Merge pull request #58 from divy9881/api_tests

feat: Add Management, RBAC API, RBAC API with Domains tests and fix filePath function removal.
casbin · Jul 15, 2020 · f6d1786 · f6d1786
2 parents 30941e0 + 2bfebf8
commit f6d1786
Show file tree

Hide file tree

Showing 20 changed files with 787 additions and 188 deletions.
diff --git a/casbin/enforcer.cpp b/casbin/enforcer.cpp
@@ -483,8 +483,8 @@ bool Enforcer::EnforceWithMatcher(string matcher, string sub, string dom, string
 bool Enforcer::EnforceWithMatcher(string matcher, vector<string> params) {
     vector <string> r_tokens = this->model->m["r"].assertion_map["r"]->tokens;
 
-    int r_cnt = r_tokens.size();
-    int cnt = params.size();
+    int r_cnt = int(r_tokens.size());
+    int cnt = int(params.size());
 
     if (cnt != r_cnt)
         return false;

diff --git a/casbin/enforcer.h b/casbin/enforcer.h
@@ -210,17 +210,18 @@ class Enforcer : public IEnforcer{
         void AddFunction(string name, Function function, Index nargs);
 
         /*RBAC API member functions.*/
-        vector<string> GetRolesForUser(string name);
-        vector<string> GetUsersForRole(string name);
+        vector<string> GetRolesForUser(string name, vector<string> domain = {});
+        vector<string> GetUsersForRole(string name, vector<string> domain = {});
         bool HasRoleForUser(string name, string role);
         bool AddRoleForUser(string user, string role);
+        bool AddRolesForUser(string user, vector<string> roles);
         bool AddPermissionForUser(string user, vector<string> permission);
         bool DeletePermissionForUser(string user, vector<string> permission);
         bool DeletePermissionsForUser(string user);
         vector<vector<string>> GetPermissionsForUser(string user);
         bool HasPermissionForUser(string user, vector<string> permission);
-        vector<string> GetImplicitRolesForUser(string name, vector<string> domain);
-        vector<vector<string>> GetImplicitPermissionsForUser(string user, vector<string> domain);
+        vector<string> GetImplicitRolesForUser(string name, vector<string> domain = {});
+        vector<vector<string>> GetImplicitPermissionsForUser(string user, vector<string> domain = {});
         vector<string> GetImplicitUsersForPermission(vector<string> permission);
         bool DeleteRoleForUser(string user, string role);
         bool DeleteRolesForUser(string user);
@@ -236,11 +237,11 @@ class Enforcer : public IEnforcer{
         bool removeFilteredPolicy(string sec , string ptype , int fieldIndex , vector<string> fieldValues);
 
         /* RBAC API with domains.*/
-        vector<string> GetUsersForRoleInDomain(string name, string domain);
-        vector<string> GetRolesForUserInDomain(string name, string domain);
-        vector<vector<string>> GetPermissionsForUserInDomain(string user, string domain);
-        bool AddRoleForUserInDomain(string user, string role, string domain);
-        bool DeleteRoleForUserInDomain(string user, string role, string domain);
+        vector<string> GetUsersForRoleInDomain(string name, string domain = {});
+        vector<string> GetRolesForUserInDomain(string name, string domain = {});
+        vector<vector<string>> GetPermissionsForUserInDomain(string user, string domain = {});
+        bool AddRoleForUserInDomain(string user, string role, string domain = {});
+        bool DeleteRoleForUserInDomain(string user, string role, string domain = {});
 
 };
 

diff --git a/casbin/enforcer_interface.h b/casbin/enforcer_interface.h
@@ -60,17 +60,18 @@ class IEnforcer {
         virtual bool EnforceWithMatcher(string matcher, Scope scope) = 0;
 
         /* RBAC API */
-        virtual vector<string> GetRolesForUser(string name) = 0;
-        virtual vector<string> GetUsersForRole(string name) = 0;
+        virtual vector<string> GetRolesForUser(string name, vector<string> domain = {}) = 0;
+        virtual vector<string> GetUsersForRole(string name, vector<string> domain = {}) = 0;
         virtual bool HasRoleForUser(string name, string role) = 0;
         virtual bool AddRoleForUser(string user, string role) = 0;
+        virtual bool AddRolesForUser(string user, vector<string> roles) = 0;
         virtual bool AddPermissionForUser(string user, vector<string> permission) = 0;
         virtual bool DeletePermissionForUser(string user, vector<string> permission) = 0;
         virtual bool DeletePermissionsForUser(string user) = 0;
         virtual vector<vector<string>> GetPermissionsForUser(string user) = 0;
         virtual bool HasPermissionForUser(string user, vector<string> permission) = 0;
-        virtual vector<string> GetImplicitRolesForUser(string name, vector<string> domain) = 0;
-        virtual vector<vector<string>> GetImplicitPermissionsForUser(string user, vector<string> domain) = 0;
+        virtual vector<string> GetImplicitRolesForUser(string name, vector<string> domain = {}) = 0;
+        virtual vector<vector<string>> GetImplicitPermissionsForUser(string user, vector<string> domain = {}) = 0;
         virtual vector<string> GetImplicitUsersForPermission(vector<string> permission) = 0;
         virtual bool DeleteRoleForUser(string user, string role) = 0;
         virtual bool DeleteRolesForUser(string user) = 0;

diff --git a/casbin/internal_api.cpp b/casbin/internal_api.cpp
@@ -65,8 +65,11 @@ bool Enforcer :: addPolicies(string sec, string p_type, vector<vector<string>> r
         this->BuildIncrementalRoleLinks(policy_add, p_type, rules);
 
     if (this->adapter != NULL && this->auto_save) {
-        void* adapter = this->adapter;
-        ((BatchAdapter *)adapter)->AddPolicies(sec, p_type, rules);
+        try {
+            dynamic_cast<BatchAdapter*>(this->adapter)->AddPolicies(sec, p_type, rules);
+        }
+        catch(UnsupportedOperationException e) {
+        }
     }
 
     if (this->watcher != NULL && this->auto_notify_watcher)
@@ -116,8 +119,11 @@ bool Enforcer :: removePolicies(string sec, string p_type, vector<vector<string>
         this->BuildIncrementalRoleLinks(policy_add, p_type, rules);
 
     if (this->adapter != NULL && this->auto_save) {
-        void* adapter = this->adapter;
-        ((BatchAdapter *)adapter)->RemovePolicies(sec, p_type, rules);
+        try{
+            dynamic_cast<BatchAdapter*>(this->adapter)->RemovePolicies(sec, p_type, rules);
+        }
+        catch(UnsupportedOperationException e){
+        }
     }
 
     if (this->watcher != NULL && this->auto_notify_watcher)

diff --git a/casbin/model/assertion.cpp b/casbin/model/assertion.cpp
@@ -30,8 +30,8 @@ void Assertion :: BuildIncrementalRoleLinks(RoleManager* rm, policy_op op, vecto
     if (char_count < 2)
         throw IllegalArgumentException("the number of \"_\" in role definition should be at least 2");
 
-    for(int i = 0 ; i < this->policy.size() ; i++){
-        vector<string> rule = this->policy[i];
+    for(int i = 0 ; i < rules.size() ; i++){
+        vector<string> rule = rules[i];
 
         if (rule.size() < char_count)
             throw IllegalArgumentException("grouping policy elements do not meet role definition");
@@ -43,6 +43,7 @@ void Assertion :: BuildIncrementalRoleLinks(RoleManager* rm, policy_op op, vecto
         switch(op) {
             case policy_op :: policy_add:
                 this->rm->AddLink(rule[0], rule[1], domain);
+                break;
             case policy_op :: policy_remove:
                 this->rm->DeleteLink(rule[0], rule[1], domain);
         }
@@ -76,5 +77,5 @@ void Assertion :: BuildRoleLinks(RoleManager* rm) {
 
     // LogUtil :: LogPrint("Role links for: " + Key);
 
-    this->rm->PrintRoles();
+    // this->rm->PrintRoles();
 }
diff --git a/casbin/model/model.cpp b/casbin/model/model.cpp
@@ -209,8 +209,8 @@ vector<vector<string>> Model :: GetFilteredPolicy(string sec, string p_type, int
     vector<vector<string>> policy(m[sec].assertion_map[p_type]->policy);
     for(int i = 0 ; i < policy.size() ; i++){
         bool matched = true;
-        for(int i = 0 ; i < field_values.size() ; i++){
-            if(field_values[i] != "" && (policy[i])[field_index + i] != field_values[i] ){
+        for(int j = 0 ; j < field_values.size() ; j++){
+            if(field_values[j] != "" && (policy[i])[field_index + j] != field_values[j] ){
                 matched = false;
                 break;
             }

diff --git a/casbin/rbac/default_role_manager.cpp b/casbin/rbac/default_role_manager.cpp
@@ -254,7 +254,7 @@ vector<string> DefaultRoleManager :: GetUsers(string name, vector<string> domain
     else if (domain.size() > 1)
         throw CasbinRBACException("error: domain should be 1 parameter");
 
-    if (this->HasRole(name))
+    if (!this->HasRole(name))
         throw CasbinRBACException("error: name does not exist");
 
     vector<string> names;

diff --git a/casbin/rbac/default_role_manager.h b/casbin/rbac/default_role_manager.h
@@ -85,28 +85,28 @@ class DefaultRoleManager : public RoleManager {
         // AddLink adds the inheritance link between role: name1 and role: name2.
         // aka role: name1 inherits role: name2.
         // domain is a prefix to the roles.
-        void AddLink(string name1, string name2, vector<string> domain = vector<string>{});
+        void AddLink(string name1, string name2, vector<string> domain = {});
 
         /**
          * deleteLink deletes the inheritance link between role: name1 and role: name2.
          * aka role: name1 does not inherit role: name2 any more.
          * domain is a prefix to the roles.
          */
-        void DeleteLink(string name1, string name2, vector<string> domain = vector<string>{});
+        void DeleteLink(string name1, string name2, vector<string> domain = {});
 
         /**
          * hasLink determines whether role: name1 inherits role: name2.
          * domain is a prefix to the roles.
          */
-        bool HasLink(string name1, string name2, vector<string> domain = vector<string>{});
+        bool HasLink(string name1, string name2, vector<string> domain = {});
 
         /**
          * getRoles gets the roles that a subject inherits.
          * domain is a prefix to the roles.
          */
-        vector <string> GetRoles(string name, vector<string> domain = vector<string>{});
+        vector <string> GetRoles(string name, vector<string> domain = {});
 
-        vector<string> GetUsers(string name, vector<string> domain = vector<string>{});
+        vector<string> GetUsers(string name, vector<string> domain = {});
 
         /**
          * printRoles prints all the roles to log.

diff --git a/casbin/rbac_api.cpp b/casbin/rbac_api.cpp
@@ -23,22 +23,21 @@
 #include "./util/util.h"
 
 // GetRolesForUser gets the roles that a user has.
-vector<string> Enforcer :: GetRolesForUser(string name) {
-    vector<string> domain;
+vector<string> Enforcer :: GetRolesForUser(string name, vector<string> domain) {
     vector<string> res = this->model->m["g"].assertion_map["g"]->rm->GetRoles(name, domain);
     return res;
 }
 
 // GetUsersForRole gets the users that has a role.
-vector<string> Enforcer :: GetUsersForRole(string name) {
-    vector<string> domain;
+vector<string> Enforcer :: GetUsersForRole(string name, vector<string> domain) {
     vector<string> res = this->model->m["g"].assertion_map["g"]->rm->GetUsers(name, domain);
     return res;
 }
 
 // HasRoleForUser determines whether a user has a role.
 bool Enforcer :: HasRoleForUser(string name, string role) {
-    vector<string> roles = this->GetRolesForUser(name);
+    vector<string> domain;
+    vector<string> roles = this->GetRolesForUser(name, domain);
 
     bool has_role = false;
     for (int i = 0 ; i < roles.size() ; i++) {
@@ -58,6 +57,18 @@ bool Enforcer :: AddRoleForUser(string user, string role) {
     return this->AddGroupingPolicy(params);
 }
 
+// AddRolesForUser adds roles for a user.
+// Returns false if the user already has the roles (aka not affected).
+bool Enforcer :: AddRolesForUser(string user, vector<string> roles) {
+    bool f = false;
+    for(int i=0;i<roles.size();i++) {
+        bool b = this->AddGroupingPolicy({user, roles[i]});
+        if(b)
+            f = true;
+    }
+    return f;
+}
+
 // DeleteRoleForUser deletes a role for a user.
 // Returns false if the user does not have the role (aka not affected).
 bool Enforcer :: DeleteRoleForUser(string user, string role) {
@@ -211,24 +222,23 @@ vector<vector<string>> Enforcer :: GetImplicitPermissionsForUser(string user, ve
 // GetImplicitUsersForPermission("data1", "read") will get: ["alice", "bob"].
 // Note: only users will be returned, roles (2nd arg in "g") will be excluded.
 vector<string> Enforcer :: GetImplicitUsersForPermission(vector<string> permission) {
-    vector<string> subjects = this->GetAllSubjects();
-    vector<string> roles = this->GetAllRoles();
+    vector<string> p_subjects = this->GetAllSubjects();
+    vector<string> g_inherit = this->model->GetValuesForFieldInPolicyAllTypes("g", 1);
+    vector<string> g_subjects = this->model->GetValuesForFieldInPolicyAllTypes("g", 0);
 
-    vector<string> users = SetSubtract(subjects, roles);
+    vector<string> subjects(p_subjects);
+    subjects.insert(subjects.end(), g_subjects.begin(), g_subjects.end());
+    ArrayRemoveDuplicates(subjects);
 
     vector<string> res;
-    for (int i = 0 ; i < users.size() ; i++) {
-        Scope scope = InitializeScope();
-        PushObject(scope);
-        PushStringPropToObject(scope, "r", users[i], "sub");
-        PushStringPropToObject(scope, "r", permission[0], "obj");
-        PushStringPropToObject(scope, "r", permission[1], "act");
-
-        bool allowed = this->Enforce(scope);
-
-        if (allowed)
-            res.push_back(users[i]);
+    for(int i=0;i<subjects.size();i++) {
+        bool allowed = this->Enforce({subjects[i], permission[0], permission[1]});
+
+        if(allowed) {
+            res.push_back(subjects[i]);
+        }
     }
 
+    res = SetSubtract(res, g_inherit);
     return res;
 }
diff --git a/casbin/util/array_equals.cpp b/casbin/util/array_equals.cpp
@@ -18,6 +18,8 @@
 
 #include "pch.h"
 
+#include <algorithm>
+
 #include "./util.h"
 
 using namespace std;
@@ -28,6 +30,8 @@ bool ArrayEquals(vector<string> a, vector<string> b) {
         return false;
     }
 
+    sort(a.begin(), a.end());
+    sort(b.begin(), b.end());
     for (int i = 0 ; i < a.size() ; i++) {
         if (a[i] != b[i]) {
             return false;

diff --git a/test/test.vcxproj b/test/test.vcxproj
@@ -168,8 +168,11 @@
     <ClCompile Include="test_built_in_functions.cpp" />
     <ClCompile Include="test_config.cpp" />
     <ClCompile Include="test_enforcer.cpp" />
+    <ClCompile Include="test_management_api.cpp" />
     <ClCompile Include="test_model.cpp" />
     <ClCompile Include="test_model_enforcer.cpp" />
+    <ClCompile Include="test_rbac_api.cpp" />
+    <ClCompile Include="test_rbac_api_with_domains.cpp" />
     <ClCompile Include="test_role_manager.cpp" />
     <ClCompile Include="test_util.cpp" />
   </ItemGroup>

diff --git a/test/test.vcxproj.filters b/test/test.vcxproj.filters
@@ -39,6 +39,15 @@
     <ClCompile Include="test_enforcer.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="test_management_api.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="test_rbac_api.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="test_rbac_api_with_domains.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="pch.h">

diff --git a/test/test_config.cpp b/test/test_config.cpp
@@ -2,9 +2,6 @@
 
 #include "pch.h"
 
-#include <direct.h>
-#include <algorithm>
-
 #include <config.h>
 #include <util.h>
 
@@ -19,32 +16,10 @@ namespace test_config
             Config* config;
 
             TEST_METHOD_INITIALIZE(InitializeConfig) {
-                string filepath = filePath("/casbin/config/testdata/testini.ini");
+                string filepath = "../../casbin/config/testdata/testini.ini";
                 config = Config::NewConfig(filepath);
             }
 
-            string filePath(string filepath) {
-                char* root = _getcwd(NULL, 0);
-                string rootStr = string(root);
-
-                vector <string> directories = Split(rootStr, "\\", -1);
-                vector<string>::iterator it = find(directories.begin(), directories.end(), "x64");
-                vector <string> left{ *(it-1) };
-                it = find_end(directories.begin(), directories.end(), left.begin(), left.end());
-                int index = int(directories.size() + (it - directories.end()));
-
-                vector <string> finalDirectories(directories.begin(), directories.begin() + index + 1);
-
-                vector<string> userD = Split(filepath, "/", -1);
-                for (int i = 1; i < userD.size(); i++)
-                    finalDirectories.push_back(userD[i]);
-
-                string filepath1 = finalDirectories[0];
-                for (int i = 1; i < finalDirectories.size(); i++)
-                    filepath1 = filepath1 + "/" + finalDirectories[i];
-                return filepath1;
-            }
-
             TEST_METHOD(TestDebug) {
                 Assert::IsTrue(config->GetBool("debug"));
             }