Refactor to match Go Casbin implementation pattern

- Add getDomains and getAllDomains methods to RoleManager interface
- Implement methods in DefaultRoleManager following Go pattern
- Update Enforcer to call RoleManager methods (not ManagementEnforcer)
- Add rbac_with_domains_policy2.csv test file matching Go Casbin
- Update tests to match Go Casbin test patterns and naming
- Filter out default domain when other domains exist

Co-authored-by: mserico <140243407+mserico@users.noreply.github.com>

Author: Copilot

examples/rbac_with_domains_policy2.csv

@@ -0,0 +1,9 @@
+p, admin, domain1, data1, read
+p, admin, domain1, data1, write
+p, admin, domain2, data2, read
+p, admin, domain2, data2, write
+p, user, domain3, data2, read
+g, alice, admin, domain1
+g, alice, admin, domain2
+g, bob, admin, domain2
+g, bob, user, domain3

src/enforcer.ts

@@ -466,28 +466,27 @@ export class Enforcer extends ManagementEnforcer {
   }
 
   /**
-   * getDomainsForUser gets all domains that a user has.
-   * For example:
-   * g, alice, admin, domain1
-   * g, alice, member, domain2
-   *
-   * getDomainsForUser("alice") will get: ["domain1", "domain2"].
-   *
-   * @param user the user.
-   * @return the domains that the user has.
+   * getDomainsForUser gets all domains.
    */
   public async getDomainsForUser(user: string): Promise<string[]> {
-    const groupingPolicies = await this.getFilteredGroupingPolicy(0, user);
-    const domains = new Set<string>();
-
-    for (const policy of groupingPolicies) {
-      // In a policy like ["alice", "admin", "domain1"], domain is at index 2
-      if (policy.length > 2 && policy[2] && policy[2].trim() !== '') {
-        domains.add(policy[2]);
-      }
+    const domains: string[] = [];
+    for (const rm of this.rmMap.values()) {
+      const domain = await rm.getDomains(user);
+      domains.push(...domain);
     }
+    return domains;
+  }
 
-    return Array.from(domains);
+  /**
+   * getAllDomains gets all domains.
+   */
+  public async getAllDomains(): Promise<string[]> {
+    const domains: string[] = [];
+    for (const rm of this.rmMap.values()) {
+      const domain = await rm.getAllDomains();
+      domains.push(...domain);
+    }
+    return arrayRemoveDuplicates(domains);
   }
 }
 

src/managementEnforcer.ts

@@ -118,31 +118,6 @@ export class ManagementEnforcer extends InternalEnforcer {
     return this.model.getValuesForFieldInPolicy('g', ptype, 1);
   }
 
-  /**
-   * getAllDomains gets the list of domains that show up in the current policy.
-   *
-   * @return all the domains in "g" policy rules. It actually collects
-   *         the 2-index elements of "g" policy rules. So make sure your
-   *         domain is the 2-index element, like (sub, role, domain).
-   *         Duplicates are removed.
-   */
-  public async getAllDomains(): Promise<string[]> {
-    return this.getAllNamedDomains('g');
-  }
-
-  /**
-   * getAllNamedDomains gets the list of domains that show up in the current named policy.
-   *
-   * @param ptype the policy type, can be "g", "g2", "g3", ..
-   * @return all the domains in policy rules of the ptype type. It actually
-   *         collects the 2-index elements of the policy rules. So make
-   *         sure your domain is the 2-index element, like (sub, role, domain).
-   *         Duplicates are removed.
-   */
-  public async getAllNamedDomains(ptype: string): Promise<string[]> {
-    return this.model.getValuesForFieldInPolicy('g', ptype, 2).filter((domain) => domain !== undefined && domain !== '');
-  }
-
   /**
    * getPolicy gets all the authorization rules in the policy.
    *

src/rbac/defaultRoleManager.ts

@@ -352,4 +352,43 @@ export class DefaultRoleManager implements RoleManager {
       });
     }
   }
+
+  /**
+   * getDomains gets domains that a user has.
+   */
+  public async getDomains(name: string): Promise<string[]> {
+    const domains: string[] = [];
+    this.allDomains.forEach((roles, domain) => {
+      // Skip the default domain if there are other domains
+      if (domain === DEFAULT_DOMAIN && this.allDomains.size > 1) {
+        return;
+      }
+      const role = roles.get(name);
+      if (role && (role.getRoles().length > 0 || this.hasUserOrRole(roles, name))) {
+        domains.push(domain);
+      }
+    });
+    return domains;
+  }
+
+  /**
+   * getAllDomains gets all domains.
+   */
+  public async getAllDomains(): Promise<string[]> {
+    const domains = Array.from(this.allDomains.keys());
+    // Filter out the default domain if there are other domains
+    if (domains.length > 1) {
+      return domains.filter((d) => d !== DEFAULT_DOMAIN);
+    }
+    return domains;
+  }
+
+  private hasUserOrRole(roles: Roles, name: string): boolean {
+    for (const role of roles.values()) {
+      if (role.hasDirectRole(name)) {
+        return true;
+      }
+    }
+    return false;
+  }
 }

src/rbac/roleManager.ts

@@ -36,4 +36,8 @@ export interface RoleManager {
   getUsers(name: string, ...domain: string[]): Promise<string[]>;
   // PrintRoles prints all the roles to log.
   printRoles(): Promise<void>;
+  // GetDomains gets domains that a user has
+  getDomains(name: string): Promise<string[]>;
+  // GetAllDomains gets all domains
+  getAllDomains(): Promise<string[]>;
 }

test/managementAPI.test.ts

@@ -75,20 +75,6 @@ test('getAllNamedRoles', async () => {
   testArrayEquals(allNamedRoles, []);
 });
 
-test('getAllDomains', async () => {
-  // The basic RBAC model doesn't have domains, so this should return empty
-  const allDomains = await e.getAllDomains();
-  testArrayEquals(allDomains, []);
-});
-
-test('getAllNamedDomains', async () => {
-  // The basic RBAC model doesn't have domains, so this should return empty
-  let allNamedDomains = await e.getAllNamedDomains('g');
-  testArrayEquals(allNamedDomains, []);
-  allNamedDomains = await e.getAllNamedDomains('g1');
-  testArrayEquals(allNamedDomains, []);
-});
-
 test('getPolicy', async () => {
   const policy = await e.getPolicy();
   testArray2DEquals(policy, [

test/rbacwDomainAPI.test.ts

@@ -30,28 +30,25 @@ test('test getUsersForRoleInDomain', async () => {
   expect(await e.getUsersForRoleInDomain('superadmin', 'domain2')).toEqual([]);
 });
 
-test('test getAllDomains', async () => {
-  const e = await newEnforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy.csv');
-  const domains = await e.getAllDomains();
-  expect(domains.sort()).toEqual(['domain1', 'domain2']);
+test('test getDomainsForUser', async () => {
+  const e = await newEnforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy2.csv');
+
+  let myRes = await e.getDomainsForUser('alice');
+  myRes.sort();
+  expect(myRes).toEqual(['domain1', 'domain2']);
+
+  myRes = await e.getDomainsForUser('bob');
+  myRes.sort();
+  expect(myRes).toEqual(['domain2', 'domain3']);
+
+  myRes = await e.getDomainsForUser('user');
+  expect(myRes).toEqual(['domain3']);
 });
 
-test('test getDomainsForUser', async () => {
+test('test getAllDomains', async () => {
   const e = await newEnforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy.csv');
-  expect(await e.getDomainsForUser('alice')).toEqual(['domain1']);
-  expect(await e.getDomainsForUser('bob')).toEqual(['domain2']);
-  expect(await e.getDomainsForUser('nonexistent')).toEqual([]);
-
-  // Add alice to another domain and verify she appears in both
-  await e.addGroupingPolicy('alice', 'admin', 'domain2');
-  const aliceDomains = await e.getDomainsForUser('alice');
-  expect(aliceDomains.sort()).toEqual(['domain1', 'domain2']);
-
-  // Test that empty string domains are filtered out
-  await e.addGroupingPolicy('charlie', 'member', '');
-  expect(await e.getDomainsForUser('charlie')).toEqual([]);
-
-  // Test that whitespace-only domains are filtered out
-  await e.addGroupingPolicy('dave', 'member', '   ');
-  expect(await e.getDomainsForUser('dave')).toEqual([]);
+
+  const myRes = await e.getAllDomains();
+  myRes.sort();
+  expect(myRes).toEqual(['domain1', 'domain2']);
 });