Skip to content

Commit d201f5b

Browse files
liewstarliewstar
authored
feat: add RBAC APIs (#19)
1 parent c0a9668 commit d201f5b

9 files changed

+171
-2
lines changed

examples/basic_without_resources_model.conf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
[request_definition]
2+
r = sub, act
3+
4+
[policy_definition]
5+
p = sub, act
6+
7+
[policy_effect]
8+
e = some(where (p.eft == allow))
9+
10+
[matchers]
11+
m = r.sub == p.sub && r.act == p.act

examples/basic_without_resources_policy.csv

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
p, alice, read
2+
p, bob, write

examples/keymatch_model.conf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
[request_definition]
2+
r = sub, obj, act
3+
4+
[policy_definition]
5+
p = sub, obj, act
6+
7+
[policy_effect]
8+
e = some(where (p.eft == allow))
9+
10+
[matchers]
11+
m = r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)

examples/rbac_with_hierarchy_policy.csv

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
p, alice, data1, read
2+
p, bob, data2, write
3+
p, data1_admin, data1, read
4+
p, data1_admin, data1, write
5+
p, data2_admin, data2, read
6+
p, data2_admin, data2, write
7+
g, alice, admin
8+
g, admin, data1_admin
9+
g, admin, data2_admin

examples/rbac_with_multiple_policy_model.conf

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
[request_definition]
2+
r = user, thing, action
3+
4+
[policy_definition]
5+
p = role, thing, action
6+
p2 = role, action
7+
8+
[policy_effect]
9+
e = some(where (p.eft == allow))
10+
11+
[matchers]
12+
m = g(r.user, p.role) && r.thing == p.thing && r.action == p.action
13+
m2 = g(r.user, p2.role) && r.action == p.action
14+
15+
[role_definition]
16+
g = _,_

examples/rbac_with_multiple_policy_policy.csv

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
p, user, /data, GET
2+
p, admin, /data, POST
3+
p2, user, view
4+
p2, admin, create
5+
g, admin, user
6+
g, alice, admin

examples/rbac_with_pattern_model.conf

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
[request_definition]
2+
r = sub, obj, act
3+
4+
[policy_definition]
5+
p = sub, obj, act
6+
7+
[role_definition]
8+
g = _, _
9+
g2 = _, _
10+
11+
[policy_effect]
12+
e = some(where (p.eft == allow))
13+
14+
[matchers]
15+
m = g(r.sub, p.sub) && g2(r.obj, p.obj) && regexMatch(r.act, p.act)

examples/rbac_with_pattern_policy.csv

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
p, alice, /pen/1, GET
2+
p, alice, /pen2/1, GET
3+
p, book_admin, book_group, GET
4+
p, pen_admin, pen_group, GET
5+
p, *, pen3_group, GET
6+
p, /book/admin/:id, pen4_group, GET
7+
p, /book/leader/2, pen4_group, POST
8+
g, /book/user/:id, /book/admin/1
9+
g, /book/user/:id, /book/leader/2
10+
g, alice, book_admin
11+
g, bob, pen_admin
12+
g, cathy, /book/1/2/3/4/5
13+
g, cathy, pen_admin
14+
g2, /book/*, book_group
15+
g2, /book/:id, book_group
16+
g2, /pen/:id, pen_group
17+
g2, /book2/{id}, book_group
18+
g2, /pen2/{id}, pen_group
19+
g2, /pen3/:id, pen3_group
20+
g2, /pen4/:id, pen4_group

src/test/java/org/casbin/ClientTest.java

Lines changed: 81 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,10 @@
33
import org.apache.commons.cli.ParseException;
44
import org.junit.Test;
55

6+
import java.io.File;
7+
import java.io.FileWriter;
8+
import java.io.IOException;
9+
610
import static org.junit.Assert.assertEquals;
711

812
public class ClientTest {
@@ -112,7 +116,7 @@ public void testCustomFunction() throws ParseException {
112116
assertEquals(Client.run(new String[]{"enforce", "-m", model, "-p", "examples/keymatch_policy.csv", "-AF", func, "cathy", "/cathy_data", "POST"}), "{\"allow\":true,\"explain\":null}");
113117
assertEquals(Client.run(new String[]{"enforce", "-m", model, "-p", "examples/keymatch_policy.csv", "-AF", func, "cathy", "/cathy_data", "DELETE"}), "{\"allow\":false,\"explain\":null}");
114118

115-
}
119+
}
116120

117121
@Test
118122
public void testEnforce() {
@@ -216,7 +220,6 @@ public void testManagementApi() {
216220

217221
assertEquals(Client.run(new String[]{"updatePolicy", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice,data1,write","alice,data1,read"}), "{\"allow\":true,\"explain\":null}");
218222

219-
220223
assertEquals(Client.run(new String[]{"updateNamedGroupingPolicy", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "g", "alice,data2_admin","admin,data4_admin"}), "{\"allow\":true,\"explain\":null}");
221224

222225
assertEquals(Client.run(new String[]{"updateNamedGroupingPolicy", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "g", "admin,data4_admin","alice,data2_admin"}), "{\"allow\":true,\"explain\":null}");
@@ -235,4 +238,80 @@ public void testManagementApi() {
235238

236239
}
237240

241+
@Test
242+
public void testRBACApi () {
243+
assertEquals(Client.run(new String[]{"getRolesForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice"}), "{\"allow\":null,\"explain\":[\"data2_admin\"]}");
244+
245+
assertEquals(Client.run(new String[]{"getUsersForRole", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "data2_admin"}), "{\"allow\":null,\"explain\":[\"alice\"]}");
246+
247+
assertEquals(Client.run(new String[]{"hasRoleForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice", "data2_admin"}), "{\"allow\":true,\"explain\":null}");
248+
249+
assertEquals(Client.run(new String[]{"deleteRoleForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice", "data2_admin"}), "{\"allow\":true,\"explain\":null}");
250+
resetRBACPolicyFile();
251+
252+
assertEquals(Client.run(new String[]{"deleteRolesForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice"}), "{\"allow\":true,\"explain\":null}");
253+
resetRBACPolicyFile();
254+
255+
assertEquals(Client.run(new String[]{"deleteUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice"}), "{\"allow\":true,\"explain\":null}");
256+
resetRBACPolicyFile();
257+
258+
assertEquals(Client.run(new String[]{"deleteRole", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "data2_admin"}), "{\"allow\":null,\"explain\":null}");
259+
resetRBACPolicyFile();
260+
261+
assertEquals(Client.run(new String[]{"deletePermission", "-m", "examples/basic_without_resources_model.conf", "-p", "examples/basic_without_resources_policy.csv", "read"}), "{\"allow\":true,\"explain\":null}");
262+
resetBasicWithResourcesPolicyFile();
263+
264+
assertEquals(Client.run(new String[]{"addPermissionForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "bob", "read"}), "{\"allow\":true,\"explain\":null}");
265+
266+
assertEquals(Client.run(new String[]{"deletePermissionForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "bob", "read"}), "{\"allow\":true,\"explain\":null}");
267+
268+
assertEquals(Client.run(new String[]{"deletePermissionsForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice"}), "{\"allow\":true,\"explain\":null}");
269+
resetRBACPolicyFile();
270+
271+
assertEquals(Client.run(new String[]{"hasPermissionForUser", "-m", "examples/basic_without_resources_model.conf", "-p", "examples/basic_without_resources_policy.csv", "alice", "read"}), "{\"allow\":true,\"explain\":null}");
272+
273+
assertEquals(Client.run(new String[]{"getImplicitUsersForRole", "-m", "examples/rbac_with_pattern_model.conf", "-p", "examples/rbac_with_pattern_policy.csv", "book_admin"}), "{\"allow\":null,\"explain\":[\"alice\"]}");
274+
275+
assertEquals(Client.run(new String[]{"getImplicitPermissionsForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_with_hierarchy_policy.csv", "alice"}), "{\"allow\":null,\"explain\":[[\"alice\",\"data1\",\"read\"],[\"data1_admin\",\"data1\",\"read\"],[\"data1_admin\",\"data1\",\"write\"],[\"data2_admin\",\"data2\",\"read\"],[\"data2_admin\",\"data2\",\"write\"]]}");
276+
277+
278+
assertEquals(Client.run(new String[]{"getNamedImplicitPermissionsForUser", "-m", "examples/rbac_with_multiple_policy_model.conf", "-p", "examples/rbac_with_multiple_policy_policy.csv", "p2", "alice"}), "{\"allow\":null,\"explain\":[[\"admin\",\"create\"],[\"user\",\"view\"]]}");
279+
280+
281+
282+
283+
284+
285+
286+
}
287+
288+
289+
public void resetRBACPolicyFile() {
290+
File file = new File("examples/rbac_policy.csv");
291+
try {
292+
FileWriter writer = new FileWriter(file);
293+
writer.write("p, alice, data1, read\n");
294+
writer.write("p, bob, data2, write\n");
295+
writer.write("p, data2_admin, data2, read\n");
296+
writer.write("p, data2_admin, data2, write\n");
297+
writer.write("g, alice, data2_admin");
298+
writer.close();
299+
} catch (IOException e) {
300+
e.printStackTrace();
301+
}
302+
}
303+
304+
public void resetBasicWithResourcesPolicyFile() {
305+
File file = new File("examples/basic_without_resources_policy.csv");
306+
try {
307+
FileWriter writer = new FileWriter(file);
308+
writer.write("p, alice, read\n");
309+
writer.write("p, bob, write");
310+
writer.close();
311+
} catch (IOException e) {
312+
e.printStackTrace();
313+
}
314+
}
315+
316+
238317
}

0 commit comments

Comments
 (0)