Skip to content

Commit

Permalink
feat: Add RBAC API with Domains tests.
Browse files Browse the repository at this point in the history 
Signed-off-by: DivyPatel9881 <divy9881@gmail.com>
  • Loading branch information
@divy9881
divy9881 committed Jul 14, 2020
1 parent 21b31ad commit 5070296
Show file tree
Hide file tree
Showing 9 changed files with 189 additions and 19 deletions.
1 change: 1 addition & 0 deletions test/test.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@
<ClCompile Include="test_model.cpp" />
<ClCompile Include="test_model_enforcer.cpp" />
<ClCompile Include="test_rbac_api.cpp" />
<ClCompile Include="test_rbac_api_with_domains.cpp" />
<ClCompile Include="test_role_manager.cpp" />
<ClCompile Include="test_util.cpp" />
</ItemGroup>
Expand Down
3 changes: 3 additions & 0 deletions test/test.vcxproj.filters
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,9 @@
<ClCompile Include="test_rbac_api.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="test_rbac_api_with_domains.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="pch.h">
Expand Down
3 changes: 0 additions & 3 deletions test/test_config.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,6 @@

#include "pch.h"

#include <direct.h>
#include <algorithm>

#include <config.h>
#include <util.h>

Expand Down
3 changes: 0 additions & 3 deletions test/test_enforcer.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,6 @@

#include "pch.h"

#include <direct.h>
#include <algorithm>

#include <enforcer.h>
#include <persist.h>
#include <rbac.h>
Expand Down
4 changes: 0 additions & 4 deletions test/test_management_api.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,6 @@

#include "pch.h"

#include <direct.h>
#include <algorithm>
#include <fstream>

#include <enforcer.h>
#include <persist.h>
#include <config.h>
Expand Down
2 changes: 0 additions & 2 deletions test/test_model.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@

#include "pch.h"

#include <direct.h>
#include <algorithm>
#include <fstream>

#include <util.h>
Expand Down
3 changes: 0 additions & 3 deletions test/test_model_enforcer.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,6 @@

#include "pch.h"

#include <direct.h>
#include <algorithm>

#include <enforcer.h>
#include <persist.h>
#include <rbac.h>
Expand Down
4 changes: 0 additions & 4 deletions test/test_rbac_api.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,6 @@

#include "pch.h"

#include <direct.h>
#include <algorithm>
#include <fstream>

#include <enforcer.h>
#include <rbac.h>
#include <util.h>
Expand Down
185 changes: 185 additions & 0 deletions test/test_rbac_api_with_domains.cpp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
#pragma once

#include "pch.h"

#include <enforcer.h>
#include <exception.h>
#include <rbac.h>
#include <util.h>

using namespace std;

namespace test_rbac_api_with_domains
{
TEST_CLASS(TestRBACAPIWithDomains)
{
public:

TEST_METHOD(TestGetImplicitRolesForDomainUser) {
Enforcer* e = Enforcer::NewEnforcer("../../examples/rbac_with_domains_model.conf", "../../examples/rbac_with_hierarchy_with_domains_policy.csv");

// This is only able to retrieve the first level of roles.
Assert::IsTrue(ArrayEquals({ "role:global_admin" }, e->GetRolesForUserInDomain("alice", { "domain1" })));

// Retrieve all inherit roles. It supports domains as well.
Assert::IsTrue(ArrayEquals(vector<string>{"role:global_admin", "role:reader", "role:writer"}, e->GetImplicitRolesForUser("alice", {"domain1"})));
}

// TestUserAPIWithDomains: Add by Gordon
TEST_METHOD(TestUserAPIWithDomains) {
Enforcer* e = Enforcer::NewEnforcer("../../examples/rbac_with_domains_model.conf", "../../examples/rbac_with_domains_policy.csv");

Assert::IsTrue(ArrayEquals({ "alice" }, e->GetUsersForRole("admin", { "domain1" })));
Assert::IsTrue(ArrayEquals({ "alice" }, e->GetUsersForRoleInDomain("admin", { "domain1" })));

try {
e->GetUsersForRole("non_exist", { "domain1" });
}
catch (CasbinRBACException e) {
Assert::IsTrue(true);
}
try {
e->GetUsersForRoleInDomain("non_exist", { "domain1" });
}
catch (CasbinRBACException e) {
Assert::IsTrue(true);
}

Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRole("admin", { "domain2" })));
Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRoleInDomain("admin", { "domain2" })));

try {
e->GetUsersForRole("non_exist", { "domain2" });
}
catch (CasbinRBACException e) {
Assert::IsTrue(true);
}
try {
e->GetUsersForRoleInDomain("non_exist", { "domain2" });
}
catch (CasbinRBACException e) {
Assert::IsTrue(true);
}

e->DeleteRoleForUserInDomain("alice", "admin", "domain1");
e->AddRoleForUserInDomain("bob", "admin", "domain1");

Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRole("admin", { "domain1" })));
Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRoleInDomain("admin", { "domain1" })));

try {
e->GetUsersForRole("non_exist", { "domain1" });
}
catch (CasbinRBACException e) {
Assert::IsTrue(true);
}
try {
e->GetUsersForRoleInDomain("non_exist", { "domain1" });
}
catch (CasbinRBACException e) {
Assert::IsTrue(true);
}

Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRole("admin", { "domain2" })));
Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRoleInDomain("admin", { "domain2" })));

try {
e->GetUsersForRole("non_exist", { "domain2" });
}
catch (CasbinRBACException e) {
Assert::IsTrue(true);
}
try {
e->GetUsersForRoleInDomain("non_exist", { "domain2" });
}
catch (CasbinRBACException e) {
Assert::IsTrue(true);
}
}

TEST_METHOD(TestRoleAPIWithDomains) {
Enforcer* e = Enforcer::NewEnforcer("../../examples/rbac_with_domains_model.conf", "../../examples/rbac_with_domains_policy.csv");

Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUser("alice", { "domain1" })));
Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUserInDomain("alice", { "domain1" })));

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("bob", { "domain1" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("bob", { "domain1" })));

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("admin", { "domain1" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("admin", { "domain1" })));

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("non_exist", { "domain1" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("non_exist", { "domain1" })));

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("alice", { "domain2" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("alice", { "domain2" })));

Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUser("bob", { "domain2" })));
Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUserInDomain("bob", { "domain2" })));

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("admin", { "domain2" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("admin", { "domain2" })));

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("non_exist", { "domain2" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("non_exist", { "domain2" })));

e->DeleteRoleForUserInDomain("alice", "admin", "domain1");
e->AddRoleForUserInDomain("bob", "admin", "domain1");

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("alice", { "domain1" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("alice", { "domain1" })));

Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUser("bob", { "domain1" })));
Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUserInDomain("bob", { "domain1" })));

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("admin", { "domain1" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("admin", { "domain1" })));

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("non_exist", { "domain1" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("non_exist", { "domain1" })));

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("alice", { "domain2" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("alice", { "domain2" })));

Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUser("bob", { "domain2" })));
Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUserInDomain("bob", { "domain2" })));

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("admin", { "domain2" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("admin", { "domain2" })));

Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("non_exist", { "domain2" })));
Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("non_exist", { "domain2" })));
}

void TestGetPermissionsInDomain(Enforcer* e, string name, string domain, vector<vector<string>> res) {
vector<vector<string>> my_res = e->GetPermissionsForUserInDomain(name, { domain });

int count = 0;
for (int i = 0; i < my_res.size(); i++) {
for (int j = 0; j < res.size(); j++) {
if (ArrayEquals(res[j], my_res[i])) {
count += 1;
break;
}
}
}

Assert::AreEqual(int(res.size()), count);
}

TEST_METHOD(TestPermissionAPIInDomain) {
Enforcer* e = Enforcer::NewEnforcer("../../examples/rbac_with_domains_model.conf", "../../examples/rbac_with_domains_policy.csv");

TestGetPermissionsInDomain(e, "alice", "domain1", {});
TestGetPermissionsInDomain(e, "bob", "domain1", {});
TestGetPermissionsInDomain(e, "admin", "domain1", { {"admin", "domain1", "data1", "read"}, {"admin", "domain1", "data1", "write"} });
TestGetPermissionsInDomain(e, "non_exist", "domain1", {});

TestGetPermissionsInDomain(e, "alice", "domain2", {});
TestGetPermissionsInDomain(e, "bob", "domain2", {});
TestGetPermissionsInDomain(e, "admin", "domain2", { {"admin", "domain2", "data2", "read"}, {"admin", "domain2", "data2", "write"} });
TestGetPermissionsInDomain(e, "non_exist", "domain2", {});
}
};
}

0 comments on commit 5070296

Please sign in to comment.