apps/core
1
0
Fork 0
mirror of https://github.com/datarhei/core.git synced 2025-10-23 16:03:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Dump casbin, replace with own policy enforcer

Browse Source
This commit is contained in:
Ingo Oppermann
2024-07-23 15:54:09 +02:00
parent 879819f10f
commit 54b1fe8e86
115 changed files with 1515 additions and 15200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

354
iam/policy/model_test.go Normal file
View File

@@ -0,0 +1,354 @@
package policy
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestNormalizePolicy(t *testing.T) {
p := Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET"},
}
p = normalizePolicy(p)
require.Equal(t, Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"api", "fs", "rtmp", "srt"},
Resource: "/foo/**",
Actions: []string{"get", "head", "options"},
}, p)
}
func TestModelNew(t *testing.T) {
m := NewModel("$superuser").(*model)
require.Equal(t, m.superuser, "$superuser")
require.NotNil(t, m.policies)
require.NotNil(t, m.lock)
}
func TestModelAddPolicy(t *testing.T) {
p := Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET"},
}
m := NewModel("$superuser").(*model)
err := m.AddPolicy(p)
require.NoError(t, err)
require.Equal(t, 1, len(m.policies))
require.Equal(t, 1, len(m.policies["foobar@domain"]))
require.Equal(t, Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"api", "fs", "rtmp", "srt"},
Resource: "/foo/**",
Actions: []string{"get", "head", "options"},
}, m.policies["foobar@domain"][0])
m.AddPolicies([]Policy{p, p, p})
require.Equal(t, 1, len(m.policies))
require.Equal(t, 1, len(m.policies["foobar@domain"]))
p.Resource = "/bar/*"
m.AddPolicy(p)
require.Equal(t, 2, len(m.policies["foobar@domain"]))
p.Name = "foobaz"
m.AddPolicy(p)
require.Equal(t, 2, len(m.policies))
require.Equal(t, 1, len(m.policies["foobaz@domain"]))
}
func TestModelHasPolicy(t *testing.T) {
p := Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET"},
}
m := NewModel("$superuser").(*model)
ok := m.HasPolicy(p)
require.False(t, ok)
m.AddPolicy(p)
ok = m.HasPolicy(p)
require.True(t, ok)
ok = m.HasPolicy(Policy{
Name: "foobaz",
Domain: "domain",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET", "put"},
})
require.False(t, ok)
ok = m.HasPolicy(Policy{
Name: "foobar",
Domain: "domaim",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET", "put"},
})
require.False(t, ok)
ok = m.HasPolicy(Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET", "put"},
})
require.False(t, ok)
ok = m.HasPolicy(Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/*",
Actions: []string{"Head", "OPtionS", "GET", "put"},
})
require.False(t, ok)
ok = m.HasPolicy(Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET", "pot"},
})
require.False(t, ok)
}
func TestModelRemovePolicy(t *testing.T) {
p := Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET"},
}
m := NewModel("$superuser").(*model)
m.AddPolicy(p)
p.Resource = "/bar/*"
m.AddPolicy(p)
require.Equal(t, 2, len(m.policies["foobar@domain"]))
err := m.RemovePolicy(Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET", "put"},
})
require.NoError(t, err)
require.Equal(t, 2, len(m.policies["foobar@domain"]))
err = m.RemovePolicy(p)
require.NoError(t, err)
require.Equal(t, 1, len(m.policies))
require.Equal(t, 1, len(m.policies["foobar@domain"]))
}
func TestModelListPolicies(t *testing.T) {
p := Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET"},
}
m := NewModel("$superuser").(*model)
policies := m.GetFilteredPolicy("", "")
require.Equal(t, 0, len(policies))
m.addPolicy(p)
p.Resource = "/bar/*"
m.addPolicy(p)
p.Name = "foobaz"
m.addPolicy(p)
p.Domain = "group"
m.addPolicy(p)
policies = m.GetFilteredPolicy("", "")
require.Equal(t, 4, len(policies))
require.ElementsMatch(t, []Policy{
{
Name: "foobar",
Domain: "domain",
Types: []string{"api", "fs", "rtmp", "srt"},
Resource: "/foo/**",
Actions: []string{"get", "head", "options"},
},
{
Name: "foobar",
Domain: "domain",
Types: []string{"api", "fs", "rtmp", "srt"},
Resource: "/bar/*",
Actions: []string{"get", "head", "options"},
},
{
Name: "foobaz",
Domain: "domain",
Types: []string{"api", "fs", "rtmp", "srt"},
Resource: "/bar/*",
Actions: []string{"get", "head", "options"},
},
{
Name: "foobaz",
Domain: "group",
Types: []string{"api", "fs", "rtmp", "srt"},
Resource: "/bar/*",
Actions: []string{"get", "head", "options"},
},
}, policies)
policies = m.GetFilteredPolicy("foobar", "")
require.Equal(t, 2, len(policies))
require.ElementsMatch(t, []Policy{
{
Name: "foobar",
Domain: "domain",
Types: []string{"api", "fs", "rtmp", "srt"},
Resource: "/foo/**",
Actions: []string{"get", "head", "options"},
},
{
Name: "foobar",
Domain: "domain",
Types: []string{"api", "fs", "rtmp", "srt"},
Resource: "/bar/*",
Actions: []string{"get", "head", "options"},
},
}, policies)
policies = m.GetFilteredPolicy("", "group")
require.Equal(t, 1, len(policies))
require.ElementsMatch(t, []Policy{
{
Name: "foobaz",
Domain: "group",
Types: []string{"api", "fs", "rtmp", "srt"},
Resource: "/bar/*",
Actions: []string{"get", "head", "options"},
},
}, policies)
policies = m.GetFilteredPolicy("foobaz", "domain")
require.Equal(t, 1, len(policies))
require.ElementsMatch(t, []Policy{
{
Name: "foobaz",
Domain: "domain",
Types: []string{"api", "fs", "rtmp", "srt"},
Resource: "/bar/*",
Actions: []string{"get", "head", "options"},
},
}, policies)
policies = m.GetFilteredPolicy("foobar", "group")
require.Equal(t, 0, len(policies))
}
func TestModelEnforce(t *testing.T) {
p := Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET", "play"},
}
m := NewModel("$superuser").(*model)
policies := m.GetFilteredPolicy("", "")
require.Equal(t, 0, len(policies))
m.addPolicy(p)
ok, _ := m.Enforce("$superuser", "xxx", "something", "/nothing", "anything")
require.True(t, ok)
ok, _ = m.Enforce("foobar", "domain", "rtmp", "/foo/bar/baz", "play")
require.True(t, ok)
ok, _ = m.Enforce("foobar", "domain", "rtmp", "/foo/bar/baz", "publish")
require.False(t, ok)
ok, _ = m.Enforce("foobar", "domain", "rtmp", "/fo/bar/baz", "play")
require.False(t, ok)
ok, _ = m.Enforce("foobar", "domain", "rtsp", "/foo/bar/baz", "play")
require.False(t, ok)
ok, _ = m.Enforce("foobar", "group", "rtmp", "/foo/bar/baz", "play")
require.False(t, ok)
ok, _ = m.Enforce("foobaz", "domain", "rtmp", "/foo/bar/baz", "play")
require.False(t, ok)
}
func TestModelClear(t *testing.T) {
p := Policy{
Name: "foobar",
Domain: "domain",
Types: []string{"fs", "API", "rtMp", "srt"},
Resource: "/foo/**",
Actions: []string{"Head", "OPtionS", "GET"},
}
m := NewModel("$superuser").(*model)
policies := m.GetFilteredPolicy("", "")
require.Equal(t, 0, len(policies))
m.addPolicy(p)
p.Resource = "/bar/*"
m.addPolicy(p)
p.Name = "foobaz"
m.addPolicy(p)
p.Domain = "group"
m.addPolicy(p)
policies = m.GetFilteredPolicy("", "")
require.Equal(t, 4, len(policies))
m.ClearPolicy()
policies = m.GetFilteredPolicy("", "")
require.Equal(t, 0, len(policies))
require.Empty(t, m.policies)
}