Skip to content

Commit 9d2f491

Browse files
selfuppenselfuppen
authored
fix: add rbac with resource roles and domain example (#329)
1 parent a104356 commit 9d2f491

File tree

3 files changed

+48
-0
lines changed

3 files changed

+48
-0
lines changed

examples/rbac_with_resource_roles_and_domain_model.conf

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
[request_definition]
2+
r = sub, dom, obj, act
3+
4+
[policy_definition]
5+
p = sub, dom, obj, act
6+
7+
[role_definition]
8+
g = _, _, _
9+
g2 = _, _
10+
11+
[policy_effect]
12+
e = some(where (p.eft == allow))
13+
14+
[matchers]
15+
m = g(r.sub, p.sub, r.dom) && g2(r.obj, p.obj) && r.dom == p.dom && r.act == p.act

examples/rbac_with_resource_roles_and_domain_policy.csv

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
p, data_group_admin, domain1, data_group, read
2+
p, data_group_admin, domain1, data_group, write
3+
p, data_group_admin, domain2, data_group2, read
4+
p, data_group_admin, domain2, data_group2, write
5+
6+
g, alice, data_group_admin, domain1
7+
g, bob, data_group_admin, domain2
8+
9+
g2, data1, data_group
10+
g2, data2, data_group2

src/test/java/org/casbin/jcasbin/main/ModelUnitTest.java

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -464,4 +464,27 @@ public void testGlobMatchModel() {
464464
testEnforce(e, "u4", "/foo", "read", false);
465465
testEnforce(e, "u4", "foo", "read", true);
466466
}
467+
468+
@Test
469+
public void testRbacWithResourceRolesAndDomain() {
470+
Enforcer e = new Enforcer("examples/rbac_with_resource_roles_and_domain_model.conf", "examples/rbac_with_resource_roles_and_domain_policy.csv");
471+
472+
testDomainEnforce(e, "alice", "domain1", "data1", "read", true);
473+
testDomainEnforce(e, "alice", "domain1", "data1", "write", true);
474+
testDomainEnforce(e, "alice", "domain1", "data2", "read", false);
475+
testDomainEnforce(e, "alice", "domain1", "data2", "write", false);
476+
testDomainEnforce(e, "alice", "domain2", "data1", "read", false);
477+
testDomainEnforce(e, "alice", "domain2", "data1", "write", false);
478+
testDomainEnforce(e, "alice", "domain2", "data2", "read", false);
479+
testDomainEnforce(e, "alice", "domain2", "data2", "write", false);
480+
481+
testDomainEnforce(e, "bob", "domain1", "data2", "read", false);
482+
testDomainEnforce(e, "bob", "domain1", "data2", "write", false);
483+
testDomainEnforce(e, "bob", "domain1", "data1", "read", false);
484+
testDomainEnforce(e, "bob", "domain1", "data1", "write", false);
485+
testDomainEnforce(e, "bob", "domain2", "data1", "read", false);
486+
testDomainEnforce(e, "bob", "domain2", "data1", "write", false);
487+
testDomainEnforce(e, "bob", "domain2", "data2", "read", true);
488+
testDomainEnforce(e, "bob", "domain2", "data2", "write", true);
489+
}
467490
}

0 commit comments

Comments
 (0)