Google Git
Sign in
apache/casbin-cpp/refs/heads/exprtk_moretest/./tests/rbac_api_with_domains_test.cpp
blob: 792e6c74c13addbf8c5026dacd657656f80fe84c [file] [log] [blame]
/*
* Copyright 2021 The casbin Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This is a test file for testing built in functions in casbin
*/
#include <gtest/gtest.h>
#include <casbin/casbin.h>
#include "config_path.h"
namespace {
TEST(TestRBACAPIWithDomains, TestGetImplicitRolesForDomainUser) {
casbin::Enforcer e(rbac_with_domains_model_path, rbac_with_hierarchy_with_domains_policy_path);
// This is only able to retrieve the first level of roles.
ASSERT_TRUE(casbin::ArrayEquals({ "role:global_admin" }, e.GetRolesForUserInDomain("alice", { "domain1" })));
// Retrieve all inherit roles. It supports domains as well.
ASSERT_TRUE(casbin::ArrayEquals(std::vector<std::string>{"role:global_admin", "role:reader", "role:writer"}, e.GetImplicitRolesForUser("alice", {"domain1"})));
}
// TestUserAPIWithDomains: Add by Gordon
TEST(TestRBACAPIWithDomains, TestUserAPIWithDomains) {
casbin::Enforcer e(rbac_with_domains_model_path, rbac_with_domains_policy_path);
ASSERT_TRUE(casbin::ArrayEquals({ "alice" }, e.GetUsersForRole("admin", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ "alice" }, e.GetUsersForRoleInDomain("admin", { "domain1" })));
try {
e.GetUsersForRole("non_exist", { "domain1" });
}
catch (casbin::CasbinRBACException e) {
ASSERT_TRUE(true);
}
try {
e.GetUsersForRoleInDomain("non_exist", { "domain1" });
}
catch (casbin::CasbinRBACException e) {
ASSERT_TRUE(true);
}
ASSERT_TRUE(casbin::ArrayEquals({ "bob" }, e.GetUsersForRole("admin", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ "bob" }, e.GetUsersForRoleInDomain("admin", { "domain2" })));
try {
e.GetUsersForRole("non_exist", { "domain2" });
}
catch (casbin::CasbinRBACException e) {
ASSERT_TRUE(true);
}
try {
e.GetUsersForRoleInDomain("non_exist", { "domain2" });
}
catch (casbin::CasbinRBACException e) {
ASSERT_TRUE(true);
}
e.DeleteRoleForUserInDomain("alice", "admin", "domain1");
e.AddRoleForUserInDomain("bob", "admin", "domain1");
ASSERT_TRUE(casbin::ArrayEquals({ "bob" }, e.GetUsersForRole("admin", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ "bob" }, e.GetUsersForRoleInDomain("admin", { "domain1" })));
try {
e.GetUsersForRole("non_exist", { "domain1" });
}
catch (casbin::CasbinRBACException e) {
ASSERT_TRUE(true);
}
try {
e.GetUsersForRoleInDomain("non_exist", { "domain1" });
}
catch (casbin::CasbinRBACException e) {
ASSERT_TRUE(true);
}
ASSERT_TRUE(casbin::ArrayEquals({ "bob" }, e.GetUsersForRole("admin", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ "bob" }, e.GetUsersForRoleInDomain("admin", { "domain2" })));
try {
e.GetUsersForRole("non_exist", { "domain2" });
}
catch (casbin::CasbinRBACException e) {
ASSERT_TRUE(true);
}
try {
e.GetUsersForRoleInDomain("non_exist", { "domain2" });
}
catch (casbin::CasbinRBACException e) {
ASSERT_TRUE(true);
}
}
TEST(TestRBACAPIWithDomains, TestRoleAPIWithDomains) {
casbin::Enforcer e(rbac_with_domains_model_path, rbac_with_domains_policy_path);
ASSERT_TRUE(casbin::ArrayEquals({ "admin" }, e.GetRolesForUser("alice", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ "admin" }, e.GetRolesForUserInDomain("alice", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("bob", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("bob", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("admin", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("admin", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("non_exist", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("non_exist", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("alice", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("alice", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ "admin" }, e.GetRolesForUser("bob", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ "admin" }, e.GetRolesForUserInDomain("bob", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("admin", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("admin", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("non_exist", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("non_exist", { "domain2" })));
e.DeleteRoleForUserInDomain("alice", "admin", "domain1");
e.AddRoleForUserInDomain("bob", "admin", "domain1");
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("alice", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("alice", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ "admin" }, e.GetRolesForUser("bob", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ "admin" }, e.GetRolesForUserInDomain("bob", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("admin", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("admin", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("non_exist", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("non_exist", { "domain1" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("alice", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("alice", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ "admin" }, e.GetRolesForUser("bob", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ "admin" }, e.GetRolesForUserInDomain("bob", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("admin", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("admin", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUser("non_exist", { "domain2" })));
ASSERT_TRUE(casbin::ArrayEquals({ }, e.GetRolesForUserInDomain("non_exist", { "domain2" })));
}
void TestGetPermissionsInDomain(casbin::Enforcer& e, const std::string& name, const std::string& domain, const std::vector<std::vector<std::string>>& res) {
std::vector<std::vector<std::string>> my_res = e.GetPermissionsForUserInDomain(name, { domain });
int count = 0;
for (auto& my_response : my_res) {
for (auto& response : res) {
if (casbin::ArrayEquals(response, my_response)) {
++count;
break;
}
}
}
ASSERT_EQ(static_cast<int>(res.size()), count);
}
TEST(TestRBACAPIWithDomains, TestPermissionAPIInDomain) {
casbin::Enforcer e(rbac_with_domains_model_path, rbac_with_domains_policy_path);
TestGetPermissionsInDomain(e, "alice", "domain1", {});
TestGetPermissionsInDomain(e, "bob", "domain1", {});
TestGetPermissionsInDomain(e, "admin", "domain1", { {"admin", "domain1", "data1", "read"}, {"admin", "domain1", "data1", "write"} });
TestGetPermissionsInDomain(e, "non_exist", "domain1", {});
TestGetPermissionsInDomain(e, "alice", "domain2", {});
TestGetPermissionsInDomain(e, "bob", "domain2", {});
TestGetPermissionsInDomain(e, "admin", "domain2", { {"admin", "domain2", "data2", "read"}, {"admin", "domain2", "data2", "write"} });
TestGetPermissionsInDomain(e, "non_exist", "domain2", {});
}
} // namespace