From 50702967a208b7eb5af77b453ffbb53ab4751e40 Mon Sep 17 00:00:00 2001 From: DivyPatel9881 Date: Sun, 12 Jul 2020 21:05:23 +0530 Subject: [PATCH] feat: Add RBAC API with Domains tests. Signed-off-by: DivyPatel9881 --- test/test.vcxproj | 1 + test/test.vcxproj.filters | 3 + test/test_config.cpp | 3 - test/test_enforcer.cpp | 3 - test/test_management_api.cpp | 4 - test/test_model.cpp | 2 - test/test_model_enforcer.cpp | 3 - test/test_rbac_api.cpp | 4 - test/test_rbac_api_with_domains.cpp | 185 ++++++++++++++++++++++++++++ 9 files changed, 189 insertions(+), 19 deletions(-) create mode 100644 test/test_rbac_api_with_domains.cpp diff --git a/test/test.vcxproj b/test/test.vcxproj index 33953004..a2a151d6 100644 --- a/test/test.vcxproj +++ b/test/test.vcxproj @@ -172,6 +172,7 @@ + diff --git a/test/test.vcxproj.filters b/test/test.vcxproj.filters index 6611936f..4b5e33f9 100644 --- a/test/test.vcxproj.filters +++ b/test/test.vcxproj.filters @@ -45,6 +45,9 @@ Source Files + + Source Files + diff --git a/test/test_config.cpp b/test/test_config.cpp index adf77091..94faa71f 100644 --- a/test/test_config.cpp +++ b/test/test_config.cpp @@ -2,9 +2,6 @@ #include "pch.h" -#include -#include - #include #include diff --git a/test/test_enforcer.cpp b/test/test_enforcer.cpp index c6f84a49..098d34d7 100644 --- a/test/test_enforcer.cpp +++ b/test/test_enforcer.cpp @@ -2,9 +2,6 @@ #include "pch.h" -#include -#include - #include #include #include diff --git a/test/test_management_api.cpp b/test/test_management_api.cpp index afd168ef..74ffa662 100644 --- a/test/test_management_api.cpp +++ b/test/test_management_api.cpp @@ -2,10 +2,6 @@ #include "pch.h" -#include -#include -#include - #include #include #include diff --git a/test/test_model.cpp b/test/test_model.cpp index f1737371..03b1e5b8 100644 --- a/test/test_model.cpp +++ b/test/test_model.cpp @@ -2,8 +2,6 @@ #include "pch.h" -#include -#include #include #include diff --git a/test/test_model_enforcer.cpp b/test/test_model_enforcer.cpp index 5c7a69fd..8e197a2c 100644 --- a/test/test_model_enforcer.cpp +++ b/test/test_model_enforcer.cpp @@ -2,9 +2,6 @@ #include "pch.h" -#include -#include - #include #include #include diff --git a/test/test_rbac_api.cpp b/test/test_rbac_api.cpp index 91023dfd..17d31d8f 100644 --- a/test/test_rbac_api.cpp +++ b/test/test_rbac_api.cpp @@ -2,10 +2,6 @@ #include "pch.h" -#include -#include -#include - #include #include #include diff --git a/test/test_rbac_api_with_domains.cpp b/test/test_rbac_api_with_domains.cpp new file mode 100644 index 00000000..4846676b --- /dev/null +++ b/test/test_rbac_api_with_domains.cpp @@ -0,0 +1,185 @@ +#pragma once + +#include "pch.h" + +#include +#include +#include +#include + +using namespace std; + +namespace test_rbac_api_with_domains +{ + TEST_CLASS(TestRBACAPIWithDomains) + { + public: + + TEST_METHOD(TestGetImplicitRolesForDomainUser) { + Enforcer* e = Enforcer::NewEnforcer("../../examples/rbac_with_domains_model.conf", "../../examples/rbac_with_hierarchy_with_domains_policy.csv"); + + // This is only able to retrieve the first level of roles. + Assert::IsTrue(ArrayEquals({ "role:global_admin" }, e->GetRolesForUserInDomain("alice", { "domain1" }))); + + // Retrieve all inherit roles. It supports domains as well. + Assert::IsTrue(ArrayEquals(vector{"role:global_admin", "role:reader", "role:writer"}, e->GetImplicitRolesForUser("alice", {"domain1"}))); + } + + // TestUserAPIWithDomains: Add by Gordon + TEST_METHOD(TestUserAPIWithDomains) { + Enforcer* e = Enforcer::NewEnforcer("../../examples/rbac_with_domains_model.conf", "../../examples/rbac_with_domains_policy.csv"); + + Assert::IsTrue(ArrayEquals({ "alice" }, e->GetUsersForRole("admin", { "domain1" }))); + Assert::IsTrue(ArrayEquals({ "alice" }, e->GetUsersForRoleInDomain("admin", { "domain1" }))); + + try { + e->GetUsersForRole("non_exist", { "domain1" }); + } + catch (CasbinRBACException e) { + Assert::IsTrue(true); + } + try { + e->GetUsersForRoleInDomain("non_exist", { "domain1" }); + } + catch (CasbinRBACException e) { + Assert::IsTrue(true); + } + + Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRole("admin", { "domain2" }))); + Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRoleInDomain("admin", { "domain2" }))); + + try { + e->GetUsersForRole("non_exist", { "domain2" }); + } + catch (CasbinRBACException e) { + Assert::IsTrue(true); + } + try { + e->GetUsersForRoleInDomain("non_exist", { "domain2" }); + } + catch (CasbinRBACException e) { + Assert::IsTrue(true); + } + + e->DeleteRoleForUserInDomain("alice", "admin", "domain1"); + e->AddRoleForUserInDomain("bob", "admin", "domain1"); + + Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRole("admin", { "domain1" }))); + Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRoleInDomain("admin", { "domain1" }))); + + try { + e->GetUsersForRole("non_exist", { "domain1" }); + } + catch (CasbinRBACException e) { + Assert::IsTrue(true); + } + try { + e->GetUsersForRoleInDomain("non_exist", { "domain1" }); + } + catch (CasbinRBACException e) { + Assert::IsTrue(true); + } + + Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRole("admin", { "domain2" }))); + Assert::IsTrue(ArrayEquals({ "bob" }, e->GetUsersForRoleInDomain("admin", { "domain2" }))); + + try { + e->GetUsersForRole("non_exist", { "domain2" }); + } + catch (CasbinRBACException e) { + Assert::IsTrue(true); + } + try { + e->GetUsersForRoleInDomain("non_exist", { "domain2" }); + } + catch (CasbinRBACException e) { + Assert::IsTrue(true); + } + } + + TEST_METHOD(TestRoleAPIWithDomains) { + Enforcer* e = Enforcer::NewEnforcer("../../examples/rbac_with_domains_model.conf", "../../examples/rbac_with_domains_policy.csv"); + + Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUser("alice", { "domain1" }))); + Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUserInDomain("alice", { "domain1" }))); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("bob", { "domain1" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("bob", { "domain1" }))); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("admin", { "domain1" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("admin", { "domain1" }))); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("non_exist", { "domain1" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("non_exist", { "domain1" }))); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("alice", { "domain2" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("alice", { "domain2" }))); + + Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUser("bob", { "domain2" }))); + Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUserInDomain("bob", { "domain2" }))); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("admin", { "domain2" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("admin", { "domain2" }))); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("non_exist", { "domain2" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("non_exist", { "domain2" }))); + + e->DeleteRoleForUserInDomain("alice", "admin", "domain1"); + e->AddRoleForUserInDomain("bob", "admin", "domain1"); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("alice", { "domain1" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("alice", { "domain1" }))); + + Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUser("bob", { "domain1" }))); + Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUserInDomain("bob", { "domain1" }))); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("admin", { "domain1" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("admin", { "domain1" }))); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("non_exist", { "domain1" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("non_exist", { "domain1" }))); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("alice", { "domain2" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("alice", { "domain2" }))); + + Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUser("bob", { "domain2" }))); + Assert::IsTrue(ArrayEquals({ "admin" }, e->GetRolesForUserInDomain("bob", { "domain2" }))); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("admin", { "domain2" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("admin", { "domain2" }))); + + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUser("non_exist", { "domain2" }))); + Assert::IsTrue(ArrayEquals({ }, e->GetRolesForUserInDomain("non_exist", { "domain2" }))); + } + + void TestGetPermissionsInDomain(Enforcer* e, string name, string domain, vector> res) { + vector> my_res = e->GetPermissionsForUserInDomain(name, { domain }); + + int count = 0; + for (int i = 0; i < my_res.size(); i++) { + for (int j = 0; j < res.size(); j++) { + if (ArrayEquals(res[j], my_res[i])) { + count += 1; + break; + } + } + } + + Assert::AreEqual(int(res.size()), count); + } + + TEST_METHOD(TestPermissionAPIInDomain) { + Enforcer* e = Enforcer::NewEnforcer("../../examples/rbac_with_domains_model.conf", "../../examples/rbac_with_domains_policy.csv"); + + TestGetPermissionsInDomain(e, "alice", "domain1", {}); + TestGetPermissionsInDomain(e, "bob", "domain1", {}); + TestGetPermissionsInDomain(e, "admin", "domain1", { {"admin", "domain1", "data1", "read"}, {"admin", "domain1", "data1", "write"} }); + TestGetPermissionsInDomain(e, "non_exist", "domain1", {}); + + TestGetPermissionsInDomain(e, "alice", "domain2", {}); + TestGetPermissionsInDomain(e, "bob", "domain2", {}); + TestGetPermissionsInDomain(e, "admin", "domain2", { {"admin", "domain2", "data2", "read"}, {"admin", "domain2", "data2", "write"} }); + TestGetPermissionsInDomain(e, "non_exist", "domain2", {}); + } + }; +} \ No newline at end of file