Google Git
Sign in
apache/casbin-cpp/refs/heads/copilot/update-ci-scripts-to-fix-errors/./tests/management_api_test.cpp
blob: 21b69a2a06951cc658026d0331e1b3fe0cc8292a [file] [log] [blame]
/*
* Copyright 2021 The casbin Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This is a test file for testing the Management API in casbin
*/
#include <casbin/casbin.h>
#include <gtest/gtest.h>
#include "config_path.h"
namespace {
TEST(TestManagementAPI, TestGetList) {
casbin::Enforcer e(rbac_model_path, rbac_policy_path);
ASSERT_TRUE(casbin::ArrayEquals({"alice", "bob", "data2_admin"}, e.GetAllSubjects()));
ASSERT_TRUE(casbin::ArrayEquals({"data1", "data2"}, e.GetAllObjects()));
ASSERT_TRUE(casbin::ArrayEquals({"read", "write"}, e.GetAllActions()));
ASSERT_TRUE(casbin::ArrayEquals({"data2_admin"}, e.GetAllRoles()));
}
void TestGetPolicy(casbin::Enforcer& e, const PoliciesValues& res) {
PoliciesValues my_res;
my_res = e.GetPolicy();
int count = 0;
for (auto my_response : my_res) {
for (auto response : res) {
if (casbin::ArrayEquals(my_response, response))
++count;
}
}
ASSERT_EQ(count, res.size());
}
void TestGetFilteredPolicy(casbin::Enforcer& e, int field_index, const PoliciesValues& res, const std::vector<std::string>& field_values) {
auto my_res = e.GetFilteredPolicy(field_index, field_values);
ASSERT_TRUE(
std::multiset<PolicyValues>(res.begin(),res.end()) == std::multiset<PolicyValues>(my_res.begin(), my_res.end())
);
}
void TestGetGroupingPolicy(casbin::Enforcer& e, const PoliciesValues& res) {
auto my_res = e.GetGroupingPolicy();
auto r_it = res.begin();
for(auto m_it = my_res.begin(); m_it != my_res.end(); ++m_it, ++r_it)
ASSERT_TRUE(casbin::ArrayEquals(*m_it, *r_it));
}
void TestGetFilteredGroupingPolicy(casbin::Enforcer& e, int field_index, const PoliciesValues& res, const std::vector<std::string>& field_values) {
auto my_res = e.GetFilteredGroupingPolicy(field_index, field_values);
auto r_it = res.begin();
for(auto m_it = my_res.begin(); m_it != my_res.end(); ++m_it, ++r_it)
ASSERT_TRUE(casbin::ArrayEquals(*m_it, *r_it));
}
void TestHasPolicy(casbin::Enforcer e, const std::vector<std::string>& policy, bool res) {
bool my_res = e.HasPolicy(policy);
ASSERT_EQ(res, my_res);
}
void TestHasGroupingPolicy(casbin::Enforcer& e, const std::vector<std::string>& policy, bool res) {
bool my_res = e.HasGroupingPolicy(policy);
ASSERT_EQ(res, my_res);
}
TEST(TestManagementAPI, TestGetPolicyAPI) {
casbin::Enforcer e(rbac_model_path, rbac_policy_path);
TestGetPolicy(e, PoliciesValues({{"alice", "data1", "read"}, {"bob", "data2", "write"}, {"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}}));
TestGetFilteredPolicy(e, 0, PoliciesValues({{"alice", "data1", "read"}}), {"alice"});
TestGetFilteredPolicy(e, 0, PoliciesValues({{"bob", "data2", "write"}}), {"bob"});
TestGetFilteredPolicy(e, 0, PoliciesValues({{"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}}), {"data2_admin"});
TestGetFilteredPolicy(e, 1, PoliciesValues({{"alice", "data1", "read"}}), {"data1"});
TestGetFilteredPolicy(e, 1, PoliciesValues({{"bob", "data2", "write"}, {"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}}), {"data2"});
TestGetFilteredPolicy(e, 2, PoliciesValues({{"alice", "data1", "read"}, {"data2_admin", "data2", "read"}}), {"read"});
TestGetFilteredPolicy(e, 2, PoliciesValues({{"bob", "data2", "write"}, {"data2_admin", "data2", "write"}}), {"write"});
TestGetFilteredPolicy(e, 0, PoliciesValues({{"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}}), {"data2_admin", "data2"});
// Note: "" (empty string) in fieldValues means matching all values.
TestGetFilteredPolicy(e, 0, PoliciesValues({{"data2_admin", "data2", "read"}}), {"data2_admin", "", "read"});
TestGetFilteredPolicy(e, 1, PoliciesValues({{"bob", "data2", "write"}, {"data2_admin", "data2", "write"}}), {"data2", "write"});
TestHasPolicy(e, {"alice", "data1", "read"}, true);
TestHasPolicy(e, {"bob", "data2", "write"}, true);
TestHasPolicy(e, {"alice", "data2", "read"}, false);
TestHasPolicy(e, {"bob", "data3", "write"}, false);
TestGetGroupingPolicy(e, PoliciesValues({{"alice", "data2_admin"}}));
TestGetFilteredGroupingPolicy(e, 0, PoliciesValues({{"alice", "data2_admin"}}), {"alice"});
TestGetFilteredGroupingPolicy(e, 0, PoliciesValues({}), {"bob"});
TestGetFilteredGroupingPolicy(e, 1, PoliciesValues({}), {"data1_admin"});
TestGetFilteredGroupingPolicy(e, 1, PoliciesValues({{"alice", "data2_admin"}}), {"data2_admin"});
// Note: "" (empty string) in fieldValues means matching all values.
TestGetFilteredGroupingPolicy(e, 0, PoliciesValues({{"alice", "data2_admin"}}), {"", "data2_admin"});
TestHasGroupingPolicy(e, {"alice", "data2_admin"}, true);
TestHasGroupingPolicy(e, {"bob", "data2_admin"}, false);
}
TEST(TestManagementAPI, TestModifyPolicyAPI) {
std::shared_ptr<casbin::Adapter> adapter = std::make_shared<casbin::BatchFileAdapter>(rbac_policy_path);
casbin::Enforcer e(rbac_model_path, adapter);
TestGetPolicy(e, PoliciesValues({{"alice", "data1", "read"}, {"bob", "data2", "write"}, {"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}}));
e.RemovePolicy({"alice", "data1", "read"});
e.RemovePolicy({"bob", "data2", "write"});
e.RemovePolicy({"alice", "data1", "read"});
e.AddPolicy({"eve", "data3", "read"});
e.AddPolicy({"eve", "data3", "read"});
PoliciesValues rules({
{"jack", "data4", "read"},
{"katy", "data4", "write"},
{"leyo", "data4", "read"},
{"ham", "data4", "write"},
});
e.AddPolicies(rules);
e.AddPolicies(rules);
TestGetPolicy(e, PoliciesValues({{"data2_admin", "data2", "read"},
{"data2_admin", "data2", "write"},
{"eve", "data3", "read"},
{"jack", "data4", "read"},
{"katy", "data4", "write"},
{"leyo", "data4", "read"},
{"ham", "data4", "write"}}));
e.RemovePolicies(rules);
e.RemovePolicies(rules);
std::vector<std::string> named_policy{"eve", "data3", "read"};
e.RemoveNamedPolicy("p", named_policy);
e.AddNamedPolicy("p", named_policy);
TestGetPolicy(e, PoliciesValues({{"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}, {"eve", "data3", "read"}}));
e.RemoveFilteredPolicy(1, {"data2"});
TestGetPolicy(e, PoliciesValues({{"eve", "data3", "read"}}));
e.UpdatePolicy({"eve", "data3", "read"}, {"eve", "data3", "write"});
TestGetPolicy(e, PoliciesValues({{"eve", "data3", "write"}}));
e.AddPolicies(rules);
e.UpdatePolicies(PoliciesValues({{"eve", "data3", "write"}, {"leyo", "data4", "read"}, {"katy", "data4", "write"}}), PoliciesValues({{"eve", "data3", "read"}, {"leyo", "data4", "write"}, {"katy", "data1", "write"}}));
TestGetPolicy(e, PoliciesValues({{"eve", "data3", "read"}, {"leyo", "data4", "write"}, {"katy", "data1", "write"}}));
}
TEST(TestManagementAPI, TestModifyGroupingPolicyAPI) {
std::shared_ptr<casbin::Adapter> adapter = std::make_shared<casbin::BatchFileAdapter>(rbac_policy_path);
casbin::Enforcer e(rbac_model_path, adapter);
ASSERT_TRUE(casbin::ArrayEquals({"data2_admin"}, e.GetRolesForUser("alice")));
ASSERT_TRUE(casbin::ArrayEquals({}, e.GetRolesForUser("bob")));
ASSERT_TRUE(casbin::ArrayEquals({}, e.GetRolesForUser("eve")));
ASSERT_TRUE(casbin::ArrayEquals({}, e.GetRolesForUser("non_exist")));
e.RemoveGroupingPolicy({"alice", "data2_admin"});
e.AddGroupingPolicy({"bob", "data1_admin"});
e.AddGroupingPolicy({"eve", "data3_admin"});
PoliciesValues grouping_rules({
{"ham", "data4_admin"},
{"jack", "data5_admin"},
});
e.AddGroupingPolicies(grouping_rules);
ASSERT_TRUE(casbin::ArrayEquals({"data4_admin"}, e.GetRolesForUser("ham")));
ASSERT_TRUE(casbin::ArrayEquals({"data5_admin"}, e.GetRolesForUser("jack")));
e.RemoveGroupingPolicies(grouping_rules);
ASSERT_TRUE(casbin::ArrayEquals({}, e.GetRolesForUser("alice")));
std::vector<std::string> named_grouping_policy{"alice", "data2_admin"};
ASSERT_TRUE(casbin::ArrayEquals({}, e.GetRolesForUser("alice")));
e.AddNamedGroupingPolicy("g", named_grouping_policy);
ASSERT_TRUE(casbin::ArrayEquals({"data2_admin"}, e.GetRolesForUser("alice")));
e.RemoveNamedGroupingPolicy("g", named_grouping_policy);
e.AddNamedGroupingPolicies("g", grouping_rules);
e.AddNamedGroupingPolicies("g", grouping_rules);
ASSERT_TRUE(casbin::ArrayEquals({"data4_admin"}, e.GetRolesForUser("ham")));
ASSERT_TRUE(casbin::ArrayEquals({"data5_admin"}, e.GetRolesForUser("jack")));
e.RemoveNamedGroupingPolicies("g", grouping_rules);
e.RemoveNamedGroupingPolicies("g", grouping_rules);
ASSERT_TRUE(casbin::ArrayEquals({}, e.GetRolesForUser("alice")));
ASSERT_TRUE(casbin::ArrayEquals({"data1_admin"}, e.GetRolesForUser("bob")));
ASSERT_TRUE(casbin::ArrayEquals({"data3_admin"}, e.GetRolesForUser("eve")));
ASSERT_TRUE(casbin::ArrayEquals({}, e.GetRolesForUser("non_exist")));
ASSERT_TRUE(casbin::ArrayEquals({"bob"}, e.GetUsersForRole("data1_admin")));
try {
e.GetUsersForRole("data2_admin", {});
} catch (casbin::CasbinRBACException e) {
ASSERT_TRUE(true);
}
ASSERT_TRUE(casbin::ArrayEquals({"eve"}, e.GetUsersForRole("data3_admin")));
e.RemoveFilteredGroupingPolicy(0, {"bob"});
ASSERT_TRUE(casbin::ArrayEquals({}, e.GetRolesForUser("alice")));
ASSERT_TRUE(casbin::ArrayEquals({}, e.GetRolesForUser("bob")));
ASSERT_TRUE(casbin::ArrayEquals({"data3_admin"}, e.GetRolesForUser("eve")));
ASSERT_TRUE(casbin::ArrayEquals({}, e.GetRolesForUser("non_exist")));
try {
e.GetUsersForRole("data1_admin");
} catch (casbin::CasbinRBACException e) {
ASSERT_TRUE(true);
}
try {
e.GetUsersForRole("data2_admin");
} catch (casbin::CasbinRBACException e) {
ASSERT_TRUE(true);
}
ASSERT_TRUE(casbin::ArrayEquals({"eve"}, e.GetUsersForRole("data3_admin")));
ASSERT_TRUE(e.AddGroupingPolicy({"data3_admin", "data4_admin"}));
e.UpdateGroupingPolicy({"eve", "data3_admin"}, {"eve", "admin"});
e.UpdateGroupingPolicy({"data3_admin", "data4_admin"}, {"admin", "data4_admin"});
// ASSERT_TRUE(casbin::ArrayEquals({"admin"}, e.GetUsersForRole("data4_admin")));
ASSERT_TRUE(casbin::ArrayEquals({"eve"}, e.GetUsersForRole("admin")));
ASSERT_TRUE(casbin::ArrayEquals({"admin"}, e.GetRolesForUser("eve")));
ASSERT_TRUE(casbin::ArrayEquals({"data4_admin"}, e.GetRolesForUser("admin")));
}
} // namespace