+30

rbac/rbac.go

··· 90 90 return err 91 91 } 92 92 93 93 + func (e *Enforcer) RemoveSpindle(spindle string) error { 94 94 + spindle = intoSpindle(spindle) 95 95 + _, err := e.E.DeleteDomains(spindle) 96 96 + return err 97 97 + } 98 98 + 93 99 func (e *Enforcer) GetKnotsForUser(did string) ([]string, error) { 94 100 keepFunc := isNotSpindle 95 101 stripFunc := unSpindle ··· 106 112 return e.addOwner(domain, owner) 107 113 } 108 114 115 115 + func (e *Enforcer) RemoveKnotOwner(domain, owner string) error { 116 116 + return e.removeOwner(domain, owner) 117 117 + } 118 118 + 109 119 func (e *Enforcer) AddKnotMember(domain, member string) error { 110 120 return e.addMember(domain, member) 111 121 } 112 122 123 123 + func (e *Enforcer) RemoveKnotMember(domain, member string) error { 124 124 + return e.removeMember(domain, member) 125 125 + } 126 126 + 113 127 func (e *Enforcer) AddSpindleOwner(domain, owner string) error { 114 128 return e.addOwner(intoSpindle(domain), owner) 115 129 } 116 130 131 131 + func (e *Enforcer) RemoveSpindleOwner(domain, owner string) error { 132 132 + return e.removeOwner(intoSpindle(domain), owner) 133 133 + } 134 134 + 117 135 func (e *Enforcer) AddSpindleMember(domain, member string) error { 118 136 return e.addMember(intoSpindle(domain), member) 137 137 + } 138 138 + 139 139 + func (e *Enforcer) RemoveSpindleMember(domain, member string) error { 140 140 + return e.removeMember(intoSpindle(domain), member) 119 141 } 120 142 121 143 func repoPolicies(member, domain, repo string) [][]string { ··· 194 216 195 217 slices.Sort(membersWithoutRoles) 196 218 return slices.Compact(membersWithoutRoles), nil 219 219 + } 220 220 + 221 221 + func (e *Enforcer) GetKnotUsersByRole(role, domain string) ([]string, error) { 222 222 + return e.GetUserByRole(role, domain) 223 223 + } 224 224 + 225 225 + func (e *Enforcer) GetSpindleUsersByRole(role, domain string) ([]string, error) { 226 226 + return e.GetUserByRole(role, intoSpindle(domain)) 197 227 } 198 228 199 229 func (e *Enforcer) GetUserByRoleInRepo(role, domain, repo string) ([]string, error) {

+148 -2

rbac/rbac_test.go

··· 214 214 assert.Contains(t, knots2, "example.com") 215 215 } 216 216 217 217 - func TestGetUserByRole(t *testing.T) { 217 217 + func TestGetKnotUsersByRole(t *testing.T) { 218 218 e := setup(t) 219 219 _ = e.AddKnot("example.com") 220 220 _ = e.AddKnotMember("example.com", "did:plc:foo") 221 221 _ = e.AddKnotOwner("example.com", "did:plc:bar") 222 222 223 223 - members, _ := e.GetUserByRole("server:member", "example.com") 223 223 + members, _ := e.GetKnotUsersByRole("server:member", "example.com") 224 224 + assert.Contains(t, members, "did:plc:foo") 225 225 + assert.Contains(t, members, "did:plc:bar") // due to inheritance 226 226 + } 227 227 + 228 228 + func TestGetSpindleUsersByRole(t *testing.T) { 229 229 + e := setup(t) 230 230 + _ = e.AddSpindle("example.com") 231 231 + _ = e.AddSpindleMember("example.com", "did:plc:foo") 232 232 + _ = e.AddSpindleOwner("example.com", "did:plc:bar") 233 233 + 234 234 + members, _ := e.GetSpindleUsersByRole("server:member", "example.com") 224 235 assert.Contains(t, members, "did:plc:foo") 225 236 assert.Contains(t, members, "did:plc:bar") // due to inheritance 226 237 } ··· 301 312 assert.NoError(t, err) 302 313 assert.True(t, ok) 303 314 } 315 315 + 316 316 + func TestRemoveKnotOwner(t *testing.T) { 317 317 + e := setup(t) 318 318 + 319 319 + err := e.AddKnot("k.com") 320 320 + assert.NoError(t, err) 321 321 + 322 322 + err = e.AddKnotOwner("k.com", "did:plc:foo") 323 323 + assert.NoError(t, err) 324 324 + 325 325 + knots, err := e.GetKnotsForUser("did:plc:foo") 326 326 + assert.NoError(t, err) 327 327 + assert.ElementsMatch(t, []string{ 328 328 + "k.com", 329 329 + }, knots) 330 330 + 331 331 + err = e.RemoveKnotOwner("k.com", "did:plc:foo") 332 332 + assert.NoError(t, err) 333 333 + 334 334 + knots, err = e.GetKnotsForUser("did:plc:foo") 335 335 + assert.NoError(t, err) 336 336 + assert.Empty(t, knots) 337 337 + } 338 338 + 339 339 + func TestRemoveKnotMember(t *testing.T) { 340 340 + e := setup(t) 341 341 + 342 342 + err := e.AddKnot("k.com") 343 343 + assert.NoError(t, err) 344 344 + 345 345 + err = e.AddKnotOwner("k.com", "did:plc:foo") 346 346 + assert.NoError(t, err) 347 347 + 348 348 + err = e.AddKnotMember("k.com", "did:plc:bar") 349 349 + assert.NoError(t, err) 350 350 + 351 351 + knots, err := e.GetKnotsForUser("did:plc:bar") 352 352 + assert.NoError(t, err) 353 353 + assert.ElementsMatch(t, []string{ 354 354 + "k.com", 355 355 + }, knots) 356 356 + 357 357 + err = e.RemoveKnotMember("k.com", "did:plc:bar") 358 358 + assert.NoError(t, err) 359 359 + 360 360 + knots, err = e.GetKnotsForUser("did:plc:bar") 361 361 + assert.NoError(t, err) 362 362 + assert.Empty(t, knots) 363 363 + } 364 364 + 365 365 + func TestRemoveSpindleOwner(t *testing.T) { 366 366 + e := setup(t) 367 367 + 368 368 + err := e.AddSpindle("s.com") 369 369 + assert.NoError(t, err) 370 370 + 371 371 + err = e.AddSpindleOwner("s.com", "did:plc:foo") 372 372 + assert.NoError(t, err) 373 373 + 374 374 + spindles, err := e.GetSpindlesForUser("did:plc:foo") 375 375 + assert.NoError(t, err) 376 376 + assert.ElementsMatch(t, []string{ 377 377 + "s.com", 378 378 + }, spindles) 379 379 + 380 380 + err = e.RemoveSpindleOwner("s.com", "did:plc:foo") 381 381 + assert.NoError(t, err) 382 382 + 383 383 + spindles, err = e.GetSpindlesForUser("did:plc:foo") 384 384 + assert.NoError(t, err) 385 385 + assert.Empty(t, spindles) 386 386 + } 387 387 + 388 388 + func TestRemoveSpindleMember(t *testing.T) { 389 389 + e := setup(t) 390 390 + 391 391 + err := e.AddSpindle("s.com") 392 392 + assert.NoError(t, err) 393 393 + 394 394 + err = e.AddSpindleOwner("s.com", "did:plc:foo") 395 395 + assert.NoError(t, err) 396 396 + 397 397 + err = e.AddSpindleMember("s.com", "did:plc:bar") 398 398 + assert.NoError(t, err) 399 399 + 400 400 + spindles, err := e.GetSpindlesForUser("did:plc:foo") 401 401 + assert.NoError(t, err) 402 402 + assert.ElementsMatch(t, []string{ 403 403 + "s.com", 404 404 + }, spindles) 405 405 + 406 406 + spindles, err = e.GetSpindlesForUser("did:plc:bar") 407 407 + assert.NoError(t, err) 408 408 + assert.ElementsMatch(t, []string{ 409 409 + "s.com", 410 410 + }, spindles) 411 411 + 412 412 + err = e.RemoveSpindleMember("s.com", "did:plc:bar") 413 413 + assert.NoError(t, err) 414 414 + 415 415 + spindles, err = e.GetSpindlesForUser("did:plc:bar") 416 416 + assert.NoError(t, err) 417 417 + assert.Empty(t, spindles) 418 418 + } 419 419 + 420 420 + func TestRemoveSpindle(t *testing.T) { 421 421 + e := setup(t) 422 422 + 423 423 + err := e.AddSpindle("s.com") 424 424 + assert.NoError(t, err) 425 425 + 426 426 + err = e.AddSpindleOwner("s.com", "did:plc:foo") 427 427 + assert.NoError(t, err) 428 428 + 429 429 + err = e.AddSpindleMember("s.com", "did:plc:bar") 430 430 + assert.NoError(t, err) 431 431 + 432 432 + users, err := e.GetSpindleUsersByRole("server:member", "s.com") 433 433 + assert.NoError(t, err) 434 434 + assert.ElementsMatch(t, []string{ 435 435 + "did:plc:foo", 436 436 + "did:plc:bar", 437 437 + }, users) 438 438 + 439 439 + err = e.RemoveSpindle("s.com") 440 440 + assert.NoError(t, err) 441 441 + 442 442 + // TODO: see this issue https://github.com/casbin/casbin/issues/1492 443 443 + // s, err := e.E.GetAllDomains() 444 444 + // assert.Empty(t, s) 445 445 + 446 446 + spindles, err := e.GetSpindleUsersByRole("server:member", "s.com") 447 447 + assert.NoError(t, err) 448 448 + assert.Empty(t, spindles) 449 449 + }

+10

rbac/util.go

··· 29 29 return err 30 30 } 31 31 32 32 + func (e *Enforcer) removeOwner(domain, owner string) error { 33 33 + _, err := e.E.RemoveGroupingPolicy(owner, "server:owner", domain) 34 34 + return err 35 35 + } 36 36 + 32 37 func (e *Enforcer) addMember(domain, member string) error { 33 38 _, err := e.E.AddGroupingPolicy(member, "server:member", domain) 39 39 + return err 40 40 + } 41 41 + 42 42 + func (e *Enforcer) removeMember(domain, member string) error { 43 43 + _, err := e.E.RemoveGroupingPolicy(member, "server:member", domain) 34 44 return err 35 45 } 36 46