Skip to content

Commit d982c05

Browse files
hsluoyzhsluoyz
committed
feat: add no-policy ABAC example and test (#523)
1 parent 368a15b commit d982c05

File tree

3 files changed

+27
-0
lines changed

3 files changed

+27
-0
lines changed

examples/abac_not_using_policy_model.conf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
[request_definition]
2+
r = sub, obj, act
3+
4+
[policy_definition]
5+
p = sub, obj, act, eft
6+
7+
[policy_effect]
8+
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
9+
10+
[matchers]
11+
m = r.sub == r.obj.Owner

examples/abac_rule_effect_policy.csv

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
p, alice, /data1, read, deny
2+
p, alice, /data1, write, allow
3+
p, bob, /data2, write, deny
4+
p, bob, /data2, read, allow

test/model.test.ts

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -189,6 +189,18 @@ test('TestABACModel', async () => {
189189
await testEnforce(e, 'bob', data2, 'write', true);
190190
});
191191

192+
test('TestABACNotUsingPolicy', async () => {
193+
const e = await newEnforcer('examples/abac_not_using_policy_model.conf', 'examples/abac_rule_effect_policy.csv');
194+
195+
const data1 = new TestResource('data1', 'alice');
196+
const data2 = new TestResource('data2', 'bob');
197+
198+
await testEnforce(e, 'alice', data1, 'read', true);
199+
await testEnforce(e, 'alice', data1, 'write', true);
200+
await testEnforce(e, 'alice', data2, 'read', false);
201+
await testEnforce(e, 'alice', data2, 'write', false);
202+
});
203+
192204
test('TestKeyMatchModel', async () => {
193205
const e = await newEnforcer('examples/keymatch_model.conf', 'examples/keymatch_policy.csv');
194206

0 commit comments

Comments
 (0)