/*
 * Copyright 2021 The casbin Authors. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * This is a test file for testing built in functions in casbin
 */

#include <casbin/casbin.h>
#include <gtest/gtest.h>

#include "config_path.h"

namespace {
std::string global_sub;
std::string global_obj;
std::string global_act;
std::string global_domain;

template <typename T>
std::shared_ptr<casbin::IEvaluator> InitializeParams(const std::string& sub, const std::string& obj, const std::string& act) {
    auto evaluator = std::make_shared<T>();
    evaluator->InitialObject("r");

    // Because of "Short String Optimization", these strings's data is in stack.
    // For MSVC compiler, when this stack frame return, these memory will can't access.
    // So we need keep this memory accessiable.
    global_sub = sub;
    global_obj = obj;
    global_act = act;

    evaluator->PushObjectString("r", "sub", global_sub);
    evaluator->PushObjectString("r", "obj", global_obj);
    evaluator->PushObjectString("r", "act", global_act);

    return evaluator;
}

template <typename T>
std::shared_ptr<casbin::IEvaluator> InitializeParamsWithoutUsers(const std::string& obj, const std::string& act) {
    auto evaluator = std::make_shared<T>();
    evaluator->InitialObject("r");

    global_obj = obj;
    global_act = act;
    evaluator->PushObjectString("r", "obj", global_obj);
    evaluator->PushObjectString("r", "act", global_act);
    return evaluator;
}

template <typename T>
std::shared_ptr<casbin::IEvaluator> InitializeParamsWithoutResources(const std::string& sub, const std::string& act) {
    auto evaluator = std::make_shared<T>();
    evaluator->InitialObject("r");

    global_sub = sub;
    global_act = act;
    evaluator->PushObjectString("r", "sub", global_sub);
    evaluator->PushObjectString("r", "act", global_act);
    return evaluator;
}

template <typename T>
std::shared_ptr<casbin::IEvaluator> InitializeParamsWithDomains(const std::string& sub, const std::string& domain, const std::string& obj, const std::string& act) {
    auto evaluator = std::make_shared<T>();
    evaluator->InitialObject("r");

    global_sub = sub;
    global_obj = obj;
    global_act = act;
    global_domain = domain;

    evaluator->PushObjectString("r", "sub", global_sub);
    evaluator->PushObjectString("r", "dom", global_domain);
    evaluator->PushObjectString("r", "obj", global_obj);
    evaluator->PushObjectString("r", "act", global_act);
    return evaluator;
}

// casbin::Scope InitializeParamsWithJson(std::shared_ptr<nlohmann::json> sub, std::string obj, std::string act) {
//     casbin::Scope scope = casbin::InitializeScope();
//     casbin::PushObject(scope, "r");

//     casbin::PushStringPropToObject(scope, "r", obj, "obj");
//     casbin::PushStringPropToObject(scope, "r", act, "act");

//     casbin::PushObject(scope, "sub");
//     casbin::PushObjectPropFromJson(scope, *sub, "sub");
//     casbin::PushObjectPropToObject(scope, "r", "sub");

//     return scope;
// }

// void TestEnforce(casbin::Enforcer& e, casbin::Scope& scope, bool res) {
//     auto evaluator = std::make_shared<casbin::DuktapeEvaluator>(scope);
//     ASSERT_EQ(res, e.Enforce(evaluator));
// }

void TestEnforce(casbin::Enforcer& e, std::shared_ptr<casbin::IEvaluator> evaluator, bool res) { ASSERT_EQ(res, e.Enforce(evaluator)); }

TEST(TestModelEnforcer, TestBasicModel) {
    casbin::Enforcer e(basic_model_path, basic_policy_path);

    std::shared_ptr<casbin::IEvaluator> evaluator;

    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestBasicModelWithoutSpaces) {
    casbin::Enforcer e(basic_model_without_spaces_path, basic_policy_path);

    std::shared_ptr<casbin::IEvaluator> evaluator;

    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestBasicModelNoPolicy) {
    casbin::Enforcer e(basic_model_path);

    std::shared_ptr<casbin::IEvaluator> evaluator;

    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
    TestEnforce(e, evaluator, false);
}

TEST(TestModelEnforcer, TestBasicModelWithRoot) {
    casbin::Enforcer e(basic_with_root_model_path, basic_policy_path);

    std::shared_ptr<casbin::IEvaluator> evaluator;

    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("root", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("root", "data1", "write");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("root", "data2", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("root", "data2", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestBasicModelWithRootNoPolicy) {
    casbin::Enforcer e(basic_with_root_model_path);

    std::shared_ptr<casbin::IEvaluator> evaluator;

    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("root", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("root", "data1", "write");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("root", "data2", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("root", "data2", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestBasicModelWithoutUsers) {
    casbin::Enforcer e(basic_without_users_model_path, basic_without_users_policy_path);

    auto evaluator = InitializeParamsWithoutUsers<casbin::ExprtkEvaluator>("data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParamsWithoutUsers<casbin::ExprtkEvaluator>("data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithoutUsers<casbin::ExprtkEvaluator>("data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithoutUsers<casbin::ExprtkEvaluator>("data2", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestBasicModelWithoutResources) {
    casbin::Enforcer e(basic_without_resources_model_path, basic_without_resources_policy_path);

    auto evaluator = InitializeParamsWithoutResources<casbin::ExprtkEvaluator>("alice", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParamsWithoutResources<casbin::ExprtkEvaluator>("alice", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithoutResources<casbin::ExprtkEvaluator>("bob", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithoutResources<casbin::ExprtkEvaluator>("bob", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestRBACModel) {
    casbin::Enforcer e(rbac_model_path, rbac_policy_path);

    std::shared_ptr<casbin::IEvaluator> evaluator;

    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestRBACModelWithResourceRoles) {
    casbin::Enforcer e(rbac_with_resource_roles_model_path, rbac_with_resource_roles_policy_path);

    std::shared_ptr<casbin::IEvaluator> evaluator;

    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestRBACModelWithDomains) {
    casbin::Enforcer e(rbac_with_domains_model_path, rbac_with_domains_policy_path);

    auto evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data1", "write");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data2", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data2", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data2", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestRBACModelWithDomainsAtRuntime) {
    casbin::Enforcer e(rbac_with_domains_model_path);

    std::vector<std::string> params{"admin", "domain1", "data1", "read"};
    e.AddPolicy(params);
    params = std::vector<std::string>{"admin", "domain1", "data1", "write"};
    e.AddPolicy(params);
    params = std::vector<std::string>{"admin", "domain2", "data2", "read"};
    e.AddPolicy(params);
    params = std::vector<std::string>{"admin", "domain2", "data2", "write"};
    e.AddPolicy(params);

    params = std::vector<std::string>{"alice", "admin", "domain1"};
    e.AddGroupingPolicy(params);
    params = std::vector<std::string>{"bob", "admin", "domain2"};
    e.AddGroupingPolicy(params);

    auto evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data1", "write");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data2", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data2", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data2", "write");
    TestEnforce(e, evaluator, true);

    // Remove all policy rules related to domain1 and data1.
    params = std::vector<std::string>{"domain1", "data1"};
    e.RemoveFilteredPolicy(1, params);

    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data2", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data2", "write");
    TestEnforce(e, evaluator, true);

    // Remove the specified policy rule.
    params = std::vector<std::string>{"admin", "domain2", "data2", "read"};
    e.RemovePolicy(params);

    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data2", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data2", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestRBACModelWithDomainsAtRuntimeMockAdapter) {
    std::shared_ptr<casbin::Adapter> adapter = std::make_shared<casbin::FileAdapter>(rbac_with_domains_policy_path);
    casbin::Enforcer e(rbac_with_domains_model_path, adapter);

    std::vector<std::string> params{"admin", "domain3", "data1", "read"};
    e.AddPolicy(params);
    params = std::vector<std::string>{"alice", "admin", "domain3"};
    e.AddGroupingPolicy(params);

    auto evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain3", "data1", "read");
    TestEnforce(e, evaluator, true);

    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data1", "read");
    TestEnforce(e, evaluator, true);

    params = std::vector<std::string>{"domain1", "data1"};
    e.RemoveFilteredPolicy(1, params);

    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("alice", "domain1", "data1", "read");
    TestEnforce(e, evaluator, false);

    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data2", "read");
    TestEnforce(e, evaluator, true);
    params = std::vector<std::string>{"admin", "domain2", "data2", "read"};
    e.RemovePolicy(params);

    evaluator = InitializeParamsWithDomains<casbin::ExprtkEvaluator>("bob", "domain2", "data2", "read");
    TestEnforce(e, evaluator, false);
}

TEST(TestModelEnforcer, TestRBACModelWithDeny) {
    casbin::Enforcer e(rbac_with_deny_model_path, rbac_with_deny_policy_path);

    std::shared_ptr<casbin::IEvaluator> evaluator;

    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestRBACModelWithOnlyDeny) {
    casbin::Enforcer e(rbac_with_not_deny_model_path, rbac_with_deny_policy_path);

    auto evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
    TestEnforce(e, evaluator, false);
}

TEST(TestModelEnforcer, TestRBACModelWithCustomData) {
    casbin::Enforcer e(rbac_model_path, rbac_policy_path);

    // You can add custom data to a grouping policy, Casbin will ignore it. It is only meaningful to the caller.
    // This feature can be used to store information like whether "bob" is an end user (so no subject will inherit "bob")
    // For Casbin, it is equivalent to: e.AddGroupingPolicy("bob", "data2_admin")
    std::vector<std::string> params{"bob", "data2_admin", "custom_data"};
    e.AddGroupingPolicy(params);

    auto evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
    TestEnforce(e, evaluator, true);

    // You should also take the custom data as a parameter when deleting a grouping policy.
    // e.RemoveGroupingPolicy("bob", "data2_admin") won't work.
    // Or you can remove it by using RemoveFilteredGroupingPolicy().
    params = std::vector<std::string>{"bob", "data2_admin", "custom_data"};
    e.RemoveGroupingPolicy(params);

    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
    TestEnforce(e, evaluator, true);
}

TEST(TestModelEnforcer, TestRBACModelWithPattern) {
    casbin::Enforcer e(rbac_with_pattern_model_path, rbac_with_pattern_policy_path);

    // Here's a little confusing: the matching function here is not the custom function used in matcher.
    // It is the matching function used by "g" (and "g2", "g3" if any..)
    // You can see in policy that: "g2, /book/:id, book_group", so in "g2()" function in the matcher, instead
    // of checking whether "/book/:id" equals the obj: "/book/1", it checks whether the pattern matches.
    // You can see it as normal RBAC: "/book/:id" == "/book/1" becomes KeyMatch2("/book/:id", "/book/1")
    e.AddNamedMatchingFunc("p", "", casbin::KeyMatch2);

    auto evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "/book/1", "GET");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "/book/2", "GET");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "/pen/1", "GET");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "/pen/2", "GET");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "/book/1", "GET");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "/book/2", "GET");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "/pen/1", "GET");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "/pen/2", "GET");
    TestEnforce(e, evaluator, true);

    // AddMatchingFunc() is actually setting a function because only one function is allowed,
    // so when we set "KeyMatch3", we are actually replacing "KeyMatch2" with "KeyMatch3".
    e.AddNamedMatchingFunc("p", "", casbin::KeyMatch3);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "/book2/1", "GET");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "/book2/2", "GET");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "/pen2/1", "GET");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "/pen2/2", "GET");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "/book2/1", "GET");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "/book2/2", "GET");
    TestEnforce(e, evaluator, false);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "/pen2/1", "GET");
    TestEnforce(e, evaluator, true);
    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "/pen2/2", "GET");
    TestEnforce(e, evaluator, true);
}

} // namespace