def test_delete_permission_for_user(self): e = get_enforcer(get_examples("basic_without_resources_model.conf"), get_examples("basic_without_resources_policy.csv")) e.add_permission_for_user('bob', 'read') self.assertTrue(e.enforce('bob', 'read')) e.delete_permission_for_user('bob', 'read') self.assertFalse(e.enforce('bob', 'read')) self.assertTrue(e.enforce('bob', 'write'))
def test_filtered_policy_invalid_filter(self): adapter = casbin.persist.adapters.FilteredAdapter( get_examples("rbac_with_domains_policy.csv")) e = casbin.Enforcer(get_examples("rbac_with_domains_model.conf"), adapter) filter = ["", "domain1"] with self.assertRaises(RuntimeError): e.load_filtered_policy(filter)
def test_benchmark_rbac_model(self): e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) time = 10000 start = datetime.datetime.now() for i in range(0, time): e.enforce("alice", "data2", "read") end = datetime.datetime.now() print_time_diff(start, end, time)
def test_delete_role_for_user(self): e = get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) e.add_role_for_user('alice', 'data1_admin') self.assertEqual(e.get_roles_for_user('alice'), ['data2_admin', 'data1_admin']) e.delete_role_for_user('alice', 'data1_admin') self.assertEqual(e.get_roles_for_user('alice'), ['data2_admin'])
def test_has_permission_for_user(self): e = self.get_enforcer( get_examples("basic_without_resources_model.conf"), get_examples("basic_without_resources_policy.csv"), ) self.assertTrue(e.has_permission_for_user("alice", *["read"])) self.assertFalse(e.has_permission_for_user("alice", *["write"])) self.assertFalse(e.has_permission_for_user("bob", *["read"])) self.assertTrue(e.has_permission_for_user("bob", *["write"]))
def test_add_permission_for_user(self): e = self.get_enforcer( get_examples("basic_without_resources_model.conf"), get_examples("basic_without_resources_policy.csv"), ) e.delete_permission("read") e.add_permission_for_user("bob", "read") self.assertTrue(e.enforce("bob", "read")) self.assertTrue(e.enforce("bob", "write"))
def test_unsupported_filtered_policy(self): e = casbin.Enforcer( get_examples("rbac_with_domains_model.conf"), get_examples("rbac_with_domains_policy.csv"), ) filter = Filter() filter.P = ["", "domain1"] filter.G = ["", "", "domain1"] with self.assertRaises(ValueError): e.load_filtered_policy(filter)
def test_modify_policy_api(self): e = self.get_enforcer( get_examples("rbac_model.conf"), get_examples("rbac_policy.csv"), # True, ) self.assertEqual(e.get_policy(), [ ['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write'], ]) e.add_policy('eve', 'data3', 'read') e.add_named_policy('p', ['eve', 'data3', 'write']) self.assertEqual(e.get_policy(), [ ['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write'], ['eve', 'data3', 'read'], ['eve', 'data3', 'write'], ]) rules = [['jack', 'data4', 'read'], ['katy', 'data4', 'write'], ['leyo', 'data4', 'read'], ['ham', 'data4', 'write']] named_policies = [['jack', 'data4', 'write'], ['katy', 'data4', 'read'], ['leyo', 'data4', 'write'], ['ham', 'data4', 'read']] e.add_policies(rules) e.add_named_policies('p', named_policies) self.assertEqual( e.get_policy(), [['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], [ 'data2_admin', 'data2', 'write' ], ['eve', 'data3', 'read'], ['eve', 'data3', 'write'], ["jack", "data4", "read"], ["katy", "data4", "write"], ["leyo", "data4", "read"], ["ham", "data4", "write"], ['jack', 'data4', 'write'], ['katy', 'data4', 'read'], ['leyo', 'data4', 'write'], ['ham', 'data4', 'read']]) e.remove_policies(rules) e.remove_named_policies('p', named_policies) self.assertEqual(e.get_policy(), [ ['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write'], ['eve', 'data3', 'read'], ['eve', 'data3', 'write'], ])
def test_get_list(self): e = self.get_enforcer( get_examples("rbac_model.conf"), get_examples("rbac_policy.csv"), # True, ) self.assertEqual(e.get_all_subjects(), ["alice", "bob", "data2_admin"]) self.assertEqual(e.get_all_objects(), ["data1", "data2"]) self.assertEqual(e.get_all_actions(), ["read", "write"]) self.assertEqual(e.get_all_roles(), ["data2_admin"])
def test_get_list(self): e = self.get_enforcer( get_examples("rbac_model.conf"), get_examples("rbac_policy.csv"), # True, ) self.assertEqual(e.get_all_subjects(), ['alice', 'bob', 'data2_admin']) self.assertEqual(e.get_all_objects(), ['data1', 'data2']) self.assertEqual(e.get_all_actions(), ['read', 'write']) self.assertEqual(e.get_all_roles(), ['data2_admin'])
def test_delete_role_for_user(self): e = self.get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) e.add_role_for_user("alice", "data1_admin") self.assertEqual( sorted(e.get_roles_for_user("alice")), sorted(["data2_admin", "data1_admin"]), ) e.delete_role_for_user("alice", "data1_admin") self.assertEqual(e.get_roles_for_user("alice"), ["data2_admin"])
def test_enforce_implicit_roles_with_domain(self): e = self.get_enforcer( get_examples("rbac_with_domains_model.conf"), get_examples("rbac_with_hierarchy_with_domains_policy.csv")) self.assertTrue( e.get_roles_for_user_in_domain('alice', 'domain1') == ['role:global_admin']) self.assertTrue( e.get_implicit_roles_for_user('alice', 'domain1') == ["role:global_admin", "role:reader", "role:writer"])
def test_delete_role(self): e = self.get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) e.delete_role('data2_admin') self.assertTrue(e.enforce('alice', 'data1', 'read')) self.assertFalse(e.enforce('alice', 'data1', 'write')) self.assertFalse(e.enforce('alice', 'data2', 'read')) self.assertFalse(e.enforce('alice', 'data2', 'write')) self.assertFalse(e.enforce('bob', 'data1', 'read')) self.assertFalse(e.enforce('bob', 'data1', 'write')) self.assertFalse(e.enforce('bob', 'data2', 'read')) self.assertTrue(e.enforce('bob', 'data2', 'write'))
def test_delete_role(self): e = self.get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_policy.csv")) e.delete_role("data2_admin") self.assertTrue(e.enforce("alice", "data1", "read")) self.assertFalse(e.enforce("alice", "data1", "write")) self.assertFalse(e.enforce("alice", "data2", "read")) self.assertFalse(e.enforce("alice", "data2", "write")) self.assertFalse(e.enforce("bob", "data1", "read")) self.assertFalse(e.enforce("bob", "data1", "write")) self.assertFalse(e.enforce("bob", "data2", "read")) self.assertTrue(e.enforce("bob", "data2", "write"))
def test_implicit_user_api(self): e = self.get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_with_hierarchy_policy.csv")) self.assertEqual(["alice"], e.get_implicit_users_for_permission("data1", "read")) self.assertEqual(["alice"], e.get_implicit_users_for_permission("data1", "write")) self.assertEqual(["alice"], e.get_implicit_users_for_permission("data2", "read")) self.assertEqual(["alice", "bob"], e.get_implicit_users_for_permission("data2", "write"))
def test_enforce_implicit_roles_with_domain(self): e = self.get_enforcer( get_examples("rbac_with_domains_model.conf"), get_examples("rbac_with_hierarchy_with_domains_policy.csv"), ) self.assertEqual(e.get_roles_for_user_in_domain("alice", "domain1"), ["role:global_admin"]) self.assertEqual( sorted(e.get_implicit_roles_for_user("alice", "domain1")), sorted(["role:global_admin", "role:reader", "role:writer"]), )
def test_update_policies(self): m = Model() m.load_model(get_examples("basic_model.conf")) old_rules = [ ["admin", "domain1", "data1", "read"], ["admin", "domain1", "data2", "read"], ["admin", "domain1", "data3", "read"], ] new_rules = [ ["admin", "domain1", "data4", "read"], ["admin", "domain1", "data5", "read"], ["admin", "domain1", "data6", "read"], ] m.add_policies("p", "p", old_rules) for old_rule in old_rules: self.assertTrue(m.has_policy("p", "p", old_rule)) m.update_policies("p", "p", old_rules, new_rules) for old_rule in old_rules: self.assertFalse(m.has_policy("p", "p", old_rule)) for new_rule in new_rules: self.assertTrue(m.has_policy("p", "p", new_rule)) m = Model() m.load_model(get_examples("priority_model_explicit.conf")) old_rules = [ ["1", "admin", "data1", "read", "allow"], ["1", "admin", "data2", "read", "allow"], ["1", "admin", "data3", "read", "allow"], ] new_rules = [ ["1", "admin", "data4", "read", "allow"], ["1", "admin", "data5", "read", "allow"], ["1", "admin", "data6", "read", "allow"], ] m.add_policies("p", "p", old_rules) for old_rule in old_rules: self.assertTrue(m.has_policy("p", "p", old_rule)) m.update_policies("p", "p", old_rules, new_rules) for old_rule in old_rules: self.assertFalse(m.has_policy("p", "p", old_rule)) for new_rule in new_rules: self.assertTrue(m.has_policy("p", "p", new_rule))
def test_enforce_implicit_roles_api(self): e = self.get_enforcer(get_examples("rbac_model.conf"), get_examples("rbac_with_hierarchy_policy.csv")) self.assertTrue( e.get_permissions_for_user('alice') == [["alice", "data1", "read"] ]) self.assertTrue( e.get_permissions_for_user('bob') == [["bob", "data2", "write"]]) self.assertTrue( e.get_implicit_roles_for_user('alice') == ['admin', 'data1_admin', 'data2_admin']) self.assertTrue(e.get_implicit_roles_for_user('bob') == [])
def test_get_policy_multiple_matching_functions(self): e = self.get_enforcer( get_examples("rbac_with_domain_and_policy_pattern_model.conf"), get_examples("rbac_with_domain_and_policy_pattern_policy.csv"), ) self.assertEqual( e.get_policy(), [ ["admin", "domain.*", "data1", "read"], ["user", "domain.*", "data3", "read"], ["user", "domain.1", "data2", "read"], ["user", "domain.1", "data2", "write"], ], ) km2_fn = casbin.util.key_match2_func self.assertEqual( sorted( e.get_filtered_policy(1, partial(km2_fn, "domain.2"), lambda a: "data" in a)), sorted([ ["admin", "domain.*", "data1", "read"], ["user", "domain.*", "data3", "read"], ]), ) self.assertEqual( sorted( e.get_filtered_policy(1, partial(km2_fn, "domain.1"), lambda a: "data" in a, "read")), sorted([ ["admin", "domain.*", "data1", "read"], ["user", "domain.1", "data2", "read"], ["user", "domain.*", "data3", "read"], ]), ) self.assertEqual( sorted( e.get_filtered_policy(1, partial(km2_fn, "domain.1"), "", "reading".startswith)), sorted([ ["admin", "domain.*", "data1", "read"], ["user", "domain.1", "data2", "read"], ["user", "domain.*", "data3", "read"], ]), )
def test_filtered_adapter_empty_filepath(self): adapter = casbin.persist.adapters.FilteredAdapter("") e = casbin.Enforcer(get_examples("rbac_with_domains_model.conf"), adapter) with self.assertRaises(RuntimeError): e.load_filtered_policy(None)
def test_update_filtered_policies(self): e = casbin.Enforcer( get_examples("rbac_model.conf"), get_examples("rbac_policy.csv"), ) e.update_filtered_policies( [ ["data2_admin", "data3", "read"], ["data2_admin", "data3", "write"], ], 0, "data2_admin", ) self.assertTrue(e.enforce("data2_admin", "data3", "write")) self.assertTrue(e.enforce("data2_admin", "data3", "read"))
def test_has_policy(self): m = Model() m.load_model(get_examples("basic_model.conf")) rule = ["admin", "domain1", "data1", "read"] m.add_policy("p", "p", rule) self.assertTrue(m.has_policy("p", "p", rule))
def test_get_policy_matching_function(self): e = self.get_enforcer( get_examples("rbac_with_domain_and_policy_pattern_model.conf"), get_examples("rbac_with_domain_and_policy_pattern_policy.csv"), ) self.assertEqual( e.get_policy(), [ ["admin", "domain.*", "data1", "read"], ["user", "domain.*", "data3", "read"], ["user", "domain.1", "data2", "read"], ["user", "domain.1", "data2", "write"], ], ) km2_fn = casbin.util.key_match2_func self.assertEqual( e.get_filtered_grouping_policy(2, partial(km2_fn, "domain.3")), [["alice", "user", "*"], ["bob", "admin", "domain.3"]], ) self.assertEqual( e.get_filtered_grouping_policy(2, partial(km2_fn, "domain.1")), [["alice", "user", "*"]], ) # first and second p record matches to domain.3 self.assertEqual( e.get_filtered_policy(1, partial(km2_fn, "domain.3")), [ ["admin", "domain.*", "data1", "read"], ["user", "domain.*", "data3", "read"], ], ) self.assertEqual( sorted( e.get_filtered_policy(1, partial(km2_fn, "domain.1"), "", "read")), sorted([ ["admin", "domain.*", "data1", "read"], ["user", "domain.1", "data2", "read"], ["user", "domain.*", "data3", "read"], ]), )
def test_has_policy(self): m = Model() m.load_model(get_examples("basic_model.conf")) rule = ['admin', 'domain1', 'data1', 'read'] m.add_policy('p', 'p', rule) self.assertTrue(m.has_policy('p', 'p', rule))
def test_get_policy_api(self): e = self.get_enforcer( get_examples("rbac_model.conf"), get_examples("rbac_policy.csv"), ) self.assertEqual(e.get_policy(), [ ['alice', 'data1', 'read'], ['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write'], ]) self.assertEqual(e.get_filtered_policy(0, 'alice'), [['alice', 'data1', 'read']]) self.assertEqual(e.get_filtered_policy(0, 'bob'), [['bob', 'data2', 'write']]) self.assertEqual(e.get_filtered_policy(0, 'data2_admin'), [['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write']]) self.assertEqual(e.get_filtered_policy(1, 'data1'), [['alice', 'data1', 'read']]) self.assertEqual(e.get_filtered_policy(1, 'data2'), [['bob', 'data2', 'write'], ['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write']]) self.assertEqual(e.get_filtered_policy(2, 'read'), [['alice', 'data1', 'read'], ['data2_admin', 'data2', 'read']]) self.assertEqual(e.get_filtered_policy(2, 'write'), [['bob', 'data2', 'write'], ['data2_admin', 'data2', 'write']]) self.assertEqual(e.get_filtered_policy(0, 'data2_admin', 'data2'), [['data2_admin', 'data2', 'read'], ['data2_admin', 'data2', 'write']]) # Note: "" (empty string) in fieldValues means matching all values. self.assertEqual(e.get_filtered_policy(0, 'data2_admin', '', 'read'), [['data2_admin', 'data2', 'read']]) self.assertEqual(e.get_filtered_policy(1, 'data2', 'write'), [['bob', 'data2', 'write'], ['data2_admin', 'data2', 'write']]) self.assertTrue(e.has_policy(['alice', 'data1', 'read'])) self.assertTrue(e.has_policy(['bob', 'data2', 'write'])) self.assertFalse(e.has_policy(['alice', 'data2', 'read'])) self.assertFalse(e.has_policy(['bob', 'data3', 'write'])) self.assertEqual(e.get_grouping_policy(), [['alice', 'data2_admin']]) self.assertEqual(e.get_filtered_grouping_policy(0, 'alice'), [['alice', 'data2_admin']]) self.assertEqual(e.get_filtered_grouping_policy(0, 'bob'), []) self.assertEqual(e.get_filtered_grouping_policy(1, 'data1_admin'), []) self.assertEqual(e.get_filtered_grouping_policy(1, 'data2_admin'), [['alice', 'data2_admin']]) # Note: "" (empty string) in fieldValues means matching all values. self.assertEqual(e.get_filtered_grouping_policy(0, '', 'data2_admin'), [['alice', 'data2_admin']]) self.assertTrue(e.has_grouping_policy(['alice', 'data2_admin'])) self.assertFalse(e.has_grouping_policy(['bob', 'data2_admin']))
def test_casbin_js_get_permission_for_user(self): e = casbin.SyncedEnforcer( get_examples("rbac_model.conf"), get_examples("rbac_with_hierarchy_policy.csv"), ) received = json.loads(casbin.casbin_js_get_permission_for_user(e, "alice")) with open(get_examples("rbac_model.conf"), "r") as file: expected_model_str = file.read() self.assertEqual(received["m"], re.sub("\n+", "\n", expected_model_str)) with open(get_examples("rbac_with_hierarchy_policy.csv"), "r") as file: expected_policies_str = file.read() expected_policy_item = re.split(r",|\n", expected_policies_str) i = 0 for s_arr in received["p"]: for s in s_arr: self.assertEqual(s.strip(), expected_policy_item[i].strip()) i += 1
def test_domain_match_model(self): e = self.get_enforcer( get_examples("rbac_with_domain_pattern_model.conf"), get_examples("rbac_with_domain_pattern_policy.csv"), ) e.get_role_manager().add_domain_matching_func( casbin.util.key_match2_func) self.assertTrue(e.enforce("alice", "domain1", "data1", "read")) self.assertTrue(e.enforce("alice", "domain1", "data1", "write")) self.assertFalse(e.enforce("alice", "domain1", "data2", "read")) self.assertFalse(e.enforce("alice", "domain1", "data2", "write")) self.assertTrue(e.enforce("alice", "domain2", "data2", "read")) self.assertTrue(e.enforce("alice", "domain2", "data2", "write")) self.assertFalse(e.enforce("bob", "domain2", "data1", "read")) self.assertFalse(e.enforce("bob", "domain2", "data1", "write")) self.assertTrue(e.enforce("bob", "domain2", "data2", "read")) self.assertTrue(e.enforce("bob", "domain2", "data2", "write"))
def test_enforce_implicit_permissions_api_with_domain(self): e = self.get_enforcer( get_examples("rbac_with_domains_model.conf"), get_examples("rbac_with_hierarchy_with_domains_policy.csv")) self.assertTrue( e.get_roles_for_user_in_domain('alice', 'domain1') == ['role:global_admin']) self.assertTrue( e.get_implicit_roles_for_user('alice', 'domain1') == ['role:global_admin', 'role:reader', 'role:writer']) self.assertTrue( e.get_implicit_permissions_for_user('alice', 'domain1') == [['alice', 'domain1', 'data2', 'read'], ["role:reader", "domain1", "data1", "read"], ["role:writer", "domain1", "data1", "write"]]) self.assertTrue( e.get_implicit_permissions_for_user('bob', 'domain1') == [])
def test_filtered_policy_empty_filter(self): adapter = casbin.persist.adapters.FilteredAdapter( get_examples("rbac_with_domains_policy.csv")) e = casbin.Enforcer(get_examples("rbac_with_domains_model.conf"), adapter) try: e.load_filtered_policy(None) except: raise RuntimeError("unexpected error in LoadFilteredPolicy") if e.is_filtered(): raise RuntimeError( "adapter did not reset the filtered flag correctly") try: e.save_policy() except: raise RuntimeError("unexpected error in SavePolicy")
def test_enforce_get_roles_with_domain(self): e = self.get_enforcer( get_examples("rbac_with_domains_model.conf"), get_examples("rbac_with_domains_policy.csv"), ) self.assertEqual(e.get_roles_for_user_in_domain("alice", "domain1"), ["admin"]) self.assertEqual(e.get_roles_for_user_in_domain("bob", "domain1"), []) self.assertEqual(e.get_roles_for_user_in_domain("admin", "domain1"), []) self.assertEqual( e.get_roles_for_user_in_domain("non_exist", "domain1"), []) self.assertEqual(e.get_roles_for_user_in_domain("alice", "domain2"), []) self.assertEqual(e.get_roles_for_user_in_domain("bob", "domain2"), ["admin"]) self.assertEqual(e.get_roles_for_user_in_domain("admin", "domain2"), []) self.assertEqual( e.get_roles_for_user_in_domain("non_exist", "domain2"), []) e.delete_roles_for_user_in_domain("alice", "admin", "domain1") e.add_role_for_user_in_domain("bob", "admin", "domain1") self.assertEqual(e.get_roles_for_user_in_domain("alice", "domain1"), []) self.assertEqual(e.get_roles_for_user_in_domain("bob", "domain1"), ["admin"]) self.assertEqual(e.get_roles_for_user_in_domain("admin", "domain1"), []) self.assertEqual( e.get_roles_for_user_in_domain("non_exist", "domain1"), []) self.assertEqual(e.get_roles_for_user_in_domain("alice", "domain2"), []) self.assertEqual(e.get_roles_for_user_in_domain("bob", "domain2"), ["admin"]) self.assertEqual(e.get_roles_for_user_in_domain("admin", "domain2"), []) self.assertEqual( e.get_roles_for_user_in_domain("non_exist", "domain2"), [])