false) |
| 260 | testEnforceWithoutUsers(t, e, "alice", "write", false) |
| 261 | testEnforceWithoutUsers(t, e, "bob", "read", true) |
| 262 | testEnforceWithoutUsers(t, e, "bob", "write", true) |
| 263 | |
| 264 | _, _ = e.AddPermissionsForUser("jack", |
| 265 | []string{"read"}, |
| 266 | []string{"write"}) |
| 267 | |
| 268 | testEnforceWithoutUsers(t, e, "jack", "read", true) |
| 269 | testEnforceWithoutUsers(t, e, "bob", "write", true) |
| 270 | |
| 271 | _, _ = e.DeletePermissionForUser("bob", "read") |
| 272 | |
| 273 | testEnforceWithoutUsers(t, e, "alice", "read", false) |
| 274 | testEnforceWithoutUsers(t, e, "alice", "write", false) |
| 275 | testEnforceWithoutUsers(t, e, "bob", "read", false) |
| 276 | testEnforceWithoutUsers(t, e, "bob", "write", true) |
| 277 | |
| 278 | _, _ = e.DeletePermissionsForUser("bob") |
| 279 | |
| 280 | testEnforceWithoutUsers(t, e, "alice", "read", false) |
| 281 | testEnforceWithoutUsers(t, e, "alice", "write", false) |
| 282 | testEnforceWithoutUsers(t, e, "bob", "read", false) |
| 283 | testEnforceWithoutUsers(t, e, "bob", "write", false) |
| 284 | |
| 285 | e, _ = NewEnforcer("examples/rbac_with_multiple_policy_model.conf", "examples/rbac_with_multiple_policy_policy.csv") |
| 286 | testGetNamedPermissionsForUser(t, e, "p", "user", [][]string{{"user", "/data", "GET"}}) |
| 287 | testGetNamedPermissionsForUser(t, e, "p2", "user", [][]string{{"user", "view"}}) |
| 288 | } |
| 289 | |
| 290 | func testGetImplicitRoles(t *testing.T, e *Enforcer, name string, res []string) { |
| 291 | t.Helper() |
nothing calls this directly
no test coverage detected
searching dependent graphs…