commit 2975e4bd8ddaba00bb51a16bc0ccded4983863c1 · veryroundbird.house/core

+30

rbac/rbac.go

···

       90
       90
        
       	return err

     

       91
       91
        
       }

     

       92
       92
        
       

     

       93
       93
       +
       func (e *Enforcer) RemoveSpindle(spindle string) error {

     

       94
       94
       +
       	spindle = intoSpindle(spindle)

     

       95
       95
       +
       	_, err := e.E.DeleteDomains(spindle)

     

       96
       96
       +
       	return err

     

       97
       97
       +
       }

     

       98
       98
       +
       

     

       93
       99
        
       func (e *Enforcer) GetKnotsForUser(did string) ([]string, error) {

     

       94
       100
        
       	keepFunc := isNotSpindle

     

       95
       101
        
       	stripFunc := unSpindle

     
···

       106
       112
        
       	return e.addOwner(domain, owner)

     

       107
       113
        
       }

     

       108
       114
        
       

     

       115
       115
       +
       func (e *Enforcer) RemoveKnotOwner(domain, owner string) error {

     

       116
       116
       +
       	return e.removeOwner(domain, owner)

     

       117
       117
       +
       }

     

       118
       118
       +
       

     

       109
       119
        
       func (e *Enforcer) AddKnotMember(domain, member string) error {

     

       110
       120
        
       	return e.addMember(domain, member)

     

       111
       121
        
       }

     

       112
       122
        
       

     

       123
       123
       +
       func (e *Enforcer) RemoveKnotMember(domain, member string) error {

     

       124
       124
       +
       	return e.removeMember(domain, member)

     

       125
       125
       +
       }

     

       126
       126
       +
       

     

       113
       127
        
       func (e *Enforcer) AddSpindleOwner(domain, owner string) error {

     

       114
       128
        
       	return e.addOwner(intoSpindle(domain), owner)

     

       115
       129
        
       }

     

       116
       130
        
       

     

       131
       131
       +
       func (e *Enforcer) RemoveSpindleOwner(domain, owner string) error {

     

       132
       132
       +
       	return e.removeOwner(intoSpindle(domain), owner)

     

       133
       133
       +
       }

     

       134
       134
       +
       

     

       117
       135
        
       func (e *Enforcer) AddSpindleMember(domain, member string) error {

     

       118
       136
        
       	return e.addMember(intoSpindle(domain), member)

     

       137
       137
       +
       }

     

       138
       138
       +
       

     

       139
       139
       +
       func (e *Enforcer) RemoveSpindleMember(domain, member string) error {

     

       140
       140
       +
       	return e.removeMember(intoSpindle(domain), member)

     

       119
       141
        
       }

     

       120
       142
        
       

     

       121
       143
        
       func repoPolicies(member, domain, repo string) [][]string {

     
···

       194
       216
        
       

     

       195
       217
        
       	slices.Sort(membersWithoutRoles)

     

       196
       218
        
       	return slices.Compact(membersWithoutRoles), nil

     

       219
       219
       +
       }

     

       220
       220
       +
       

     

       221
       221
       +
       func (e *Enforcer) GetKnotUsersByRole(role, domain string) ([]string, error) {

     

       222
       222
       +
       	return e.GetUserByRole(role, domain)

     

       223
       223
       +
       }

     

       224
       224
       +
       

     

       225
       225
       +
       func (e *Enforcer) GetSpindleUsersByRole(role, domain string) ([]string, error) {

     

       226
       226
       +
       	return e.GetUserByRole(role, intoSpindle(domain))

     

       197
       227
        
       }

     

       198
       228
        
       

     

       199
       229
        
       func (e *Enforcer) GetUserByRoleInRepo(role, domain, repo string) ([]string, error) {

+148 -2

rbac/rbac_test.go

···

       214
       214
        
       	assert.Contains(t, knots2, "example.com")

     

       215
       215
        
       }

     

       216
       216
        
       

     

       217
       217
       -
       func TestGetUserByRole(t *testing.T) {

     

       217
       217
       +
       func TestGetKnotUsersByRole(t *testing.T) {

     

       218
       218
        
       	e := setup(t)

     

       219
       219
        
       	_ = e.AddKnot("example.com")

     

       220
       220
        
       	_ = e.AddKnotMember("example.com", "did:plc:foo")

     

       221
       221
        
       	_ = e.AddKnotOwner("example.com", "did:plc:bar")

     

       222
       222
        
       

     

       223
       223
       -
       	members, _ := e.GetUserByRole("server:member", "example.com")

     

       223
       223
       +
       	members, _ := e.GetKnotUsersByRole("server:member", "example.com")

     

       224
       224
       +
       	assert.Contains(t, members, "did:plc:foo")

     

       225
       225
       +
       	assert.Contains(t, members, "did:plc:bar") // due to inheritance

     

       226
       226
       +
       }

     

       227
       227
       +
       

     

       228
       228
       +
       func TestGetSpindleUsersByRole(t *testing.T) {

     

       229
       229
       +
       	e := setup(t)

     

       230
       230
       +
       	_ = e.AddSpindle("example.com")

     

       231
       231
       +
       	_ = e.AddSpindleMember("example.com", "did:plc:foo")

     

       232
       232
       +
       	_ = e.AddSpindleOwner("example.com", "did:plc:bar")

     

       233
       233
       +
       

     

       234
       234
       +
       	members, _ := e.GetSpindleUsersByRole("server:member", "example.com")

     

       224
       235
        
       	assert.Contains(t, members, "did:plc:foo")

     

       225
       236
        
       	assert.Contains(t, members, "did:plc:bar") // due to inheritance

     

       226
       237
        
       }

     
···

       301
       312
        
       	assert.NoError(t, err)

     

       302
       313
        
       	assert.True(t, ok)

     

       303
       314
        
       }

     

       315
       315
       +
       

     

       316
       316
       +
       func TestRemoveKnotOwner(t *testing.T) {

     

       317
       317
       +
       	e := setup(t)

     

       318
       318
       +
       

     

       319
       319
       +
       	err := e.AddKnot("k.com")

     

       320
       320
       +
       	assert.NoError(t, err)

     

       321
       321
       +
       

     

       322
       322
       +
       	err = e.AddKnotOwner("k.com", "did:plc:foo")

     

       323
       323
       +
       	assert.NoError(t, err)

     

       324
       324
       +
       

     

       325
       325
       +
       	knots, err := e.GetKnotsForUser("did:plc:foo")

     

       326
       326
       +
       	assert.NoError(t, err)

     

       327
       327
       +
       	assert.ElementsMatch(t, []string{

     

       328
       328
       +
       		"k.com",

     

       329
       329
       +
       	}, knots)

     

       330
       330
       +
       

     

       331
       331
       +
       	err = e.RemoveKnotOwner("k.com", "did:plc:foo")

     

       332
       332
       +
       	assert.NoError(t, err)

     

       333
       333
       +
       

     

       334
       334
       +
       	knots, err = e.GetKnotsForUser("did:plc:foo")

     

       335
       335
       +
       	assert.NoError(t, err)

     

       336
       336
       +
       	assert.Empty(t, knots)

     

       337
       337
       +
       }

     

       338
       338
       +
       

     

       339
       339
       +
       func TestRemoveKnotMember(t *testing.T) {

     

       340
       340
       +
       	e := setup(t)

     

       341
       341
       +
       

     

       342
       342
       +
       	err := e.AddKnot("k.com")

     

       343
       343
       +
       	assert.NoError(t, err)

     

       344
       344
       +
       

     

       345
       345
       +
       	err = e.AddKnotOwner("k.com", "did:plc:foo")

     

       346
       346
       +
       	assert.NoError(t, err)

     

       347
       347
       +
       

     

       348
       348
       +
       	err = e.AddKnotMember("k.com", "did:plc:bar")

     

       349
       349
       +
       	assert.NoError(t, err)

     

       350
       350
       +
       

     

       351
       351
       +
       	knots, err := e.GetKnotsForUser("did:plc:bar")

     

       352
       352
       +
       	assert.NoError(t, err)

     

       353
       353
       +
       	assert.ElementsMatch(t, []string{

     

       354
       354
       +
       		"k.com",

     

       355
       355
       +
       	}, knots)

     

       356
       356
       +
       

     

       357
       357
       +
       	err = e.RemoveKnotMember("k.com", "did:plc:bar")

     

       358
       358
       +
       	assert.NoError(t, err)

     

       359
       359
       +
       

     

       360
       360
       +
       	knots, err = e.GetKnotsForUser("did:plc:bar")

     

       361
       361
       +
       	assert.NoError(t, err)

     

       362
       362
       +
       	assert.Empty(t, knots)

     

       363
       363
       +
       }

     

       364
       364
       +
       

     

       365
       365
       +
       func TestRemoveSpindleOwner(t *testing.T) {

     

       366
       366
       +
       	e := setup(t)

     

       367
       367
       +
       

     

       368
       368
       +
       	err := e.AddSpindle("s.com")

     

       369
       369
       +
       	assert.NoError(t, err)

     

       370
       370
       +
       

     

       371
       371
       +
       	err = e.AddSpindleOwner("s.com", "did:plc:foo")

     

       372
       372
       +
       	assert.NoError(t, err)

     

       373
       373
       +
       

     

       374
       374
       +
       	spindles, err := e.GetSpindlesForUser("did:plc:foo")

     

       375
       375
       +
       	assert.NoError(t, err)

     

       376
       376
       +
       	assert.ElementsMatch(t, []string{

     

       377
       377
       +
       		"s.com",

     

       378
       378
       +
       	}, spindles)

     

       379
       379
       +
       

     

       380
       380
       +
       	err = e.RemoveSpindleOwner("s.com", "did:plc:foo")

     

       381
       381
       +
       	assert.NoError(t, err)

     

       382
       382
       +
       

     

       383
       383
       +
       	spindles, err = e.GetSpindlesForUser("did:plc:foo")

     

       384
       384
       +
       	assert.NoError(t, err)

     

       385
       385
       +
       	assert.Empty(t, spindles)

     

       386
       386
       +
       }

     

       387
       387
       +
       

     

       388
       388
       +
       func TestRemoveSpindleMember(t *testing.T) {

     

       389
       389
       +
       	e := setup(t)

     

       390
       390
       +
       

     

       391
       391
       +
       	err := e.AddSpindle("s.com")

     

       392
       392
       +
       	assert.NoError(t, err)

     

       393
       393
       +
       

     

       394
       394
       +
       	err = e.AddSpindleOwner("s.com", "did:plc:foo")

     

       395
       395
       +
       	assert.NoError(t, err)

     

       396
       396
       +
       

     

       397
       397
       +
       	err = e.AddSpindleMember("s.com", "did:plc:bar")

     

       398
       398
       +
       	assert.NoError(t, err)

     

       399
       399
       +
       

     

       400
       400
       +
       	spindles, err := e.GetSpindlesForUser("did:plc:foo")

     

       401
       401
       +
       	assert.NoError(t, err)

     

       402
       402
       +
       	assert.ElementsMatch(t, []string{

     

       403
       403
       +
       		"s.com",

     

       404
       404
       +
       	}, spindles)

     

       405
       405
       +
       

     

       406
       406
       +
       	spindles, err = e.GetSpindlesForUser("did:plc:bar")

     

       407
       407
       +
       	assert.NoError(t, err)

     

       408
       408
       +
       	assert.ElementsMatch(t, []string{

     

       409
       409
       +
       		"s.com",

     

       410
       410
       +
       	}, spindles)

     

       411
       411
       +
       

     

       412
       412
       +
       	err = e.RemoveSpindleMember("s.com", "did:plc:bar")

     

       413
       413
       +
       	assert.NoError(t, err)

     

       414
       414
       +
       

     

       415
       415
       +
       	spindles, err = e.GetSpindlesForUser("did:plc:bar")

     

       416
       416
       +
       	assert.NoError(t, err)

     

       417
       417
       +
       	assert.Empty(t, spindles)

     

       418
       418
       +
       }

     

       419
       419
       +
       

     

       420
       420
       +
       func TestRemoveSpindle(t *testing.T) {

     

       421
       421
       +
       	e := setup(t)

     

       422
       422
       +
       

     

       423
       423
       +
       	err := e.AddSpindle("s.com")

     

       424
       424
       +
       	assert.NoError(t, err)

     

       425
       425
       +
       

     

       426
       426
       +
       	err = e.AddSpindleOwner("s.com", "did:plc:foo")

     

       427
       427
       +
       	assert.NoError(t, err)

     

       428
       428
       +
       

     

       429
       429
       +
       	err = e.AddSpindleMember("s.com", "did:plc:bar")

     

       430
       430
       +
       	assert.NoError(t, err)

     

       431
       431
       +
       

     

       432
       432
       +
       	users, err := e.GetSpindleUsersByRole("server:member", "s.com")

     

       433
       433
       +
       	assert.NoError(t, err)

     

       434
       434
       +
       	assert.ElementsMatch(t, []string{

     

       435
       435
       +
       		"did:plc:foo",

     

       436
       436
       +
       		"did:plc:bar",

     

       437
       437
       +
       	}, users)

     

       438
       438
       +
       

     

       439
       439
       +
       	err = e.RemoveSpindle("s.com")

     

       440
       440
       +
       	assert.NoError(t, err)

     

       441
       441
       +
       

     

       442
       442
       +
       	// TODO: see this issue https://github.com/casbin/casbin/issues/1492

     

       443
       443
       +
       	// s, err := e.E.GetAllDomains()

     

       444
       444
       +
       	// assert.Empty(t, s)

     

       445
       445
       +
       

     

       446
       446
       +
       	spindles, err := e.GetSpindleUsersByRole("server:member", "s.com")

     

       447
       447
       +
       	assert.NoError(t, err)

     

       448
       448
       +
       	assert.Empty(t, spindles)

     

       449
       449
       +
       }

+10

rbac/util.go

···

       29
       29
        
       	return err

     

       30
       30
        
       }

     

       31
       31
        
       

     

       32
       32
       +
       func (e *Enforcer) removeOwner(domain, owner string) error {

     

       33
       33
       +
       	_, err := e.E.RemoveGroupingPolicy(owner, "server:owner", domain)

     

       34
       34
       +
       	return err

     

       35
       35
       +
       }

     

       36
       36
       +
       

     

       32
       37
        
       func (e *Enforcer) addMember(domain, member string) error {

     

       33
       38
        
       	_, err := e.E.AddGroupingPolicy(member, "server:member", domain)

     

       39
       39
       +
       	return err

     

       40
       40
       +
       }

     

       41
       41
       +
       

     

       42
       42
       +
       func (e *Enforcer) removeMember(domain, member string) error {

     

       43
       43
       +
       	_, err := e.E.RemoveGroupingPolicy(member, "server:member", domain)

     

       34
       44
        
       	return err

     

       35
       45
        
       }

     

       36
       46