Skip to content

Commit bb471ad

Browse files
Copilotnomeguy
Copilot
and
nomeguy
committed
Initial plan
Co-authored-by: nomeguy <85475922+nomeguy@users.noreply.github.com>
1 parent a3a3840 commit bb471ad

File tree

3 files changed

+1729
-1531
lines changed

3 files changed

+1729
-1531
lines changed

examples/subject_priority_policy_simple.csv

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
p, group, data1, read, deny
2+
p, user, data1, read, allow
3+
g, user, group

test/enforcer.test.ts

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -759,6 +759,40 @@ test('TestSubjectPriorityWithDomain', async () => {
759759
testEnforceEx(e, 'bob', 'data2', 'write', [true, ['bob', 'data2', 'domain2', 'write', 'allow']], 'domain2');
760760
});
761761

762+
test('TestSubjectPriority simpler with CSV', async () => {
763+
const e = await newEnforcer('examples/subject_priority_model.conf', 'examples/subject_priority_policy_simple.csv');
764+
fs.writeFileSync('/tmp/csv_policies.txt', JSON.stringify(e.getPolicy(), null, 2));
765+
// user should be allowed to read data1 because the direct allow policy takes priority over the inherited deny policy from the group role
766+
testEnforceEx(e, 'user', 'data1', 'read', [true, ['user', 'data1', 'read', 'allow']]);
767+
});
768+
769+
test('TestSubjectPriority simpler with addPolicy', async () => {
770+
const e = await newEnforcer('examples/subject_priority_model.conf');
771+
await e.addPolicy('group', 'data1', 'read', 'deny');
772+
await e.addPolicy('user', 'data1', 'read', 'allow');
773+
await e.addGroupingPolicy('user', 'group');
774+
fs.writeFileSync('/tmp/addpolicy_policies.txt', JSON.stringify(e.getPolicy(), null, 2));
775+
// user should be allowed to read data1 because the direct allow policy takes priority over the inherited deny policy from the group role
776+
testEnforceEx(e, 'user', 'data1', 'read', [true, ['user', 'data1', 'read', 'allow']]);
777+
});
778+
779+
test('TestSubjectPriority with CSV converted to addPolicy/addGroupingPolicy', async () => {
780+
const e = await newEnforcer('examples/subject_priority_model.conf');
781+
await e.addPolicy('root', 'data1', 'read', 'deny');
782+
await e.addPolicy('admin', 'data1', 'read', 'deny');
783+
await e.addPolicy('editor', 'data1', 'read', 'deny');
784+
await e.addPolicy('subscriber', 'data1', 'read', 'deny');
785+
await e.addPolicy('jane', 'data1', 'read', 'allow');
786+
await e.addPolicy('alice', 'data1', 'read', 'allow');
787+
await e.addGroupingPolicy('admin', 'root');
788+
await e.addGroupingPolicy('editor', 'admin');
789+
await e.addGroupingPolicy('subscriber', 'admin');
790+
await e.addGroupingPolicy('jane', 'editor');
791+
await e.addGroupingPolicy('alice', 'subscriber');
792+
testEnforceEx(e, 'jane', 'data1', 'read', [true, ['jane', 'data1', 'read', 'allow']]);
793+
testEnforceEx(e, 'alice', 'data1', 'read', [true, ['alice', 'data1', 'read', 'allow']]);
794+
});
795+
762796
test('TestEnforcerWithScopeFileSystem', async () => {
763797
const e = await newEnforcer();
764798
const defaultFileSystem = {

0 commit comments

Comments
 (0)