def test_has_permission_for_user(self):
e = get_enforcer(get_examples("basic_without_resources_model.conf"),
get_examples("basic_without_resources_policy.csv"))
self.assertTrue(e.has_permission_for_user('alice', *['read']))
self.assertFalse(e.has_permission_for_user('alice', *['write']))
self.assertFalse(e.has_permission_for_user('bob', *['read']))
self.assertTrue(e.has_permission_for_user('bob', *['write']))
def test_add_permission_for_user(self):
e = get_enforcer(get_examples("basic_without_resources_model.conf"),
get_examples("basic_without_resources_policy.csv"))
e.delete_permission('read')
e.add_permission_for_user('bob', 'read')
self.assertTrue(e.enforce('bob', 'read'))
self.assertTrue(e.enforce('bob', 'write'))
def test_get_roles_for_user(self):
e = get_enforcer(get_examples("rbac_model.conf"),
get_examples("rbac_policy.csv"))
self.assertEqual(e.get_roles_for_user('alice'), ['data2_admin'])
self.assertEqual(e.get_roles_for_user('bob'), [])
self.assertEqual(e.get_roles_for_user('data2_admin'), [])
self.assertEqual(e.get_roles_for_user('non_exist'), [])
def test_get_policy_api(self):
e = get_enforcer(
get_examples("rbac_model.conf"),
get_examples("rbac_policy.csv"),
)
self.assertEqual(e.get_policy(), [
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
])
self.assertEqual(e.get_filtered_policy(0, 'alice'),
[['alice', 'data1', 'read']])
self.assertEqual(e.get_filtered_policy(0, 'bob'),
[['bob', 'data2', 'write']])
self.assertEqual(e.get_filtered_policy(0, 'data2_admin'),
[['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write']])
self.assertEqual(e.get_filtered_policy(1, 'data1'),
[['alice', 'data1', 'read']])
self.assertEqual(
e.get_filtered_policy(1, 'data2'),
[['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write']])
self.assertEqual(
e.get_filtered_policy(2, 'read'),
[['alice', 'data1', 'read'], ['data2_admin', 'data2', 'read']])
self.assertEqual(
e.get_filtered_policy(2, 'write'),
[['bob', 'data2', 'write'], ['data2_admin', 'data2', 'write']])
self.assertEqual(e.get_filtered_policy(0, 'data2_admin', 'data2'),
[['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write']])
# Note: "" (empty string) in fieldValues means matching all values.
self.assertEqual(e.get_filtered_policy(0, 'data2_admin', '', 'read'),
[['data2_admin', 'data2', 'read']])
self.assertEqual(
e.get_filtered_policy(1, 'data2', 'write'),
[['bob', 'data2', 'write'], ['data2_admin', 'data2', 'write']])
self.assertTrue(e.has_policy(['alice', 'data1', 'read']))
self.assertTrue(e.has_policy(['bob', 'data2', 'write']))
self.assertFalse(e.has_policy(['alice', 'data2', 'read']))
self.assertFalse(e.has_policy(['bob', 'data3', 'write']))
self.assertEqual(e.get_grouping_policy(), [['alice', 'data2_admin']])
self.assertEqual(e.get_filtered_grouping_policy(0, 'alice'),
[['alice', 'data2_admin']])
self.assertEqual(e.get_filtered_grouping_policy(0, 'bob'), [])
self.assertEqual(e.get_filtered_grouping_policy(1, 'data1_admin'), [])
self.assertEqual(e.get_filtered_grouping_policy(1, 'data2_admin'),
[['alice', 'data2_admin']])
# Note: "" (empty string) in fieldValues means matching all values.
self.assertEqual(e.get_filtered_grouping_policy(0, '', 'data2_admin'),
[['alice', 'data2_admin']])
self.assertTrue(e.has_grouping_policy(['alice', 'data2_admin']))
self.assertFalse(e.has_grouping_policy(['bob', 'data2_admin']))
def test_delete_role_for_user(self):
e = get_enforcer(get_examples("rbac_model.conf"),
get_examples("rbac_policy.csv"))
e.add_role_for_user('alice', 'data1_admin')
self.assertEqual(e.get_roles_for_user('alice'),
['data2_admin', 'data1_admin'])
e.delete_role_for_user('alice', 'data1_admin')
self.assertEqual(e.get_roles_for_user('alice'), ['data2_admin'])
def test_benchmark_rbac_model(self):
e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv"))
time = 10000
start = datetime.datetime.now()
for i in range(0, time):
e.enforce("alice", "data2", "read")
end = datetime.datetime.now()
print_time_diff(start, end, time)
def test_enforce_implicit_roles_with_domain(self):
e = get_enforcer(
get_examples("rbac_with_domains_model.conf"),
get_examples("rbac_with_hierarchy_with_domains_policy.csv"))
self.assertTrue(
e.get_roles_for_user_in_domain('alice', 'domain1') ==
['role:global_admin'])
self.assertTrue(
e.get_implicit_roles_for_user('alice', 'domain1') ==
["role:global_admin", "role:reader", "role:writer"])
def test_get_list(self):
e = get_enforcer(
get_examples("rbac_model.conf"),
get_examples("rbac_policy.csv"),
# True,
)
self.assertEqual(e.get_all_subjects(), ['alice', 'bob', 'data2_admin'])
self.assertEqual(e.get_all_objects(), ['data1', 'data2'])
self.assertEqual(e.get_all_actions(), ['read', 'write'])
self.assertEqual(e.get_all_roles(), ['data2_admin'])
def test_delete_role(self):
e = get_enforcer(get_examples("rbac_model.conf"),
get_examples("rbac_policy.csv"))
e.delete_role('data2_admin')
self.assertTrue(e.enforce('alice', 'data1', 'read'))
self.assertFalse(e.enforce('alice', 'data1', 'write'))
self.assertFalse(e.enforce('alice', 'data2', 'read'))
self.assertFalse(e.enforce('alice', 'data2', 'write'))
self.assertFalse(e.enforce('bob', 'data1', 'read'))
self.assertFalse(e.enforce('bob', 'data1', 'write'))
self.assertFalse(e.enforce('bob', 'data2', 'read'))
self.assertTrue(e.enforce('bob', 'data2', 'write'))
def test_implicit_user_api(self):
e = get_enforcer(get_examples("rbac_model.conf"),
get_examples("rbac_with_hierarchy_policy.csv"))
self.assertEqual(["alice"],
e.get_implicit_users_for_permission("data1", "read"))
self.assertEqual(["alice"],
e.get_implicit_users_for_permission("data1", "write"))
self.assertEqual(["alice"],
e.get_implicit_users_for_permission("data2", "read"))
self.assertEqual(["alice", "bob"],
e.get_implicit_users_for_permission("data2", "write"))
def test_enforce_implicit_roles_api(self):
e = get_enforcer(get_examples("rbac_model.conf"),
get_examples("rbac_with_hierarchy_policy.csv"))
self.assertTrue(
e.get_permissions_for_user('alice') == [["alice", "data1", "read"]
])
self.assertTrue(
e.get_permissions_for_user('bob') == [["bob", "data2", "write"]])
self.assertTrue(
e.get_implicit_roles_for_user('alice') ==
['admin', 'data1_admin', 'data2_admin'])
self.assertTrue(e.get_implicit_roles_for_user('bob') == [])
def test_enforce_implicit_permissions_api_with_domain(self):
e = get_enforcer(
get_examples("rbac_with_domains_model.conf"),
get_examples("rbac_with_hierarchy_with_domains_policy.csv"))
self.assertTrue(
e.get_roles_for_user_in_domain('alice', 'domain1') ==
['role:global_admin'])
self.assertTrue(
e.get_implicit_roles_for_user('alice', 'domain1') ==
['role:global_admin', 'role:reader', 'role:writer'])
self.assertTrue(
e.get_implicit_permissions_for_user('alice', 'domain1') ==
[['alice', 'domain1', 'data2', 'read'],
["role:reader", "domain1", "data1", "read"],
["role:writer", "domain1", "data1", "write"]])
self.assertTrue(
e.get_implicit_permissions_for_user('bob', 'domain1') == [])
def test_enforce_get_users_in_domain(self):
e = get_enforcer(get_examples("rbac_with_domains_model.conf"),
get_examples("rbac_with_domains_policy.csv"))
self.assertTrue(
e.get_users_for_role_in_domain('admin', 'domain1') == ['alice'])
self.assertTrue(
e.get_users_for_role_in_domain('non_exist', 'domain1') == [])
self.assertTrue(
e.get_users_for_role_in_domain('admin', 'domain2') == ['bob'])
self.assertTrue(
e.get_users_for_role_in_domain('non_exist', 'domain2') == [])
e.delete_roles_for_user_in_domain('alice', 'admin', 'domain1')
e.add_role_for_user_in_domain('bob', 'admin', 'domain1')
self.assertTrue(
e.get_users_for_role_in_domain('admin', 'domain1') == ['bob'])
self.assertTrue(
e.get_users_for_role_in_domain('non_exist', 'domain1') == [])
self.assertTrue(
e.get_users_for_role_in_domain('admin', 'domain2') == ['bob'])
self.assertTrue(
e.get_users_for_role_in_domain('non_exist', 'domain2') == [])
def test_modify_policy_api(self):
e = get_enforcer(
get_examples("rbac_model.conf"),
get_examples("rbac_policy.csv"),
# True,
)
self.assertEqual(e.get_policy(), [
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
])
e.add_policy('eve', 'data3', 'read')
e.add_named_policy('p', ['eve', 'data3', 'write'])
self.assertEqual(e.get_policy(), [
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
['eve', 'data3', 'read'],
['eve', 'data3', 'write'],
])
def test_modify_policy_api(self):
e = get_enforcer(
get_examples("rbac_model.conf"),
get_examples("rbac_policy.csv"),
# True,
)
self.assertEqual(e.get_policy(), [
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
])
e.add_policy('eve', 'data3', 'read')
e.add_named_policy('p', ['eve', 'data3', 'write'])
self.assertEqual(e.get_policy(), [
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
['eve', 'data3', 'read'],
['eve', 'data3', 'write'],
])
rules = {
["jack", "data4", "read"],
["jack", "data4", "read"],
["jack", "data4", "read"],
["katy", "data4", "write"],
["leyo", "data4", "read"],
["katy", "data4", "write"],
["katy", "data4", "write"],
["ham", "data4", "write"],
}
e.add_policies(rules)
e.add_named_policies('p', rules)
self.assertEqual(e.get_policy(), [
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
['eve', 'data3', 'read'],
['eve', 'data3', 'write'],
["jack", "data4", "read"],
["jack", "data4", "read"],
["jack", "data4", "read"],
["katy", "data4", "write"],
["leyo", "data4", "read"],
["katy", "data4", "write"],
["katy", "data4", "write"],
["ham", "data4", "write"],
])
e.remove_policies(rules)
e.remove_named_policies('p', rules)
self.assertEqual(e.get_policy(), [
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
['eve', 'data3', 'read'],
['eve', 'data3', 'write'],
])
def test_get_permissions_for_user(self):
e = get_enforcer(get_examples("basic_without_resources_model.conf"),
get_examples("basic_without_resources_policy.csv"))
self.assertEqual(e.get_permissions_for_user('alice'),
[['alice', 'read']])
def test_delete_user(self):
e = get_enforcer(get_examples("rbac_model.conf"),
get_examples("rbac_policy.csv"))
e.delete_user('alice')
self.assertEqual(e.get_roles_for_user('alice'), [])
def test_has_role_for_user(self):
e = get_enforcer(get_examples("rbac_model.conf"),
get_examples("rbac_policy.csv"))
self.assertTrue(e.has_role_for_user('alice', 'data2_admin'))
self.assertFalse(e.has_role_for_user('alice', 'data1_admin'))
def test_get_users_for_role(self):
e = get_enforcer(get_examples("rbac_model.conf"),
get_examples("rbac_policy.csv"))
self.assertEqual(e.get_users_for_role('data2_admin'), ['alice'])
