test(rbac): improve RBAC test coverage

Add more test related to RBAC functionality in enforcer.test.ts and rbacAPI.test.ts
casbin · Feb 20, 2020 · 454165e · 454165e
1 parent 7a18dc2
commit 454165e
Show file tree

Hide file tree

Showing 2 changed files with 169 additions and 0 deletions.
diff --git a/test/enforcer.test.ts b/test/enforcer.test.ts
@@ -139,6 +139,53 @@ test('TestRBACModelInMemory', async () => {
   await testEnforce(e, 'bob', 'data1', 'write', false);
   await testEnforce(e, 'bob', 'data2', 'read', false);
   await testEnforce(e, 'bob', 'data2', 'write', true);
+
+  await e.deletePermissionForUser('alice', 'data1', 'read');
+  await e.deletePermissionForUser('bob', 'data2', 'write');
+  await e.deletePermissionForUser('data2_admin', 'data2', 'read');
+  await e.deletePermissionForUser('data2_admin', 'data2', 'write');
+
+  await testEnforce(e, 'alice', 'data1', 'read', false);
+  await testEnforce(e, 'alice', 'data1', 'write', false);
+  await testEnforce(e, 'alice', 'data2', 'read', false);
+  await testEnforce(e, 'alice', 'data2', 'write', false);
+  await testEnforce(e, 'bob', 'data1', 'read', false);
+  await testEnforce(e, 'bob', 'data1', 'write', false);
+  await testEnforce(e, 'bob', 'data2', 'read', false);
+  await testEnforce(e, 'bob', 'data2', 'write', false);
+
+  await e.addPermissionForUser('bob', 'data2', 'write');
+  await e.addPermissionForUser('data2_admin', 'data2', 'read');
+  await e.addPermissionForUser('data2_admin', 'data2', 'write');
+  await e.addRoleForUser('alice', 'data2_admin');
+
+  await testEnforce(e, 'alice', 'data2', 'read', true);
+  await testEnforce(e, 'alice', 'data2', 'write', true);
+  await testEnforce(e, 'bob', 'data2', 'read', false);
+  await testEnforce(e, 'bob', 'data2', 'write', true);
+
+  await e.deletePermission('data2', 'write');
+
+  await testEnforce(e, 'alice', 'data2', 'read', true);
+  await testEnforce(e, 'alice', 'data2', 'write', false);
+  await testEnforce(e, 'bob', 'data2', 'read', false);
+  await testEnforce(e, 'bob', 'data2', 'write', false);
+
+  await e.addPermissionForUser('bob', 'data2', 'write');
+  await e.addPermissionForUser('data2_admin', 'data2', 'read');
+  await e.addPermissionForUser('data2_admin', 'data2', 'write');
+
+  await testEnforce(e, 'alice', 'data2', 'read', true);
+  await testEnforce(e, 'alice', 'data2', 'write', true);
+  await testEnforce(e, 'bob', 'data2', 'read', false);
+  await testEnforce(e, 'bob', 'data2', 'write', true);
+
+  await e.deletePermissionsForUser('data2_admin');
+
+  await testEnforce(e, 'alice', 'data2', 'read', false);
+  await testEnforce(e, 'alice', 'data2', 'write', false);
+  await testEnforce(e, 'bob', 'data2', 'read', false);
+  await testEnforce(e, 'bob', 'data2', 'write', true);
 });
 
 test('TestRBACModelInMemory2', async () => {

diff --git a/test/rbacAPI.test.ts b/test/rbacAPI.test.ts
@@ -14,6 +14,38 @@
 
 import { newEnforcer } from '../src';
 
+test('test getRolesForUser', async () => {
+  const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_with_hierarchy_policy.csv');
+  expect(await e.getRolesForUser('alice')).toEqual(['admin']);
+});
+
+test('test getRolesForUser with domain', async () => {
+  const e = await newEnforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_hierarchy_with_domains_policy.csv');
+  expect(await e.getRolesForUser('alice', 'domain1')).toEqual(['role:global_admin']);
+});
+
+test('test add/deleteRoleForUSer with domain', async () => {
+  const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_with_hierarchy_policy.csv');
+  expect(await e.getRolesForUser('bob')).toEqual([]);
+  expect(await e.addRoleForUser('bob', 'data1_admin')).toEqual(true);
+  expect(await e.hasRoleForUser('bob', 'data1_admin')).toEqual(true);
+  expect(await e.getUsersForRole('data1_admin')).toEqual(['admin', 'bob']);
+  expect(await e.deleteRoleForUser('bob', 'data1_admin')).toEqual(true);
+  expect(await e.hasRoleForUser('bob', 'role:global_admin')).toEqual(false);
+  expect(await e.getUsersForRole('data1_admin')).toEqual(['admin']);
+});
+
+test('test add/deleteRoleForUSer with domain', async () => {
+  const e = await newEnforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_hierarchy_with_domains_policy.csv');
+  expect(await e.getRolesForUser('bob', 'domain1')).toEqual([]);
+  expect(await e.addRoleForUser('bob', 'role:global_admin', 'domain1')).toEqual(true);
+  expect(await e.hasRoleForUser('bob', 'role:global_admin', 'domain1')).toEqual(true);
+  expect(await e.getUsersForRole('role:global_admin', 'domain1')).toEqual(['alice', 'bob']);
+  expect(await e.deleteRoleForUser('bob', 'role:global_admin', 'domain1')).toEqual(true);
+  expect(await e.hasRoleForUser('bob', 'role:global_admin', 'domain1')).toEqual(false);
+  expect(await e.getUsersForRole('role:global_admin', 'domain1')).toEqual(['alice']);
+});
+
 test('test getImplicitRolesForUser', async () => {
   const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_with_hierarchy_policy.csv');
   expect(await e.getImplicitRolesForUser('bob')).toEqual([]);
@@ -26,6 +58,70 @@ test('test getImplicitRolesForUser with domain', async () => {
 });
 
 test('test getImplicitPermissionsForUser', async () => {
+  const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_with_hierarchy_policy.csv');
+  expect(await e.hasPermissionForUser('bob', 'data2', 'write')).toEqual(true);
+  expect(await e.getImplicitPermissionsForUser('bob')).toEqual([['bob', 'data2', 'write']]);
+  expect(await e.hasPermissionForUser('alice', 'data1', 'read')).toEqual(true);
+  expect(await e.hasPermissionForUser('data1_admin', 'data1', 'read')).toEqual(true);
+  expect(await e.hasPermissionForUser('data1_admin', 'data1', 'write')).toEqual(true);
+  expect(await e.hasPermissionForUser('data2_admin', 'data2', 'read')).toEqual(true);
+  expect(await e.hasPermissionForUser('data2_admin', 'data2', 'write')).toEqual(true);
+  expect(await e.getImplicitPermissionsForUser('alice')).toEqual([
+    ['alice', 'data1', 'read'],
+    ['data1_admin', 'data1', 'read'],
+    ['data1_admin', 'data1', 'write'],
+    ['data2_admin', 'data2', 'read'],
+    ['data2_admin', 'data2', 'write']
+  ]);
+});
+
+test('test deleteRolesForUser', async () => {
+  const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_with_hierarchy_policy.csv');
+  expect(await e.hasPermissionForUser('bob', 'data2', 'write')).toEqual(true);
+  expect(await e.getImplicitPermissionsForUser('bob')).toEqual([['bob', 'data2', 'write']]);
+  expect(await e.getImplicitPermissionsForUser('alice')).toEqual([
+    ['alice', 'data1', 'read'],
+    ['data1_admin', 'data1', 'read'],
+    ['data1_admin', 'data1', 'write'],
+    ['data2_admin', 'data2', 'read'],
+    ['data2_admin', 'data2', 'write']
+  ]);
+  expect(await e.deleteRolesForUser('alice')).toEqual(true);
+  expect(await e.hasPermissionForUser('alice', 'data1', 'read')).toEqual(true);
+  expect(await e.getImplicitPermissionsForUser('alice')).toEqual([['alice', 'data1', 'read']]);
+  expect(await e.hasPermissionForUser('bob', 'data2', 'write')).toEqual(true);
+  expect(await e.getImplicitPermissionsForUser('bob')).toEqual([['bob', 'data2', 'write']]);
+  expect(await e.deleteRolesForUser('bob')).toEqual(false);
+  expect(await e.hasPermissionForUser('alice', 'data1', 'read')).toEqual(true);
+  expect(await e.getImplicitPermissionsForUser('alice')).toEqual([['alice', 'data1', 'read']]);
+  expect(await e.hasPermissionForUser('bob', 'data2', 'write')).toEqual(true);
+  expect(await e.getImplicitPermissionsForUser('bob')).toEqual([['bob', 'data2', 'write']]);
+});
+
+test('test deleteRolesForUser with domain', async () => {
+  const e = await newEnforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy.csv');
+  expect(await e.getImplicitRolesForUser('alice', 'domain1')).toEqual(['admin']);
+  expect(await e.getImplicitPermissionsForUser('alice', 'domain1')).toEqual([
+    ['admin', 'domain1', 'data1', 'read'],
+    ['admin', 'domain1', 'data1', 'write']
+  ]);
+  expect(await e.getImplicitPermissionsForUser('bob', 'domain2')).toEqual([
+    ['admin', 'domain2', 'data2', 'read'],
+    ['admin', 'domain2', 'data2', 'write']
+  ]);
+  expect(await e.deleteRolesForUser('alice', 'domain1')).toEqual(true);
+  expect(await e.getImplicitRolesForUser('alice', 'domain1')).toEqual([]);
+  expect(await e.getImplicitPermissionsForUser('alice', 'domain2')).toEqual([]);
+  expect(await e.getImplicitPermissionsForUser('bob', 'domain2')).toEqual([
+    ['admin', 'domain2', 'data2', 'read'],
+    ['admin', 'domain2', 'data2', 'write']
+  ]);
+  expect(await e.deleteRolesForUser('bob', 'domain1')).toEqual(false);
+  expect(await e.getImplicitPermissionsForUser('alice', 'domain2')).toEqual([]);
+  expect(await e.getImplicitPermissionsForUser('bob', 'domain1')).toEqual([]);
+});
+
+test('test deleteRole', async () => {
   const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_with_hierarchy_policy.csv');
   expect(await e.getImplicitPermissionsForUser('bob')).toEqual([['bob', 'data2', 'write']]);
   expect(await e.getImplicitPermissionsForUser('alice')).toEqual([
@@ -35,4 +131,30 @@ test('test getImplicitPermissionsForUser', async () => {
     ['data2_admin', 'data2', 'read'],
     ['data2_admin', 'data2', 'write']
   ]);
+  expect(await e.deleteRole('data1_admin')).toEqual(true);
+  expect(await e.getImplicitPermissionsForUser('alice')).toEqual([
+    ['alice', 'data1', 'read'],
+    ['data2_admin', 'data2', 'read'],
+    ['data2_admin', 'data2', 'write']
+  ]);
+  await e.deleteRole('data2_admin');
+  expect(await e.getImplicitPermissionsForUser('alice')).toEqual([['alice', 'data1', 'read']]);
+});
+
+test('test deleteUser', async () => {
+  const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_with_hierarchy_policy.csv');
+  expect(await e.getImplicitPermissionsForUser('bob')).toEqual([['bob', 'data2', 'write']]);
+  expect(await e.getImplicitPermissionsForUser('alice')).toEqual([
+    ['alice', 'data1', 'read'],
+    ['data1_admin', 'data1', 'read'],
+    ['data1_admin', 'data1', 'write'],
+    ['data2_admin', 'data2', 'read'],
+    ['data2_admin', 'data2', 'write']
+  ]);
+  await e.deleteUser('alice');
+  expect(await e.getImplicitPermissionsForUser('alice')).toEqual([]);
+  expect(await e.getImplicitPermissionsForUser('bob')).toEqual([['bob', 'data2', 'write']]);
+  await e.deleteRole('bob');
+  expect(await e.getImplicitPermissionsForUser('alice')).toEqual([]);
+  expect(await e.getImplicitPermissionsForUser('bob')).toEqual([]);
 });