def test_has_permission_for_user(self): e = get_enforcer(get_examples("basic_without_resources_model.conf"), get_examples("basic_without_resources_policy.csv")) self.assertTrue(e.has_permission_for_user('alice', *['read'])) self.assertFalse(e.has_permission_for_user('alice', *['write'])) self.assertFalse(e.has_permission_for_user('bob', *['read'])) self.assertTrue(e.has_permission_for_user('bob', *['write']))
def test_add_permission_for_user(self): e = get_enforcer(get_examples("basic_without_resources_model.conf"), get_examples("basic_without_resources_policy.csv")) e.delete_permission('read') e.add_permission_for_user('bob', 'read') self.assertTrue(e.enforce('bob', 'read')) self.assertTrue(e.enforce('bob', 'write'))
def test_get_roles_for_user(self): e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) self.assertEqual(e.get_roles_for_user('alice'), ['data2_admin']) self.assertEqual(e.get_roles_for_user('bob'), []) self.assertEqual(e.get_roles_for_user('data2_admin'), []) self.assertEqual(e.get_roles_for_user('non_exist'), [])
def test_get_policy_api(self): e = get_enforcer( get_examples("rbac_model.conf"), get_examples("rbac_policy.csv"), ) self.assertEqual(e.get_policy(), [ ['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write'], ]) self.assertEqual(e.get_filtered_policy(0, 'alice'), [['alice', 'data1', 'read']]) self.assertEqual(e.get_filtered_policy(0, 'bob'), [['bob', 'data2', 'write']]) self.assertEqual(e.get_filtered_policy(0, 'data2_admin'), [['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write']]) self.assertEqual(e.get_filtered_policy(1, 'data1'), [['alice', 'data1', 'read']]) self.assertEqual( e.get_filtered_policy(1, 'data2'), [['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write']]) self.assertEqual( e.get_filtered_policy(2, 'read'), [['alice', 'data1', 'read'], ['data2_admin', 'data2', 'read']]) self.assertEqual( e.get_filtered_policy(2, 'write'), [['bob', 'data2', 'write'], ['data2_admin', 'data2', 'write']]) self.assertEqual(e.get_filtered_policy(0, 'data2_admin', 'data2'), [['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write']]) # Note: "" (empty string) in fieldValues means matching all values. self.assertEqual(e.get_filtered_policy(0, 'data2_admin', '', 'read'), [['data2_admin', 'data2', 'read']]) self.assertEqual( e.get_filtered_policy(1, 'data2', 'write'), [['bob', 'data2', 'write'], ['data2_admin', 'data2', 'write']]) self.assertTrue(e.has_policy(['alice', 'data1', 'read'])) self.assertTrue(e.has_policy(['bob', 'data2', 'write'])) self.assertFalse(e.has_policy(['alice', 'data2', 'read'])) self.assertFalse(e.has_policy(['bob', 'data3', 'write'])) self.assertEqual(e.get_grouping_policy(), [['alice', 'data2_admin']]) self.assertEqual(e.get_filtered_grouping_policy(0, 'alice'), [['alice', 'data2_admin']]) self.assertEqual(e.get_filtered_grouping_policy(0, 'bob'), []) self.assertEqual(e.get_filtered_grouping_policy(1, 'data1_admin'), []) self.assertEqual(e.get_filtered_grouping_policy(1, 'data2_admin'), [['alice', 'data2_admin']]) # Note: "" (empty string) in fieldValues means matching all values. self.assertEqual(e.get_filtered_grouping_policy(0, '', 'data2_admin'), [['alice', 'data2_admin']]) self.assertTrue(e.has_grouping_policy(['alice', 'data2_admin'])) self.assertFalse(e.has_grouping_policy(['bob', 'data2_admin']))
def test_delete_role_for_user(self): e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) e.add_role_for_user('alice', 'data1_admin') self.assertEqual(e.get_roles_for_user('alice'), ['data2_admin', 'data1_admin']) e.delete_role_for_user('alice', 'data1_admin') self.assertEqual(e.get_roles_for_user('alice'), ['data2_admin'])
def test_benchmark_rbac_model(self): e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) time = 10000 start = datetime.datetime.now() for i in range(0, time): e.enforce("alice", "data2", "read") end = datetime.datetime.now() print_time_diff(start, end, time)
def test_enforce_implicit_roles_with_domain(self): e = get_enforcer( get_examples("rbac_with_domains_model.conf"), get_examples("rbac_with_hierarchy_with_domains_policy.csv")) self.assertTrue( e.get_roles_for_user_in_domain('alice', 'domain1') == ['role:global_admin']) self.assertTrue( e.get_implicit_roles_for_user('alice', 'domain1') == ["role:global_admin", "role:reader", "role:writer"])
def test_get_list(self): e = get_enforcer( get_examples("rbac_model.conf"), get_examples("rbac_policy.csv"), # True, ) self.assertEqual(e.get_all_subjects(), ['alice', 'bob', 'data2_admin']) self.assertEqual(e.get_all_objects(), ['data1', 'data2']) self.assertEqual(e.get_all_actions(), ['read', 'write']) self.assertEqual(e.get_all_roles(), ['data2_admin'])
def test_delete_role(self): e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) e.delete_role('data2_admin') self.assertTrue(e.enforce('alice', 'data1', 'read')) self.assertFalse(e.enforce('alice', 'data1', 'write')) self.assertFalse(e.enforce('alice', 'data2', 'read')) self.assertFalse(e.enforce('alice', 'data2', 'write')) self.assertFalse(e.enforce('bob', 'data1', 'read')) self.assertFalse(e.enforce('bob', 'data1', 'write')) self.assertFalse(e.enforce('bob', 'data2', 'read')) self.assertTrue(e.enforce('bob', 'data2', 'write'))
def test_implicit_user_api(self): e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_with_hierarchy_policy.csv")) self.assertEqual(["alice"], e.get_implicit_users_for_permission("data1", "read")) self.assertEqual(["alice"], e.get_implicit_users_for_permission("data1", "write")) self.assertEqual(["alice"], e.get_implicit_users_for_permission("data2", "read")) self.assertEqual(["alice", "bob"], e.get_implicit_users_for_permission("data2", "write"))
def test_enforce_implicit_roles_api(self): e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_with_hierarchy_policy.csv")) self.assertTrue( e.get_permissions_for_user('alice') == [["alice", "data1", "read"] ]) self.assertTrue( e.get_permissions_for_user('bob') == [["bob", "data2", "write"]]) self.assertTrue( e.get_implicit_roles_for_user('alice') == ['admin', 'data1_admin', 'data2_admin']) self.assertTrue(e.get_implicit_roles_for_user('bob') == [])
def test_enforce_implicit_permissions_api_with_domain(self): e = get_enforcer( get_examples("rbac_with_domains_model.conf"), get_examples("rbac_with_hierarchy_with_domains_policy.csv")) self.assertTrue( e.get_roles_for_user_in_domain('alice', 'domain1') == ['role:global_admin']) self.assertTrue( e.get_implicit_roles_for_user('alice', 'domain1') == ['role:global_admin', 'role:reader', 'role:writer']) self.assertTrue( e.get_implicit_permissions_for_user('alice', 'domain1') == [['alice', 'domain1', 'data2', 'read'], ["role:reader", "domain1", "data1", "read"], ["role:writer", "domain1", "data1", "write"]]) self.assertTrue( e.get_implicit_permissions_for_user('bob', 'domain1') == [])
def test_enforce_get_users_in_domain(self): e = get_enforcer(get_examples("rbac_with_domains_model.conf"), get_examples("rbac_with_domains_policy.csv")) self.assertTrue( e.get_users_for_role_in_domain('admin', 'domain1') == ['alice']) self.assertTrue( e.get_users_for_role_in_domain('non_exist', 'domain1') == []) self.assertTrue( e.get_users_for_role_in_domain('admin', 'domain2') == ['bob']) self.assertTrue( e.get_users_for_role_in_domain('non_exist', 'domain2') == []) e.delete_roles_for_user_in_domain('alice', 'admin', 'domain1') e.add_role_for_user_in_domain('bob', 'admin', 'domain1') self.assertTrue( e.get_users_for_role_in_domain('admin', 'domain1') == ['bob']) self.assertTrue( e.get_users_for_role_in_domain('non_exist', 'domain1') == []) self.assertTrue( e.get_users_for_role_in_domain('admin', 'domain2') == ['bob']) self.assertTrue( e.get_users_for_role_in_domain('non_exist', 'domain2') == [])
def test_modify_policy_api(self): e = get_enforcer( get_examples("rbac_model.conf"), get_examples("rbac_policy.csv"), # True, ) self.assertEqual(e.get_policy(), [ ['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write'], ]) e.add_policy('eve', 'data3', 'read') e.add_named_policy('p', ['eve', 'data3', 'write']) self.assertEqual(e.get_policy(), [ ['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write'], ['eve', 'data3', 'read'], ['eve', 'data3', 'write'], ])
def test_modify_policy_api(self): e = get_enforcer( get_examples("rbac_model.conf"), get_examples("rbac_policy.csv"), # True, ) self.assertEqual(e.get_policy(), [ ['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write'], ]) e.add_policy('eve', 'data3', 'read') e.add_named_policy('p', ['eve', 'data3', 'write']) self.assertEqual(e.get_policy(), [ ['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write'], ['eve', 'data3', 'read'], ['eve', 'data3', 'write'], ]) rules = { ["jack", "data4", "read"], ["jack", "data4", "read"], ["jack", "data4", "read"], ["katy", "data4", "write"], ["leyo", "data4", "read"], ["katy", "data4", "write"], ["katy", "data4", "write"], ["ham", "data4", "write"], } e.add_policies(rules) e.add_named_policies('p', rules) self.assertEqual(e.get_policy(), [ ['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write'], ['eve', 'data3', 'read'], ['eve', 'data3', 'write'], ["jack", "data4", "read"], ["jack", "data4", "read"], ["jack", "data4", "read"], ["katy", "data4", "write"], ["leyo", "data4", "read"], ["katy", "data4", "write"], ["katy", "data4", "write"], ["ham", "data4", "write"], ]) e.remove_policies(rules) e.remove_named_policies('p', rules) self.assertEqual(e.get_policy(), [ ['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write'], ['eve', 'data3', 'read'], ['eve', 'data3', 'write'], ])
def test_get_permissions_for_user(self): e = get_enforcer(get_examples("basic_without_resources_model.conf"), get_examples("basic_without_resources_policy.csv")) self.assertEqual(e.get_permissions_for_user('alice'), [['alice', 'read']])
def test_delete_user(self): e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) e.delete_user('alice') self.assertEqual(e.get_roles_for_user('alice'), [])
def test_has_role_for_user(self): e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) self.assertTrue(e.has_role_for_user('alice', 'data2_admin')) self.assertFalse(e.has_role_for_user('alice', 'data1_admin'))
def test_get_users_for_role(self): e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) self.assertEqual(e.get_users_for_role('data2_admin'), ['alice'])