Skip to content

Commit

Permalink
feat: add RBAC APIs (#19)
Browse files Browse the repository at this point in the history
  • Loading branch information
liewstar authored Nov 11, 2024
1 parent c0a9668 commit d201f5b
Show file tree
Hide file tree
Showing 9 changed files with 171 additions and 2 deletions.
11 changes: 11 additions & 0 deletions examples/basic_without_resources_model.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[request_definition]
r = sub, act

[policy_definition]
p = sub, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub && r.act == p.act
2 changes: 2 additions & 0 deletions examples/basic_without_resources_policy.csv
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
p, alice, read
p, bob, write
11 changes: 11 additions & 0 deletions examples/keymatch_model.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
9 changes: 9 additions & 0 deletions examples/rbac_with_hierarchy_policy.csv
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
p, alice, data1, read
p, bob, data2, write
p, data1_admin, data1, read
p, data1_admin, data1, write
p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, admin
g, admin, data1_admin
g, admin, data2_admin
16 changes: 16 additions & 0 deletions examples/rbac_with_multiple_policy_model.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
[request_definition]
r = user, thing, action

[policy_definition]
p = role, thing, action
p2 = role, action

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.user, p.role) && r.thing == p.thing && r.action == p.action
m2 = g(r.user, p2.role) && r.action == p.action

[role_definition]
g = _,_
6 changes: 6 additions & 0 deletions examples/rbac_with_multiple_policy_policy.csv
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
p, user, /data, GET
p, admin, /data, POST
p2, user, view
p2, admin, create
g, admin, user
g, alice, admin
15 changes: 15 additions & 0 deletions examples/rbac_with_pattern_model.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && g2(r.obj, p.obj) && regexMatch(r.act, p.act)
20 changes: 20 additions & 0 deletions examples/rbac_with_pattern_policy.csv
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
p, alice, /pen/1, GET
p, alice, /pen2/1, GET
p, book_admin, book_group, GET
p, pen_admin, pen_group, GET
p, *, pen3_group, GET
p, /book/admin/:id, pen4_group, GET
p, /book/leader/2, pen4_group, POST
g, /book/user/:id, /book/admin/1
g, /book/user/:id, /book/leader/2
g, alice, book_admin
g, bob, pen_admin
g, cathy, /book/1/2/3/4/5
g, cathy, pen_admin
g2, /book/*, book_group
g2, /book/:id, book_group
g2, /pen/:id, pen_group
g2, /book2/{id}, book_group
g2, /pen2/{id}, pen_group
g2, /pen3/:id, pen3_group
g2, /pen4/:id, pen4_group
83 changes: 81 additions & 2 deletions src/test/java/org/casbin/ClientTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
import org.apache.commons.cli.ParseException;
import org.junit.Test;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;

import static org.junit.Assert.assertEquals;

public class ClientTest {
Expand Down Expand Up @@ -112,7 +116,7 @@ public void testCustomFunction() throws ParseException {
assertEquals(Client.run(new String[]{"enforce", "-m", model, "-p", "examples/keymatch_policy.csv", "-AF", func, "cathy", "/cathy_data", "POST"}), "{\"allow\":true,\"explain\":null}");
assertEquals(Client.run(new String[]{"enforce", "-m", model, "-p", "examples/keymatch_policy.csv", "-AF", func, "cathy", "/cathy_data", "DELETE"}), "{\"allow\":false,\"explain\":null}");

}
}

@Test
public void testEnforce() {
Expand Down Expand Up @@ -216,7 +220,6 @@ public void testManagementApi() {

assertEquals(Client.run(new String[]{"updatePolicy", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice,data1,write","alice,data1,read"}), "{\"allow\":true,\"explain\":null}");


assertEquals(Client.run(new String[]{"updateNamedGroupingPolicy", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "g", "alice,data2_admin","admin,data4_admin"}), "{\"allow\":true,\"explain\":null}");

assertEquals(Client.run(new String[]{"updateNamedGroupingPolicy", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "g", "admin,data4_admin","alice,data2_admin"}), "{\"allow\":true,\"explain\":null}");
Expand All @@ -235,4 +238,80 @@ public void testManagementApi() {

}

@Test
public void testRBACApi () {
assertEquals(Client.run(new String[]{"getRolesForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice"}), "{\"allow\":null,\"explain\":[\"data2_admin\"]}");

assertEquals(Client.run(new String[]{"getUsersForRole", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "data2_admin"}), "{\"allow\":null,\"explain\":[\"alice\"]}");

assertEquals(Client.run(new String[]{"hasRoleForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice", "data2_admin"}), "{\"allow\":true,\"explain\":null}");

assertEquals(Client.run(new String[]{"deleteRoleForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice", "data2_admin"}), "{\"allow\":true,\"explain\":null}");
resetRBACPolicyFile();

assertEquals(Client.run(new String[]{"deleteRolesForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice"}), "{\"allow\":true,\"explain\":null}");
resetRBACPolicyFile();

assertEquals(Client.run(new String[]{"deleteUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice"}), "{\"allow\":true,\"explain\":null}");
resetRBACPolicyFile();

assertEquals(Client.run(new String[]{"deleteRole", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "data2_admin"}), "{\"allow\":null,\"explain\":null}");
resetRBACPolicyFile();

assertEquals(Client.run(new String[]{"deletePermission", "-m", "examples/basic_without_resources_model.conf", "-p", "examples/basic_without_resources_policy.csv", "read"}), "{\"allow\":true,\"explain\":null}");
resetBasicWithResourcesPolicyFile();

assertEquals(Client.run(new String[]{"addPermissionForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "bob", "read"}), "{\"allow\":true,\"explain\":null}");

assertEquals(Client.run(new String[]{"deletePermissionForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "bob", "read"}), "{\"allow\":true,\"explain\":null}");

assertEquals(Client.run(new String[]{"deletePermissionsForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_policy.csv", "alice"}), "{\"allow\":true,\"explain\":null}");
resetRBACPolicyFile();

assertEquals(Client.run(new String[]{"hasPermissionForUser", "-m", "examples/basic_without_resources_model.conf", "-p", "examples/basic_without_resources_policy.csv", "alice", "read"}), "{\"allow\":true,\"explain\":null}");

assertEquals(Client.run(new String[]{"getImplicitUsersForRole", "-m", "examples/rbac_with_pattern_model.conf", "-p", "examples/rbac_with_pattern_policy.csv", "book_admin"}), "{\"allow\":null,\"explain\":[\"alice\"]}");

assertEquals(Client.run(new String[]{"getImplicitPermissionsForUser", "-m", "examples/rbac_model.conf", "-p", "examples/rbac_with_hierarchy_policy.csv", "alice"}), "{\"allow\":null,\"explain\":[[\"alice\",\"data1\",\"read\"],[\"data1_admin\",\"data1\",\"read\"],[\"data1_admin\",\"data1\",\"write\"],[\"data2_admin\",\"data2\",\"read\"],[\"data2_admin\",\"data2\",\"write\"]]}");


assertEquals(Client.run(new String[]{"getNamedImplicitPermissionsForUser", "-m", "examples/rbac_with_multiple_policy_model.conf", "-p", "examples/rbac_with_multiple_policy_policy.csv", "p2", "alice"}), "{\"allow\":null,\"explain\":[[\"admin\",\"create\"],[\"user\",\"view\"]]}");







}


public void resetRBACPolicyFile() {
File file = new File("examples/rbac_policy.csv");
try {
FileWriter writer = new FileWriter(file);
writer.write("p, alice, data1, read\n");
writer.write("p, bob, data2, write\n");
writer.write("p, data2_admin, data2, read\n");
writer.write("p, data2_admin, data2, write\n");
writer.write("g, alice, data2_admin");
writer.close();
} catch (IOException e) {
e.printStackTrace();
}
}

public void resetBasicWithResourcesPolicyFile() {
File file = new File("examples/basic_without_resources_policy.csv");
try {
FileWriter writer = new FileWriter(file);
writer.write("p, alice, read\n");
writer.write("p, bob, write");
writer.close();
} catch (IOException e) {
e.printStackTrace();
}
}


}

0 comments on commit d201f5b

Please sign in to comment.