Skip to content

Commit

Permalink
fix: fix not using policy bug for enforcer (testABACJsonRequest, test…
Browse files Browse the repository at this point in the history
…ABACNotUsingPolicy) (#378)
  • Loading branch information
LMay001 authored Feb 15, 2024
1 parent 2c363e1 commit 8d2aff1
Show file tree
Hide file tree
Showing 4 changed files with 87 additions and 1 deletion.
11 changes: 11 additions & 0 deletions examples/abac_not_using_policy_model.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act, eft

[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))

[matchers]
m = r.sub == r.obj.Owner
4 changes: 4 additions & 0 deletions examples/abac_rule_effect_policy.csv
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
p, alice, /data1, read, deny
p, alice, /data1, write, allow
p, bob, /data2, write, deny
p, bob, /data2, read, allow
2 changes: 1 addition & 1 deletion src/main/java/org/casbin/jcasbin/main/CoreEnforcer.java
Original file line number Diff line number Diff line change
Expand Up @@ -571,7 +571,7 @@ private EnforceResult enforce(String matcher, Object... rvals) {
final int policyLen = policy.size();
int explainIndex = -1;

if (policyLen != 0) {
if (policyLen != 0 && expString.contains(pType+"_")) {
policyEffects = new Effect[policyLen];
matcherResults = new float[policyLen];

Expand Down
71 changes: 71 additions & 0 deletions src/test/java/org/casbin/jcasbin/main/ModelUnitTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -524,6 +524,64 @@ public void testABACTypes(){
}
}

@Test
public void testABACJsonRequest(){
Enforcer e1 = new Enforcer("examples/abac_model.conf");
e1.enableAcceptJsonRequest(true);

Map data1Json = new HashMap<String,String>();
data1Json.put("Name", "data1");
data1Json.put("Owner", "alice");
Map data2Json = new HashMap<String,String>();
data2Json.put("Name", "data2");
data2Json.put("Owner", "bob");

testEnforce(e1, "alice", data1Json, "read", true);
testEnforce(e1, "alice", data1Json, "write", true);
testEnforce(e1, "alice", data2Json, "read", false);
testEnforce(e1, "alice", data2Json, "write", false);
testEnforce(e1, "bob", data1Json, "read", false);
testEnforce(e1, "bob", data1Json, "write", false);
testEnforce(e1, "bob", data2Json, "read", true);
testEnforce(e1, "bob", data2Json, "write", true);


Enforcer e2 = new Enforcer("examples/abac_not_using_policy_model.conf", "examples/abac_rule_effect_policy.csv");
e2.enableAcceptJsonRequest(true);

testEnforce(e2, "alice", data1Json, "read", true);
testEnforce(e2, "alice", data1Json, "write", true);
testEnforce(e2, "alice", data2Json, "read", false);
testEnforce(e2, "alice", data2Json, "write", false);


Enforcer e3 = new Enforcer("examples/abac_rule_model.conf", "examples/abac_rule_policy.csv");
e3.enableAcceptJsonRequest(true);

Map sub1Json = new HashMap<String,Object>();
sub1Json.put("Name", "alice");
sub1Json.put("Age", 16);
Map sub2Json = new HashMap<String,String>();
sub2Json.put("Name", "alice");
sub2Json.put("Age", 20);
Map sub3Json = new HashMap<String,String>();
sub3Json.put("Name", "alice");
sub3Json.put("Age", 65);

testEnforce(e3, sub1Json, "/data1", "read", false);
testEnforce(e3, sub1Json, "/data2", "read", false);
testEnforce(e3, sub1Json, "/data1", "write", false);
testEnforce(e3, sub1Json, "/data2", "write", true);
testEnforce(e3, sub2Json, "/data1", "read", true);
testEnforce(e3, sub2Json, "/data2", "read", false);
testEnforce(e3, sub2Json, "/data1", "write", false);
testEnforce(e3, sub2Json, "/data2", "write", true);
testEnforce(e3, sub3Json, "/data1", "read", true);
testEnforce(e3, sub3Json, "/data2", "read", false);
testEnforce(e3, sub3Json, "/data1", "write", false);
testEnforce(e3, sub3Json, "/data2", "write", false);
}

@Test
public void testKeyMatchModel() {
Enforcer e = new Enforcer("examples/keymatch_model.conf", "examples/keymatch_policy.csv");
Expand Down Expand Up @@ -615,6 +673,19 @@ public void testPriorityModelIndeterminate() {
testEnforce(e, "alice", "data1", "read", false);
}

@Test
public void testABACNotUsingPolicy(){
Enforcer e = new Enforcer("examples/abac_not_using_policy_model.conf", "examples/abac_rule_effect_policy.csv");

TestResource data1 = new TestResource("data1", "alice");
TestResource data2 = new TestResource("data2", "bob");

testEnforce(e, "alice", data1, "read", true);
testEnforce(e, "alice", data1, "write", true);
testEnforce(e, "alice", data2, "read", false);
testEnforce(e, "alice", data2, "write", false);
}

@Test
public void testSubjectPriorityWithDomain() {
Enforcer e = new Enforcer("examples/subject_priority_model_with_domain.conf", "examples/subject_priority_policy_with_domain.csv");
Expand Down

0 comments on commit 8d2aff1

Please sign in to comment.