From cc2963c11920b070ac8b9f03e4d7679de86ad540 Mon Sep 17 00:00:00 2001 From: Evren Yildiz Date: Tue, 23 Sep 2025 16:46:51 +0200 Subject: [PATCH 1/7] InternalEnforcer: added "useAdapter" param to methods for adding, updating and removing policies; ManagementEnforcer: added methods for adding, updating and removing policies only locally (without usage of adapter) --- src/internalEnforcer.ts | 50 ++++++--- src/managementEnforcer.ts | 214 ++++++++++++++++++++++++++++++++++---- 2 files changed, 234 insertions(+), 30 deletions(-) diff --git a/src/internalEnforcer.ts b/src/internalEnforcer.ts index 569d9c97..49c73e47 100644 --- a/src/internalEnforcer.ts +++ b/src/internalEnforcer.ts @@ -24,12 +24,18 @@ export class InternalEnforcer extends CoreEnforcer { /** * addPolicyInternal adds a rule to the current policy. */ - protected async addPolicyInternal(sec: string, ptype: string, rule: string[], useWatcher: boolean): Promise { + protected async addPolicyInternal( + sec: string, + ptype: string, + rule: string[], + useWatcher: boolean, + useAdapter: boolean + ): Promise { if (this.model.hasPolicy(sec, ptype, rule)) { return false; } - if (this.adapter && this.autoSave) { + if (this.adapter && this.autoSave && useAdapter) { try { await this.adapter.addPolicy(sec, ptype, rule); } catch (e) { @@ -60,14 +66,20 @@ export class InternalEnforcer extends CoreEnforcer { // addPolicies adds rules to the current policy. // removePolicies removes rules from the current policy. - protected async addPoliciesInternal(sec: string, ptype: string, rules: string[][], useWatcher: boolean): Promise { + protected async addPoliciesInternal( + sec: string, + ptype: string, + rules: string[][], + useWatcher: boolean, + useAdapter: boolean + ): Promise { for (const rule of rules) { if (this.model.hasPolicy(sec, ptype, rule)) { return false; } } - if (this.autoSave) { + if (this.autoSave && useAdapter) { if ('addPolicies' in this.adapter) { try { await this.adapter.addPolicies(sec, ptype, rules); @@ -107,13 +119,14 @@ export class InternalEnforcer extends CoreEnforcer { ptype: string, oldRule: string[], newRule: string[], - useWatcher: boolean + useWatcher: boolean, + useAdapter: boolean ): Promise { if (!this.model.hasPolicy(sec, ptype, oldRule)) { return false; } - if (this.autoSave) { + if (this.autoSave && useAdapter) { if ('updatePolicy' in this.adapter) { try { await this.adapter.updatePolicy(sec, ptype, oldRule, newRule); @@ -149,12 +162,18 @@ export class InternalEnforcer extends CoreEnforcer { /** * removePolicyInternal removes a rule from the current policy. */ - protected async removePolicyInternal(sec: string, ptype: string, rule: string[], useWatcher: boolean): Promise { + protected async removePolicyInternal( + sec: string, + ptype: string, + rule: string[], + useWatcher: boolean, + useAdapter: boolean + ): Promise { if (!this.model.hasPolicy(sec, ptype, rule)) { return false; } - if (this.adapter && this.autoSave) { + if (this.adapter && this.autoSave && useAdapter) { try { await this.adapter.removePolicy(sec, ptype, rule); } catch (e) { @@ -183,14 +202,20 @@ export class InternalEnforcer extends CoreEnforcer { } // removePolicies removes rules from the current policy. - protected async removePoliciesInternal(sec: string, ptype: string, rules: string[][], useWatcher: boolean): Promise { + protected async removePoliciesInternal( + sec: string, + ptype: string, + rules: string[][], + useWatcher: boolean, + useAdapter: boolean + ): Promise { for (const rule of rules) { if (!this.model.hasPolicy(sec, ptype, rule)) { return false; } } - if (this.autoSave) { + if (this.autoSave && useAdapter) { if ('removePolicies' in this.adapter) { try { await this.adapter.removePolicies(sec, ptype, rules); @@ -230,9 +255,10 @@ export class InternalEnforcer extends CoreEnforcer { ptype: string, fieldIndex: number, fieldValues: string[], - useWatcher: boolean + useWatcher: boolean, + useAdapter: boolean ): Promise { - if (this.adapter && this.autoSave) { + if (this.adapter && this.autoSave && useAdapter) { try { await this.adapter.removeFilteredPolicy(sec, ptype, fieldIndex, ...fieldValues); } catch (e) { diff --git a/src/managementEnforcer.ts b/src/managementEnforcer.ts index 1393c0d1..fcfb6f1c 100644 --- a/src/managementEnforcer.ts +++ b/src/managementEnforcer.ts @@ -260,7 +260,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async addNamedPolicy(ptype: string, ...params: string[]): Promise { - return this.addPolicyInternal('p', ptype, params, true); + return this.addPolicyInternal('p', ptype, params, true, true); } /** @@ -273,7 +273,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async addNamedPolicies(ptype: string, rules: string[][]): Promise { - return this.addPoliciesInternal('p', ptype, rules, true); + return this.addPoliciesInternal('p', ptype, rules, true, true); } /** @@ -300,7 +300,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async updateNamedPolicy(ptype: string, oldRule: string[], newRule: string[]): Promise { - return this.updatePolicyInternal('p', ptype, oldRule, newRule, true); + return this.updatePolicyInternal('p', ptype, oldRule, newRule, true, true); } /** @@ -343,7 +343,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeNamedPolicy(ptype: string, ...params: string[]): Promise { - return this.removePolicyInternal('p', ptype, params, true); + return this.removePolicyInternal('p', ptype, params, true, true); } /** @@ -354,7 +354,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeNamedPolicies(ptype: string, rules: string[][]): Promise { - return this.removePoliciesInternal('p', ptype, rules, true); + return this.removePoliciesInternal('p', ptype, rules, true, true); } /** @@ -367,7 +367,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeFilteredNamedPolicy(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { - return this.removeFilteredPolicyInternal('p', ptype, fieldIndex, fieldValues, true); + return this.removeFilteredPolicyInternal('p', ptype, fieldIndex, fieldValues, true, true); } /** @@ -425,7 +425,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async addNamedGroupingPolicy(ptype: string, ...params: string[]): Promise { - return this.addPolicyInternal('g', ptype, params, true); + return this.addPolicyInternal('g', ptype, params, true, true); } /** @@ -438,7 +438,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async addNamedGroupingPolicies(ptype: string, rules: string[][]): Promise { - return this.addPoliciesInternal('g', ptype, rules, true); + return this.addPoliciesInternal('g', ptype, rules, true, true); } /** @@ -481,7 +481,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeNamedGroupingPolicy(ptype: string, ...params: string[]): Promise { - return this.removePolicyInternal('g', ptype, params, true); + return this.removePolicyInternal('g', ptype, params, true, true); } /** @@ -492,7 +492,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeNamedGroupingPolicies(ptype: string, rules: string[][]): Promise { - return this.removePoliciesInternal('g', ptype, rules, true); + return this.removePoliciesInternal('g', ptype, rules, true, true); } /** @@ -505,7 +505,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeFilteredNamedGroupingPolicy(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { - return this.removeFilteredPolicyInternal('g', ptype, fieldIndex, fieldValues, true); + return this.removeFilteredPolicyInternal('g', ptype, fieldIndex, fieldValues, true, true); } /** @@ -528,7 +528,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async updateNamedGroupingPolicy(ptype: string, oldRule: string[], newRule: string[]): Promise { - return this.updatePolicyInternal('g', ptype, oldRule, newRule, true); + return this.updatePolicyInternal('g', ptype, oldRule, newRule, true, true); } /** @@ -541,26 +541,204 @@ export class ManagementEnforcer extends InternalEnforcer { } public async selfAddPolicy(sec: string, ptype: string, rule: string[]): Promise { - return this.addPolicyInternal(sec, ptype, rule, false); + return this.addPolicyInternal(sec, ptype, rule, false, true); } public async selfRemovePolicy(sec: string, ptype: string, rule: string[]): Promise { - return this.removePolicyInternal(sec, ptype, rule, false); + return this.removePolicyInternal(sec, ptype, rule, false, true); } public async selfRemoveFilteredPolicy(sec: string, ptype: string, fieldIndex: number, fieldValues: string[]): Promise { - return this.removeFilteredPolicyInternal(sec, ptype, fieldIndex, fieldValues, false); + return this.removeFilteredPolicyInternal(sec, ptype, fieldIndex, fieldValues, false, true); } public async selfUpdatePolicy(sec: string, ptype: string, oldRule: string[], newRule: string[]): Promise { - return this.updatePolicyInternal(sec, ptype, oldRule, newRule, false); + return this.updatePolicyInternal(sec, ptype, oldRule, newRule, false, true); } public async selfAddPolicies(sec: string, ptype: string, rule: string[][]): Promise { - return this.addPoliciesInternal(sec, ptype, rule, false); + return this.addPoliciesInternal(sec, ptype, rule, false, true); } public async selfRemovePolicies(sec: string, ptype: string, rule: string[][]): Promise { - return this.removePoliciesInternal(sec, ptype, rule, false); + return this.removePoliciesInternal(sec, ptype, rule, false, true); + } + + /** + * addPolicy adds an authorization rule to the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rule will not be added. + * Otherwise the function returns true by adding the new rule. + * + * @param params the "p" policy rule, ptype "p" is implicitly used. + * @return succeeds or not. + */ + public async addPolicyLocally(...params: string[]): Promise { + return this.addNamedPolicyLocally('p', ...params); + } + + /** + * addPolicies adds authorization rules to the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rules will not be added. + * Otherwise the function returns true by adding the new rules. + * + * @param rules the "p" policy rules, ptype "p" is implicitly used. + * @return succeeds or not. + */ + public async addPoliciesLocally(rules: string[][]): Promise { + return this.addNamedPoliciesLocally('p', rules); + } + + /** + * addNamedPolicy adds an authorization rule to the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rule will not be added. + * Otherwise the function returns true by adding the new rule. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param params the "p" policy rule. + * @return succeeds or not. + */ + public async addNamedPolicyLocally(ptype: string, ...params: string[]): Promise { + return this.addPolicyInternal('p', ptype, params, false, false); + } + + /** + * addNamedPolicies adds authorization rules to the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rules will not be added. + * Otherwise the function returns true by adding the new rules. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param rules the "p" policy rules. + * @return succeeds or not. + */ + public async addNamedPoliciesLocally(ptype: string, rules: string[][]): Promise { + return this.addPoliciesInternal('p', ptype, rules, false, false); + } + + /** + * updatePolicy updates an authorization rule from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule not exists, the function returns false. + * Otherwise the function returns true by changing it to the new rule. + * + * @return succeeds or not. + * @param oldRule the policy will be remove + * @param newRule the policy will be added + */ + public async updatePolicyLocally(oldRule: string[], newRule: string[]): Promise { + return this.updateNamedPolicyLocally('p', oldRule, newRule); + } + + /** + * updateNamedPolicy updates an authorization rule from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule not exists, the function returns false. + * Otherwise the function returns true by changing it to the new rule. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param oldRule the policy rule will be remove + * @param newRule the policy rule will be added + * @return succeeds or not. + */ + public async updateNamedPolicyLocally(ptype: string, oldRule: string[], newRule: string[]): Promise { + return this.updatePolicyInternal('p', ptype, oldRule, newRule, false, false); + } + + /** + * removePolicy removes an authorization rule from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param params the "p" policy rule, ptype "p" is implicitly used. + * @return succeeds or not. + */ + public async removePolicyLocally(...params: string[]): Promise { + return this.removeNamedPolicyLocally('p', ...params); + } + + /** + * removePolicies removes an authorization rules from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param rules the "p" policy rules, ptype "p" is implicitly used. + * @return succeeds or not. + */ + public async removePoliciesLocally(rules: string[][]): Promise { + return this.removeNamedPoliciesLocally('p', rules); + } + + /** + * removeFilteredPolicy removes an authorization rule from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * Field filters can be specified. + * + * @param fieldIndex the policy rule's start index to be matched. + * @param fieldValues the field values to be matched, value "" + * means not to match this field. + * @return succeeds or not. + */ + public async removeFilteredPolicyLocally(fieldIndex: number, ...fieldValues: string[]): Promise { + return this.removeFilteredNamedPolicyLocally('p', fieldIndex, ...fieldValues); + } + + /** + * removeNamedPolicy removes an authorization rule from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param params the "p" policy rule. + * @return succeeds or not. + */ + public async removeNamedPolicyLocally(ptype: string, ...params: string[]): Promise { + return this.removePolicyInternal('p', ptype, params, false, false); + } + + /** + * removeNamedPolicies removes authorization rules from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param rules the "p" policy rules. + * @return succeeds or not. + */ + public async removeNamedPoliciesLocally(ptype: string, rules: string[][]): Promise { + return this.removePoliciesInternal('p', ptype, rules, false, false); + } + + /** + * removeFilteredNamedPolicy removes an authorization rule from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * Field filters can be specified. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param fieldIndex the policy rule's start index to be matched. + * @param fieldValues the field values to be matched, value "" + * means not to match this field. + * @return succeeds or not. + */ + public async removeFilteredNamedPolicyLocally(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { + return this.removeFilteredPolicyInternal('p', ptype, fieldIndex, fieldValues, false, false); + } + + public async selfRemovePolicyLocally(sec: string, ptype: string, rule: string[]): Promise { + return this.removePolicyInternal(sec, ptype, rule, false, false); + } + + public async selfRemoveFilteredPolicyLocally(sec: string, ptype: string, fieldIndex: number, fieldValues: string[]): Promise { + return this.removeFilteredPolicyInternal(sec, ptype, fieldIndex, fieldValues, false, false); + } + + public async selfUpdatePolicyLocally(sec: string, ptype: string, oldRule: string[], newRule: string[]): Promise { + return this.updatePolicyInternal(sec, ptype, oldRule, newRule, false, false); + } + + public async selfAddPoliciesLocally(sec: string, ptype: string, rule: string[][]): Promise { + return this.addPoliciesInternal(sec, ptype, rule, false, false); + } + + public async selfRemovePoliciesLocally(sec: string, ptype: string, rule: string[][]): Promise { + return this.removePoliciesInternal(sec, ptype, rule, false, false); } } From 0f126fcdd128328e8594bce82343ede90be6c87c Mon Sep 17 00:00:00 2001 From: Evren Yildiz Date: Tue, 23 Sep 2025 16:52:38 +0200 Subject: [PATCH 2/7] fix removePolicyInternal in syncedEnforcer.ts --- src/syncedEnforcer.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/syncedEnforcer.ts b/src/syncedEnforcer.ts index bbc11461..aaec212a 100644 --- a/src/syncedEnforcer.ts +++ b/src/syncedEnforcer.ts @@ -366,7 +366,7 @@ export class SyncedEnforcer extends Enforcer { */ public async removeNamedPolicy(ptype: string, ...params: string[]): Promise { await this.lock.acquireAsync(); - return this.removePolicyInternal('p', ptype, params, true).finally(() => this.lock.release()); + return this.removePolicyInternal('p', ptype, params, true, true).finally(() => this.lock.release()); } /** From 19ede2ad8e6b8f4075125d2037beff9e457abea7 Mon Sep 17 00:00:00 2001 From: Evren Yildiz Date: Wed, 24 Sep 2025 10:34:31 +0200 Subject: [PATCH 3/7] added methods for adding, updating and removing grouping policies without adapter; added tests --- src/managementEnforcer.ts | 152 ++++++++++++++++++++++++ test/managementAPI.test.ts | 229 +++++++++++++++++++++++++++++++++++++ 2 files changed, 381 insertions(+) diff --git a/src/managementEnforcer.ts b/src/managementEnforcer.ts index fcfb6f1c..360183f0 100644 --- a/src/managementEnforcer.ts +++ b/src/managementEnforcer.ts @@ -722,6 +722,158 @@ export class ManagementEnforcer extends InternalEnforcer { return this.removeFilteredPolicyInternal('p', ptype, fieldIndex, fieldValues, false, false); } + /** + * addGroupingPolicy adds a role inheritance rule to the current policy. + * If the rule already exists, the function returns false and the rule will not be added. + * Otherwise the function returns true by adding the new rule. + * + * @param params the "g" policy rule, ptype "g" is implicitly used. + * @return succeeds or not. + */ + public async addGroupingPolicyLocally(...params: string[]): Promise { + return this.addNamedGroupingPolicyLocally('g', ...params); + } + + /** + * addGroupingPolicies adds a role inheritance rules to the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rules will not be added. + * Otherwise the function returns true by adding the new rules. + * + * @param rules the "g" policy rules, ptype "g" is implicitly used. + * @return succeeds or not. + */ + public async addGroupingPoliciesLocally(rules: string[][]): Promise { + return this.addNamedGroupingPoliciesLocally('g', rules); + } + + /** + * addNamedGroupingPolicy adds a named role inheritance rule to the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rule will not be added. + * Otherwise the function returns true by adding the new rule. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param params the "g" policy rule. + * @return succeeds or not. + */ + public async addNamedGroupingPolicyLocally(ptype: string, ...params: string[]): Promise { + return this.addPolicyInternal('g', ptype, params, false, false); + } + + /** + * addNamedGroupingPolicies adds named role inheritance rules to the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rules will not be added. + * Otherwise the function returns true by adding the new rules. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param rules the "g" policy rule. + * @return succeeds or not. + */ + public async addNamedGroupingPoliciesLocally(ptype: string, rules: string[][]): Promise { + return this.addPoliciesInternal('g', ptype, rules, false, false); + } + + /** + * removeGroupingPolicy removes a role inheritance rule from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param params the "g" policy rule, ptype "g" is implicitly used. + * @return succeeds or not. + */ + public async removeGroupingPolicyLocally(...params: string[]): Promise { + return this.removeNamedGroupingPolicyLocally('g', ...params); + } + + /** + * removeGroupingPolicies removes role inheritance rules from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param rules the "g" policy rules, ptype "g" is implicitly used. + * @return succeeds or not. + */ + public async removeGroupingPoliciesLocally(rules: string[][]): Promise { + return this.removeNamedGroupingPoliciesLocally('g', rules); + } + + /** + * removeFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param fieldIndex the policy rule's start index to be matched. + * @param fieldValues the field values to be matched, value "" + * means not to match this field. + * @return succeeds or not. + */ + public async removeFilteredGroupingPolicyLocally(fieldIndex: number, ...fieldValues: string[]): Promise { + return this.removeFilteredNamedGroupingPolicyLocally('g', fieldIndex, ...fieldValues); + } + + /** + * removeNamedGroupingPolicy removes a role inheritance rule from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param params the "g" policy rule. + * @return succeeds or not. + */ + public async removeNamedGroupingPolicyLocally(ptype: string, ...params: string[]): Promise { + return this.removePolicyInternal('g', ptype, params, false, false); + } + + /** + * removeNamedGroupingPolicies removes role inheritance rules from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param rules the "g" policy rules. + * @return succeeds or not. + */ + public async removeNamedGroupingPoliciesLocally(ptype: string, rules: string[][]): Promise { + return this.removePoliciesInternal('g', ptype, rules, false, false); + } + + /** + * removeFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * Field filters can be specified. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param fieldIndex the policy rule's start index to be matched. + * @param fieldValues the field values to be matched, value "" + * means not to match this field. + * @return succeeds or not. + */ + public async removeFilteredNamedGroupingPolicyLocally(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { + return this.removeFilteredPolicyInternal('g', ptype, fieldIndex, fieldValues, false, false); + } + + /** + * UpdateGroupingPolicy updates an rule to the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param oldRule the old rule. + * @param newRule the new rule. + * @return succeeds or not. + */ + public async updateGroupingPolicyLocally(oldRule: string[], newRule: string[]): Promise { + return this.updateNamedGroupingPolicyLocally('g', oldRule, newRule); + } + + /** + * updateNamedGroupingPolicy updates an rule to the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param oldRule the old rule. + * @param newRule the new rule. + * @return succeeds or not. + */ + public async updateNamedGroupingPolicyLocally(ptype: string, oldRule: string[], newRule: string[]): Promise { + return this.updatePolicyInternal('g', ptype, oldRule, newRule, false, false); + } + public async selfRemovePolicyLocally(sec: string, ptype: string, rule: string[]): Promise { return this.removePolicyInternal(sec, ptype, rule, false, false); } diff --git a/test/managementAPI.test.ts b/test/managementAPI.test.ts index 2afc92e6..7def4cc5 100644 --- a/test/managementAPI.test.ts +++ b/test/managementAPI.test.ts @@ -377,3 +377,232 @@ test('updateNamedGroupingPolicy', async () => { groupingPolicy = await e.getGroupingPolicy(); testArray2DEquals(groupingPolicy, [['alice', 'update_test']]); }); + +test('addPolicyLocally', async () => { + const p = ['eve', 'data3', 'read']; + const added = await e.addPolicyLocally(...p); + expect(added).toBe(true); + expect(await e.hasPolicy(...p)).toBe(true); +}); + +test('addPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const rules = [ + ['jack', 'data4', 'read'], + ['katy', 'data4', 'write'], + ['leyo', 'data4', 'read'], + ['ham', 'data4', 'write'], + ]; + const added = await e.addPoliciesLocally(rules); + expect(added).toBe(true); + for (const rule of rules) { + expect(await e.hasPolicy(...rule)).toBe(true); + } +}); + +test('addNamedPolicyLocally', async () => { + const p = ['eve', 'data3', 'read']; + const added = await e.addNamedPolicyLocally('p', ...p); + expect(added).toBe(true); + expect(await e.hasPolicy(...p)).toBe(true); +}); + +test('addNamedPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const rules = [ + ['jack', 'data4', 'read'], + ['katy', 'data4', 'write'], + ['leyo', 'data4', 'read'], + ['ham', 'data4', 'write'], + ]; + const added = await e.addNamedPoliciesLocally('p', rules); + expect(added).toBe(true); + for (const rule of rules) { + expect(await e.hasPolicy(...rule)).toBe(true); + } +}); + +test('updatePolicyLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const p = ['alice', 'data1', 'read']; + const q = ['alice', 'data2', 'read']; + const updated = await e.updatePolicyLocally(p, q); + expect(updated).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); + expect(await e.hasPolicy(...q)).toBe(true); +}); + +test('updateNamedPolicyLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const p = ['alice', 'data1', 'read']; + const q = ['alice', 'data2', 'read']; + const updated = await e.updateNamedPolicyLocally('p', p, q); + expect(updated).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); + expect(await e.hasPolicy(...q)).toBe(true); +}); + +test('removePolicyLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const p = ['alice', 'data1', 'read']; + const removed = await e.removePolicyLocally(...p); + expect(removed).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); +}); + +test('removePoliciesLocally', async () => { + const rules = [ + ['jack', 'data4', 'read'], + ['katy', 'data4', 'write'], + ['leyo', 'data4', 'read'], + ['ham', 'data4', 'write'], + ]; + const added = await e.addPoliciesLocally(rules); + expect(added).toBe(true); + const removed = await e.removePoliciesLocally(rules); + expect(removed).toBe(true); + for (const rule of rules) { + expect(await e.hasPolicy(...rule)).toBe(false); + } +}); + +test('removeFilteredPolicyLocally', async () => { + const p = ['alice', 'data1', 'read']; + const removed = await e.removeFilteredPolicyLocally(0, ...p); + expect(removed).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); +}); + +test('removeNamedPolicyLocally', async () => { + const p = ['alice', 'data1', 'read']; + const removed = await e.removeNamedPolicyLocally('p', ...p); + expect(removed).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); +}); + +test('removeNamedPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const rules = [ + ['jack', 'data4', 'read'], + ['katy', 'data4', 'write'], + ['leyo', 'data4', 'read'], + ['ham', 'data4', 'write'], + ]; + const added = await e.addPoliciesLocally(rules); + expect(added).toBe(true); + const removed = await e.removeNamedPoliciesLocally('p', rules); + expect(removed).toBe(true); + for (const rule of rules) { + expect(await e.hasPolicy(...rule)).toBe(false); + } +}); + +test('removeFilteredNamedPolicyLocally', async () => { + const p = ['alice', 'data1', 'read']; + const removed = await e.removeFilteredNamedPolicyLocally('p', 0, ...p); + expect(removed).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); +}); + +test('addGroupingPolicyLocally', async () => { + const added = await e.addGroupingPolicyLocally('group1', 'data2_admin'); + expect(added).toBe(true); +}); + +test('addGroupingPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const groupingRules = [ + ['ham', 'data4_admin'], + ['jack', 'data5_admin'], + ]; + const added = await e.addGroupingPoliciesLocally(groupingRules); + expect(added).toBe(true); +}); + +test('addNamedGroupingPolicyLocally', async () => { + const added = await e.addNamedGroupingPolicyLocally('g', 'group1', 'data2_admin'); + expect(added).toBe(true); +}); + +test('addNamedGroupingPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const groupingRules = [ + ['ham', 'data4_admin'], + ['jack', 'data5_admin'], + ]; + const added = await e.addNamedGroupingPoliciesLocally('g', groupingRules); + expect(added).toBe(true); +}); + +test('removeGroupingPolicyLocally', async () => { + const removed = await e.removeGroupingPolicyLocally('alice', 'data2_admin'); + expect(removed).toBe(true); +}); + +test('removeGroupingPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const groupingRules = [ + ['ham', 'data4_admin'], + ['jack', 'data5_admin'], + ]; + const added = await e.addGroupingPoliciesLocally(groupingRules); + expect(added).toBe(true); + const removed = await e.removeGroupingPoliciesLocally(groupingRules); + expect(removed).toBe(true); +}); + +test('removeFilteredGroupingPolicyLocally', async () => { + const removed = await e.removeFilteredGroupingPolicyLocally(0, 'alice'); + expect(removed).toBe(true); +}); + +test('removeFilteredNamedGroupingPolicyLocally', async () => { + const removed = await e.removeFilteredNamedGroupingPolicyLocally('g', 0, 'alice'); + expect(removed).toBe(true); +}); + +test('removeNamedGroupingPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const groupingRules = [ + ['ham', 'data4_admin'], + ['jack', 'data5_admin'], + ]; + const added = await e.addGroupingPoliciesLocally(groupingRules); + expect(added).toBe(true); + const removed = await e.removeNamedGroupingPoliciesLocally('g', groupingRules); + expect(removed).toBe(true); +}); + +test('updateGroupingPolicyLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + + let groupingPolicy = await e.getGroupingPolicy(); + testArray2DEquals(groupingPolicy, [['alice', 'data2_admin']]); + + const updated = e.updateGroupingPolicyLocally(['alice', 'data2_admin'], ['alice', 'update_test']); + groupingPolicy = await e.getGroupingPolicy(); + testArray2DEquals(groupingPolicy, [['alice', 'update_test']]); +}); + +test('updateNamedGroupingPolicyLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + + let groupingPolicy = await e.getGroupingPolicy(); + testArray2DEquals(groupingPolicy, [['alice', 'data2_admin']]); + + const updated = e.updateNamedGroupingPolicyLocally('g', ['alice', 'data2_admin'], ['alice', 'update_test']); + groupingPolicy = await e.getGroupingPolicy(); + testArray2DEquals(groupingPolicy, [['alice', 'update_test']]); +}); From 625487e91cd35aa170db13d73ae3aff0e4e98ddd Mon Sep 17 00:00:00 2001 From: Evren Yildiz Date: Wed, 24 Sep 2025 10:44:28 +0200 Subject: [PATCH 4/7] fix method summaries --- src/managementEnforcer.ts | 46 +++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/src/managementEnforcer.ts b/src/managementEnforcer.ts index 360183f0..442d157b 100644 --- a/src/managementEnforcer.ts +++ b/src/managementEnforcer.ts @@ -565,7 +565,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * addPolicy adds an authorization rule to the current policy without + * addPolicyLocally adds an authorization rule to the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rule will not be added. * Otherwise the function returns true by adding the new rule. @@ -578,7 +578,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * addPolicies adds authorization rules to the current policy without + * addPoliciesLocally adds authorization rules to the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rules will not be added. * Otherwise the function returns true by adding the new rules. @@ -591,7 +591,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * addNamedPolicy adds an authorization rule to the current named policy without + * addNamedPolicyLocally adds an authorization rule to the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rule will not be added. * Otherwise the function returns true by adding the new rule. @@ -605,7 +605,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * addNamedPolicies adds authorization rules to the current named policy without + * addNamedPoliciesLocally adds authorization rules to the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rules will not be added. * Otherwise the function returns true by adding the new rules. @@ -619,7 +619,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * updatePolicy updates an authorization rule from the current policy without + * updatePolicyLocally updates an authorization rule from the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule not exists, the function returns false. * Otherwise the function returns true by changing it to the new rule. @@ -633,7 +633,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * updateNamedPolicy updates an authorization rule from the current named policy without + * updateNamedPolicyLocally updates an authorization rule from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule not exists, the function returns false. * Otherwise the function returns true by changing it to the new rule. @@ -648,7 +648,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * removePolicy removes an authorization rule from the current policy without + * removePolicyLocally removes an authorization rule from the current policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param params the "p" policy rule, ptype "p" is implicitly used. @@ -659,7 +659,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * removePolicies removes an authorization rules from the current policy without + * removePoliciesLocally removes authorization rules from the current policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param rules the "p" policy rules, ptype "p" is implicitly used. @@ -684,7 +684,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * removeNamedPolicy removes an authorization rule from the current named policy without + * removeNamedPolicyLocally removes an authorization rule from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param ptype the policy type, can be "p", "p2", "p3", .. @@ -696,7 +696,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * removeNamedPolicies removes authorization rules from the current named policy without + * removeNamedPoliciesLocally removes authorization rules from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param ptype the policy type, can be "p", "p2", "p3", .. @@ -708,7 +708,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * removeFilteredNamedPolicy removes an authorization rule from the current named policy without + * removeFilteredNamedPolicyLocally removes an authorization rule from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * Field filters can be specified. * @@ -723,7 +723,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * addGroupingPolicy adds a role inheritance rule to the current policy. + * addGroupingPolicyLocally adds a role inheritance rule to the current policy. * If the rule already exists, the function returns false and the rule will not be added. * Otherwise the function returns true by adding the new rule. * @@ -735,7 +735,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * addGroupingPolicies adds a role inheritance rules to the current policy without + * addGroupingPoliciesLocally adds a role inheritance rules to the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rules will not be added. * Otherwise the function returns true by adding the new rules. @@ -748,7 +748,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * addNamedGroupingPolicy adds a named role inheritance rule to the current policy without + * addNamedGroupingPolicyLocally adds a named role inheritance rule to the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rule will not be added. * Otherwise the function returns true by adding the new rule. @@ -762,7 +762,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * addNamedGroupingPolicies adds named role inheritance rules to the current policy without + * addNamedGroupingPoliciesLocally adds named role inheritance rules to the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rules will not be added. * Otherwise the function returns true by adding the new rules. @@ -776,7 +776,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * removeGroupingPolicy removes a role inheritance rule from the current policy without + * removeGroupingPolicyLocally removes a role inheritance rule from the current policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param params the "g" policy rule, ptype "g" is implicitly used. @@ -787,7 +787,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * removeGroupingPolicies removes role inheritance rules from the current policy without + * removeGroupingPoliciesLocally removes role inheritance rules from the current policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param rules the "g" policy rules, ptype "g" is implicitly used. @@ -798,7 +798,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * removeFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified without + * removeFilteredGroupingPolicyLocally removes a role inheritance rule from the current policy, field filters can be specified without * persistence via the adapter and without calling the update() function of the watcher. * * @param fieldIndex the policy rule's start index to be matched. @@ -811,7 +811,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * removeNamedGroupingPolicy removes a role inheritance rule from the current named policy without + * removeNamedGroupingPolicyLocally removes a role inheritance rule from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param ptype the policy type, can be "g", "g2", "g3", .. @@ -823,7 +823,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * removeNamedGroupingPolicies removes role inheritance rules from the current named policy without + * removeNamedGroupingPoliciesLocally removes role inheritance rules from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param ptype the policy type, can be "g", "g2", "g3", .. @@ -835,7 +835,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * removeFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy without + * removeFilteredNamedGroupingPolicyLocally removes a role inheritance rule from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * Field filters can be specified. * @@ -850,7 +850,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * UpdateGroupingPolicy updates an rule to the current named policy without + * UpdateGroupingPolicyLocally updates an rule to the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param oldRule the old rule. @@ -862,7 +862,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * updateNamedGroupingPolicy updates an rule to the current named policy without + * updateNamedGroupingPolicyLocally updates an rule to the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param ptype the policy type, can be "g", "g2", "g3", .. From a33b6e38ab5ccdc1fd98d564558a1ca54d71f4c8 Mon Sep 17 00:00:00 2001 From: yiev Date: Wed, 24 Sep 2025 12:05:06 +0200 Subject: [PATCH 5/7] feat: added methods to enforcer for adding, removing and updating policies without usage of adapter (even if autoSave is true) --- src/internalEnforcer.ts | 50 +++-- src/managementEnforcer.ts | 367 +++++++++++++++++++++++++++++++++++-- src/syncedEnforcer.ts | 2 +- test/managementAPI.test.ts | 229 +++++++++++++++++++++++ 4 files changed, 617 insertions(+), 31 deletions(-) diff --git a/src/internalEnforcer.ts b/src/internalEnforcer.ts index 569d9c97..49c73e47 100644 --- a/src/internalEnforcer.ts +++ b/src/internalEnforcer.ts @@ -24,12 +24,18 @@ export class InternalEnforcer extends CoreEnforcer { /** * addPolicyInternal adds a rule to the current policy. */ - protected async addPolicyInternal(sec: string, ptype: string, rule: string[], useWatcher: boolean): Promise { + protected async addPolicyInternal( + sec: string, + ptype: string, + rule: string[], + useWatcher: boolean, + useAdapter: boolean + ): Promise { if (this.model.hasPolicy(sec, ptype, rule)) { return false; } - if (this.adapter && this.autoSave) { + if (this.adapter && this.autoSave && useAdapter) { try { await this.adapter.addPolicy(sec, ptype, rule); } catch (e) { @@ -60,14 +66,20 @@ export class InternalEnforcer extends CoreEnforcer { // addPolicies adds rules to the current policy. // removePolicies removes rules from the current policy. - protected async addPoliciesInternal(sec: string, ptype: string, rules: string[][], useWatcher: boolean): Promise { + protected async addPoliciesInternal( + sec: string, + ptype: string, + rules: string[][], + useWatcher: boolean, + useAdapter: boolean + ): Promise { for (const rule of rules) { if (this.model.hasPolicy(sec, ptype, rule)) { return false; } } - if (this.autoSave) { + if (this.autoSave && useAdapter) { if ('addPolicies' in this.adapter) { try { await this.adapter.addPolicies(sec, ptype, rules); @@ -107,13 +119,14 @@ export class InternalEnforcer extends CoreEnforcer { ptype: string, oldRule: string[], newRule: string[], - useWatcher: boolean + useWatcher: boolean, + useAdapter: boolean ): Promise { if (!this.model.hasPolicy(sec, ptype, oldRule)) { return false; } - if (this.autoSave) { + if (this.autoSave && useAdapter) { if ('updatePolicy' in this.adapter) { try { await this.adapter.updatePolicy(sec, ptype, oldRule, newRule); @@ -149,12 +162,18 @@ export class InternalEnforcer extends CoreEnforcer { /** * removePolicyInternal removes a rule from the current policy. */ - protected async removePolicyInternal(sec: string, ptype: string, rule: string[], useWatcher: boolean): Promise { + protected async removePolicyInternal( + sec: string, + ptype: string, + rule: string[], + useWatcher: boolean, + useAdapter: boolean + ): Promise { if (!this.model.hasPolicy(sec, ptype, rule)) { return false; } - if (this.adapter && this.autoSave) { + if (this.adapter && this.autoSave && useAdapter) { try { await this.adapter.removePolicy(sec, ptype, rule); } catch (e) { @@ -183,14 +202,20 @@ export class InternalEnforcer extends CoreEnforcer { } // removePolicies removes rules from the current policy. - protected async removePoliciesInternal(sec: string, ptype: string, rules: string[][], useWatcher: boolean): Promise { + protected async removePoliciesInternal( + sec: string, + ptype: string, + rules: string[][], + useWatcher: boolean, + useAdapter: boolean + ): Promise { for (const rule of rules) { if (!this.model.hasPolicy(sec, ptype, rule)) { return false; } } - if (this.autoSave) { + if (this.autoSave && useAdapter) { if ('removePolicies' in this.adapter) { try { await this.adapter.removePolicies(sec, ptype, rules); @@ -230,9 +255,10 @@ export class InternalEnforcer extends CoreEnforcer { ptype: string, fieldIndex: number, fieldValues: string[], - useWatcher: boolean + useWatcher: boolean, + useAdapter: boolean ): Promise { - if (this.adapter && this.autoSave) { + if (this.adapter && this.autoSave && useAdapter) { try { await this.adapter.removeFilteredPolicy(sec, ptype, fieldIndex, ...fieldValues); } catch (e) { diff --git a/src/managementEnforcer.ts b/src/managementEnforcer.ts index 1393c0d1..4ce79973 100644 --- a/src/managementEnforcer.ts +++ b/src/managementEnforcer.ts @@ -260,7 +260,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async addNamedPolicy(ptype: string, ...params: string[]): Promise { - return this.addPolicyInternal('p', ptype, params, true); + return this.addPolicyInternal('p', ptype, params, true, true); } /** @@ -273,7 +273,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async addNamedPolicies(ptype: string, rules: string[][]): Promise { - return this.addPoliciesInternal('p', ptype, rules, true); + return this.addPoliciesInternal('p', ptype, rules, true, true); } /** @@ -300,7 +300,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async updateNamedPolicy(ptype: string, oldRule: string[], newRule: string[]): Promise { - return this.updatePolicyInternal('p', ptype, oldRule, newRule, true); + return this.updatePolicyInternal('p', ptype, oldRule, newRule, true, true); } /** @@ -343,7 +343,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeNamedPolicy(ptype: string, ...params: string[]): Promise { - return this.removePolicyInternal('p', ptype, params, true); + return this.removePolicyInternal('p', ptype, params, true, true); } /** @@ -354,7 +354,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeNamedPolicies(ptype: string, rules: string[][]): Promise { - return this.removePoliciesInternal('p', ptype, rules, true); + return this.removePoliciesInternal('p', ptype, rules, true, true); } /** @@ -367,7 +367,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeFilteredNamedPolicy(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { - return this.removeFilteredPolicyInternal('p', ptype, fieldIndex, fieldValues, true); + return this.removeFilteredPolicyInternal('p', ptype, fieldIndex, fieldValues, true, true); } /** @@ -425,7 +425,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async addNamedGroupingPolicy(ptype: string, ...params: string[]): Promise { - return this.addPolicyInternal('g', ptype, params, true); + return this.addPolicyInternal('g', ptype, params, true, true); } /** @@ -438,7 +438,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async addNamedGroupingPolicies(ptype: string, rules: string[][]): Promise { - return this.addPoliciesInternal('g', ptype, rules, true); + return this.addPoliciesInternal('g', ptype, rules, true, true); } /** @@ -481,7 +481,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeNamedGroupingPolicy(ptype: string, ...params: string[]): Promise { - return this.removePolicyInternal('g', ptype, params, true); + return this.removePolicyInternal('g', ptype, params, true, true); } /** @@ -492,7 +492,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeNamedGroupingPolicies(ptype: string, rules: string[][]): Promise { - return this.removePoliciesInternal('g', ptype, rules, true); + return this.removePoliciesInternal('g', ptype, rules, true, true); } /** @@ -505,7 +505,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async removeFilteredNamedGroupingPolicy(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { - return this.removeFilteredPolicyInternal('g', ptype, fieldIndex, fieldValues, true); + return this.removeFilteredPolicyInternal('g', ptype, fieldIndex, fieldValues, true, true); } /** @@ -528,7 +528,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @return succeeds or not. */ public async updateNamedGroupingPolicy(ptype: string, oldRule: string[], newRule: string[]): Promise { - return this.updatePolicyInternal('g', ptype, oldRule, newRule, true); + return this.updatePolicyInternal('g', ptype, oldRule, newRule, true, true); } /** @@ -541,26 +541,357 @@ export class ManagementEnforcer extends InternalEnforcer { } public async selfAddPolicy(sec: string, ptype: string, rule: string[]): Promise { - return this.addPolicyInternal(sec, ptype, rule, false); + return this.addPolicyInternal(sec, ptype, rule, false, true); } public async selfRemovePolicy(sec: string, ptype: string, rule: string[]): Promise { - return this.removePolicyInternal(sec, ptype, rule, false); + return this.removePolicyInternal(sec, ptype, rule, false, true); } public async selfRemoveFilteredPolicy(sec: string, ptype: string, fieldIndex: number, fieldValues: string[]): Promise { - return this.removeFilteredPolicyInternal(sec, ptype, fieldIndex, fieldValues, false); + return this.removeFilteredPolicyInternal(sec, ptype, fieldIndex, fieldValues, false, true); } public async selfUpdatePolicy(sec: string, ptype: string, oldRule: string[], newRule: string[]): Promise { - return this.updatePolicyInternal(sec, ptype, oldRule, newRule, false); + return this.updatePolicyInternal(sec, ptype, oldRule, newRule, false, true); } public async selfAddPolicies(sec: string, ptype: string, rule: string[][]): Promise { - return this.addPoliciesInternal(sec, ptype, rule, false); + return this.addPoliciesInternal(sec, ptype, rule, false, true); } public async selfRemovePolicies(sec: string, ptype: string, rule: string[][]): Promise { - return this.removePoliciesInternal(sec, ptype, rule, false); + return this.removePoliciesInternal(sec, ptype, rule, false, true); + } + + /** + * addPolicyLocally adds an authorization rule to the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rule will not be added. + * Otherwise the function returns true by adding the new rule. + * + * @param params the "p" policy rule, ptype "p" is implicitly used. + * @return succeeds or not. + */ + public async addPolicyLocally(...params: string[]): Promise { + return this.addNamedPolicyLocally('p', ...params); + } + + /** + * addPoliciesLocally adds authorization rules to the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rules will not be added. + * Otherwise the function returns true by adding the new rules. + * + * @param rules the "p" policy rules, ptype "p" is implicitly used. + * @return succeeds or not. + */ + public async addPoliciesLocally(rules: string[][]): Promise { + return this.addNamedPoliciesLocally('p', rules); + } + + /** + * addNamedPolicyLocally adds an authorization rule to the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rule will not be added. + * Otherwise the function returns true by adding the new rule. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param params the "p" policy rule. + * @return succeeds or not. + */ + public async addNamedPolicyLocally(ptype: string, ...params: string[]): Promise { + return this.addPolicyInternal('p', ptype, params, false, false); + } + + /** + * addNamedPoliciesLocally adds authorization rules to the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rules will not be added. + * Otherwise the function returns true by adding the new rules. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param rules the "p" policy rules. + * @return succeeds or not. + */ + public async addNamedPoliciesLocally(ptype: string, rules: string[][]): Promise { + return this.addPoliciesInternal('p', ptype, rules, false, false); + } + + /** + * updatePolicyLocally updates an authorization rule from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule not exists, the function returns false. + * Otherwise the function returns true by changing it to the new rule. + * + * @return succeeds or not. + * @param oldRule the policy will be remove + * @param newRule the policy will be added + */ + public async updatePolicyLocally(oldRule: string[], newRule: string[]): Promise { + return this.updateNamedPolicyLocally('p', oldRule, newRule); + } + + /** + * updateNamedPolicyLocally updates an authorization rule from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule not exists, the function returns false. + * Otherwise the function returns true by changing it to the new rule. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param oldRule the policy rule will be remove + * @param newRule the policy rule will be added + * @return succeeds or not. + */ + public async updateNamedPolicyLocally(ptype: string, oldRule: string[], newRule: string[]): Promise { + return this.updatePolicyInternal('p', ptype, oldRule, newRule, false, false); + } + + /** + * removePolicyLocally removes an authorization rule from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param params the "p" policy rule, ptype "p" is implicitly used. + * @return succeeds or not. + */ + public async removePolicyLocally(...params: string[]): Promise { + return this.removeNamedPolicyLocally('p', ...params); + } + + /** + * removePoliciesLocally removes authorization rules from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param rules the "p" policy rules, ptype "p" is implicitly used. + * @return succeeds or not. + */ + public async removePoliciesLocally(rules: string[][]): Promise { + return this.removeNamedPoliciesLocally('p', rules); + } + + /** + * removeFilteredPolicy removes an authorization rule from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * Field filters can be specified. + * + * @param fieldIndex the policy rule's start index to be matched. + * @param fieldValues the field values to be matched, value "" + * means not to match this field. + * @return succeeds or not. + */ + public async removeFilteredPolicyLocally(fieldIndex: number, ...fieldValues: string[]): Promise { + return this.removeFilteredNamedPolicyLocally('p', fieldIndex, ...fieldValues); + } + + /** + * removeNamedPolicyLocally removes an authorization rule from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param params the "p" policy rule. + * @return succeeds or not. + */ + public async removeNamedPolicyLocally(ptype: string, ...params: string[]): Promise { + return this.removePolicyInternal('p', ptype, params, false, false); + } + + /** + * removeNamedPoliciesLocally removes authorization rules from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param rules the "p" policy rules. + * @return succeeds or not. + */ + public async removeNamedPoliciesLocally(ptype: string, rules: string[][]): Promise { + return this.removePoliciesInternal('p', ptype, rules, false, false); + } + + /** + * removeFilteredNamedPolicyLocally removes an authorization rule from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * Field filters can be specified. + * + * @param ptype the policy type, can be "p", "p2", "p3", .. + * @param fieldIndex the policy rule's start index to be matched. + * @param fieldValues the field values to be matched, value "" + * means not to match this field. + * @return succeeds or not. + */ + public async removeFilteredNamedPolicyLocally(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { + return this.removeFilteredPolicyInternal('p', ptype, fieldIndex, fieldValues, false, false); + } + + /** + * addGroupingPolicyLocally adds a role inheritance rule to the current policy. + * If the rule already exists, the function returns false and the rule will not be added. + * Otherwise the function returns true by adding the new rule. + * + * @param params the "g" policy rule, ptype "g" is implicitly used. + * @return succeeds or not. + */ + public async addGroupingPolicyLocally(...params: string[]): Promise { + return this.addNamedGroupingPolicyLocally('g', ...params); + } + + /** + * addGroupingPoliciesLocally adds a role inheritance rules to the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rules will not be added. + * Otherwise the function returns true by adding the new rules. + * + * @param rules the "g" policy rules, ptype "g" is implicitly used. + * @return succeeds or not. + */ + public async addGroupingPoliciesLocally(rules: string[][]): Promise { + return this.addNamedGroupingPoliciesLocally('g', rules); + } + + /** + * addNamedGroupingPolicyLocally adds a named role inheritance rule to the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rule will not be added. + * Otherwise the function returns true by adding the new rule. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param params the "g" policy rule. + * @return succeeds or not. + */ + public async addNamedGroupingPolicyLocally(ptype: string, ...params: string[]): Promise { + return this.addPolicyInternal('g', ptype, params, false, false); + } + + /** + * addNamedGroupingPoliciesLocally adds named role inheritance rules to the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * If the rule already exists, the function returns false and the rules will not be added. + * Otherwise the function returns true by adding the new rules. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param rules the "g" policy rule. + * @return succeeds or not. + */ + public async addNamedGroupingPoliciesLocally(ptype: string, rules: string[][]): Promise { + return this.addPoliciesInternal('g', ptype, rules, false, false); + } + + /** + * removeGroupingPolicyLocally removes a role inheritance rule from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param params the "g" policy rule, ptype "g" is implicitly used. + * @return succeeds or not. + */ + public async removeGroupingPolicyLocally(...params: string[]): Promise { + return this.removeNamedGroupingPolicyLocally('g', ...params); + } + + /** + * removeGroupingPoliciesLocally removes role inheritance rules from the current policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param rules the "g" policy rules, ptype "g" is implicitly used. + * @return succeeds or not. + */ + public async removeGroupingPoliciesLocally(rules: string[][]): Promise { + return this.removeNamedGroupingPoliciesLocally('g', rules); + } + + /** + * removeFilteredGroupingPolicyLocally removes a role inheritance rule from the current policy, field filters can be specified without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param fieldIndex the policy rule's start index to be matched. + * @param fieldValues the field values to be matched, value "" + * means not to match this field. + * @return succeeds or not. + */ + public async removeFilteredGroupingPolicyLocally(fieldIndex: number, ...fieldValues: string[]): Promise { + return this.removeFilteredNamedGroupingPolicyLocally('g', fieldIndex, ...fieldValues); + } + + /** + * removeNamedGroupingPolicyLocally removes a role inheritance rule from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param params the "g" policy rule. + * @return succeeds or not. + */ + public async removeNamedGroupingPolicyLocally(ptype: string, ...params: string[]): Promise { + return this.removePolicyInternal('g', ptype, params, false, false); + } + + /** + * removeNamedGroupingPoliciesLocally removes role inheritance rules from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param rules the "g" policy rules. + * @return succeeds or not. + */ + public async removeNamedGroupingPoliciesLocally(ptype: string, rules: string[][]): Promise { + return this.removePoliciesInternal('g', ptype, rules, false, false); + } + + /** + * removeFilteredNamedGroupingPolicyLocally removes a role inheritance rule from the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * Field filters can be specified. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param fieldIndex the policy rule's start index to be matched. + * @param fieldValues the field values to be matched, value "" + * means not to match this field. + * @return succeeds or not. + */ + public async removeFilteredNamedGroupingPolicyLocally(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { + return this.removeFilteredPolicyInternal('g', ptype, fieldIndex, fieldValues, false, false); + } + + /** + * UpdateGroupingPolicyLocally updates an rule to the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param oldRule the old rule. + * @param newRule the new rule. + * @return succeeds or not. + */ + public async updateGroupingPolicyLocally(oldRule: string[], newRule: string[]): Promise { + return this.updateNamedGroupingPolicyLocally('g', oldRule, newRule); + } + + /** + * updateNamedGroupingPolicyLocally updates an rule to the current named policy without + * persistence via the adapter and without calling the update() function of the watcher. + * + * @param ptype the policy type, can be "g", "g2", "g3", .. + * @param oldRule the old rule. + * @param newRule the new rule. + * @return succeeds or not. + */ + public async updateNamedGroupingPolicyLocally(ptype: string, oldRule: string[], newRule: string[]): Promise { + return this.updatePolicyInternal('g', ptype, oldRule, newRule, false, false); + } + + public async selfRemovePolicyLocally(sec: string, ptype: string, rule: string[]): Promise { + return this.removePolicyInternal(sec, ptype, rule, false, false); + } + + public async selfRemoveFilteredPolicyLocally(sec: string, ptype: string, fieldIndex: number, fieldValues: string[]): Promise { + return this.removeFilteredPolicyInternal(sec, ptype, fieldIndex, fieldValues, false, false); + } + + public async selfUpdatePolicyLocally(sec: string, ptype: string, oldRule: string[], newRule: string[]): Promise { + return this.updatePolicyInternal(sec, ptype, oldRule, newRule, false, false); + } + + public async selfAddPoliciesLocally(sec: string, ptype: string, rule: string[][]): Promise { + return this.addPoliciesInternal(sec, ptype, rule, false, false); + } + + public async selfRemovePoliciesLocally(sec: string, ptype: string, rule: string[][]): Promise { + return this.removePoliciesInternal(sec, ptype, rule, false, false); } } + diff --git a/src/syncedEnforcer.ts b/src/syncedEnforcer.ts index bbc11461..aaec212a 100644 --- a/src/syncedEnforcer.ts +++ b/src/syncedEnforcer.ts @@ -366,7 +366,7 @@ export class SyncedEnforcer extends Enforcer { */ public async removeNamedPolicy(ptype: string, ...params: string[]): Promise { await this.lock.acquireAsync(); - return this.removePolicyInternal('p', ptype, params, true).finally(() => this.lock.release()); + return this.removePolicyInternal('p', ptype, params, true, true).finally(() => this.lock.release()); } /** diff --git a/test/managementAPI.test.ts b/test/managementAPI.test.ts index 2afc92e6..7def4cc5 100644 --- a/test/managementAPI.test.ts +++ b/test/managementAPI.test.ts @@ -377,3 +377,232 @@ test('updateNamedGroupingPolicy', async () => { groupingPolicy = await e.getGroupingPolicy(); testArray2DEquals(groupingPolicy, [['alice', 'update_test']]); }); + +test('addPolicyLocally', async () => { + const p = ['eve', 'data3', 'read']; + const added = await e.addPolicyLocally(...p); + expect(added).toBe(true); + expect(await e.hasPolicy(...p)).toBe(true); +}); + +test('addPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const rules = [ + ['jack', 'data4', 'read'], + ['katy', 'data4', 'write'], + ['leyo', 'data4', 'read'], + ['ham', 'data4', 'write'], + ]; + const added = await e.addPoliciesLocally(rules); + expect(added).toBe(true); + for (const rule of rules) { + expect(await e.hasPolicy(...rule)).toBe(true); + } +}); + +test('addNamedPolicyLocally', async () => { + const p = ['eve', 'data3', 'read']; + const added = await e.addNamedPolicyLocally('p', ...p); + expect(added).toBe(true); + expect(await e.hasPolicy(...p)).toBe(true); +}); + +test('addNamedPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const rules = [ + ['jack', 'data4', 'read'], + ['katy', 'data4', 'write'], + ['leyo', 'data4', 'read'], + ['ham', 'data4', 'write'], + ]; + const added = await e.addNamedPoliciesLocally('p', rules); + expect(added).toBe(true); + for (const rule of rules) { + expect(await e.hasPolicy(...rule)).toBe(true); + } +}); + +test('updatePolicyLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const p = ['alice', 'data1', 'read']; + const q = ['alice', 'data2', 'read']; + const updated = await e.updatePolicyLocally(p, q); + expect(updated).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); + expect(await e.hasPolicy(...q)).toBe(true); +}); + +test('updateNamedPolicyLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const p = ['alice', 'data1', 'read']; + const q = ['alice', 'data2', 'read']; + const updated = await e.updateNamedPolicyLocally('p', p, q); + expect(updated).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); + expect(await e.hasPolicy(...q)).toBe(true); +}); + +test('removePolicyLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const p = ['alice', 'data1', 'read']; + const removed = await e.removePolicyLocally(...p); + expect(removed).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); +}); + +test('removePoliciesLocally', async () => { + const rules = [ + ['jack', 'data4', 'read'], + ['katy', 'data4', 'write'], + ['leyo', 'data4', 'read'], + ['ham', 'data4', 'write'], + ]; + const added = await e.addPoliciesLocally(rules); + expect(added).toBe(true); + const removed = await e.removePoliciesLocally(rules); + expect(removed).toBe(true); + for (const rule of rules) { + expect(await e.hasPolicy(...rule)).toBe(false); + } +}); + +test('removeFilteredPolicyLocally', async () => { + const p = ['alice', 'data1', 'read']; + const removed = await e.removeFilteredPolicyLocally(0, ...p); + expect(removed).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); +}); + +test('removeNamedPolicyLocally', async () => { + const p = ['alice', 'data1', 'read']; + const removed = await e.removeNamedPolicyLocally('p', ...p); + expect(removed).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); +}); + +test('removeNamedPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const rules = [ + ['jack', 'data4', 'read'], + ['katy', 'data4', 'write'], + ['leyo', 'data4', 'read'], + ['ham', 'data4', 'write'], + ]; + const added = await e.addPoliciesLocally(rules); + expect(added).toBe(true); + const removed = await e.removeNamedPoliciesLocally('p', rules); + expect(removed).toBe(true); + for (const rule of rules) { + expect(await e.hasPolicy(...rule)).toBe(false); + } +}); + +test('removeFilteredNamedPolicyLocally', async () => { + const p = ['alice', 'data1', 'read']; + const removed = await e.removeFilteredNamedPolicyLocally('p', 0, ...p); + expect(removed).toBe(true); + expect(await e.hasPolicy(...p)).toBe(false); +}); + +test('addGroupingPolicyLocally', async () => { + const added = await e.addGroupingPolicyLocally('group1', 'data2_admin'); + expect(added).toBe(true); +}); + +test('addGroupingPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const groupingRules = [ + ['ham', 'data4_admin'], + ['jack', 'data5_admin'], + ]; + const added = await e.addGroupingPoliciesLocally(groupingRules); + expect(added).toBe(true); +}); + +test('addNamedGroupingPolicyLocally', async () => { + const added = await e.addNamedGroupingPolicyLocally('g', 'group1', 'data2_admin'); + expect(added).toBe(true); +}); + +test('addNamedGroupingPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const groupingRules = [ + ['ham', 'data4_admin'], + ['jack', 'data5_admin'], + ]; + const added = await e.addNamedGroupingPoliciesLocally('g', groupingRules); + expect(added).toBe(true); +}); + +test('removeGroupingPolicyLocally', async () => { + const removed = await e.removeGroupingPolicyLocally('alice', 'data2_admin'); + expect(removed).toBe(true); +}); + +test('removeGroupingPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const groupingRules = [ + ['ham', 'data4_admin'], + ['jack', 'data5_admin'], + ]; + const added = await e.addGroupingPoliciesLocally(groupingRules); + expect(added).toBe(true); + const removed = await e.removeGroupingPoliciesLocally(groupingRules); + expect(removed).toBe(true); +}); + +test('removeFilteredGroupingPolicyLocally', async () => { + const removed = await e.removeFilteredGroupingPolicyLocally(0, 'alice'); + expect(removed).toBe(true); +}); + +test('removeFilteredNamedGroupingPolicyLocally', async () => { + const removed = await e.removeFilteredNamedGroupingPolicyLocally('g', 0, 'alice'); + expect(removed).toBe(true); +}); + +test('removeNamedGroupingPoliciesLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + const groupingRules = [ + ['ham', 'data4_admin'], + ['jack', 'data5_admin'], + ]; + const added = await e.addGroupingPoliciesLocally(groupingRules); + expect(added).toBe(true); + const removed = await e.removeNamedGroupingPoliciesLocally('g', groupingRules); + expect(removed).toBe(true); +}); + +test('updateGroupingPolicyLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + + let groupingPolicy = await e.getGroupingPolicy(); + testArray2DEquals(groupingPolicy, [['alice', 'data2_admin']]); + + const updated = e.updateGroupingPolicyLocally(['alice', 'data2_admin'], ['alice', 'update_test']); + groupingPolicy = await e.getGroupingPolicy(); + testArray2DEquals(groupingPolicy, [['alice', 'update_test']]); +}); + +test('updateNamedGroupingPolicyLocally', async () => { + const a = new FileAdapter('examples/rbac_policy.csv'); + e.setAdapter(a); + + let groupingPolicy = await e.getGroupingPolicy(); + testArray2DEquals(groupingPolicy, [['alice', 'data2_admin']]); + + const updated = e.updateNamedGroupingPolicyLocally('g', ['alice', 'data2_admin'], ['alice', 'update_test']); + groupingPolicy = await e.getGroupingPolicy(); + testArray2DEquals(groupingPolicy, [['alice', 'update_test']]); +}); From 399da27860e41d37a499818803525e87c10ba127 Mon Sep 17 00:00:00 2001 From: yiev Date: Wed, 24 Sep 2025 12:10:09 +0200 Subject: [PATCH 6/7] fix: lint error --- src/managementEnforcer.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/managementEnforcer.ts b/src/managementEnforcer.ts index 4ce79973..442d157b 100644 --- a/src/managementEnforcer.ts +++ b/src/managementEnforcer.ts @@ -894,4 +894,3 @@ export class ManagementEnforcer extends InternalEnforcer { return this.removePoliciesInternal(sec, ptype, rule, false, false); } } - From a64eada04278a73463f88dd22aee43b68def7fd7 Mon Sep 17 00:00:00 2001 From: yiev Date: Mon, 29 Sep 2025 16:41:57 +0200 Subject: [PATCH 7/7] refactor: renamed names of new methods, removed redundant methods --- src/managementEnforcer.ts | 140 ++++++++++++++++--------------------- test/managementAPI.test.ts | 100 +++++++++++++------------- 2 files changed, 110 insertions(+), 130 deletions(-) diff --git a/src/managementEnforcer.ts b/src/managementEnforcer.ts index 442d157b..ce2f76b5 100644 --- a/src/managementEnforcer.ts +++ b/src/managementEnforcer.ts @@ -565,7 +565,7 @@ export class ManagementEnforcer extends InternalEnforcer { } /** - * addPolicyLocally adds an authorization rule to the current policy without + * selfAddPolicyLocally adds an authorization rule to the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rule will not be added. * Otherwise the function returns true by adding the new rule. @@ -573,12 +573,12 @@ export class ManagementEnforcer extends InternalEnforcer { * @param params the "p" policy rule, ptype "p" is implicitly used. * @return succeeds or not. */ - public async addPolicyLocally(...params: string[]): Promise { - return this.addNamedPolicyLocally('p', ...params); + public async selfAddPolicyLocally(...params: string[]): Promise { + return this.selfAddNamedPolicyLocally('p', ...params); } /** - * addPoliciesLocally adds authorization rules to the current policy without + * selfAddPoliciesLocally adds authorization rules to the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rules will not be added. * Otherwise the function returns true by adding the new rules. @@ -586,12 +586,12 @@ export class ManagementEnforcer extends InternalEnforcer { * @param rules the "p" policy rules, ptype "p" is implicitly used. * @return succeeds or not. */ - public async addPoliciesLocally(rules: string[][]): Promise { - return this.addNamedPoliciesLocally('p', rules); + public async selfAddPoliciesLocally(rules: string[][]): Promise { + return this.selfAddNamedPoliciesLocally('p', rules); } /** - * addNamedPolicyLocally adds an authorization rule to the current named policy without + * selfAddNamedPolicyLocally adds an authorization rule to the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rule will not be added. * Otherwise the function returns true by adding the new rule. @@ -600,12 +600,12 @@ export class ManagementEnforcer extends InternalEnforcer { * @param params the "p" policy rule. * @return succeeds or not. */ - public async addNamedPolicyLocally(ptype: string, ...params: string[]): Promise { + public async selfAddNamedPolicyLocally(ptype: string, ...params: string[]): Promise { return this.addPolicyInternal('p', ptype, params, false, false); } /** - * addNamedPoliciesLocally adds authorization rules to the current named policy without + * selfAddNamedPoliciesLocally adds authorization rules to the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rules will not be added. * Otherwise the function returns true by adding the new rules. @@ -614,12 +614,12 @@ export class ManagementEnforcer extends InternalEnforcer { * @param rules the "p" policy rules. * @return succeeds or not. */ - public async addNamedPoliciesLocally(ptype: string, rules: string[][]): Promise { + public async selfAddNamedPoliciesLocally(ptype: string, rules: string[][]): Promise { return this.addPoliciesInternal('p', ptype, rules, false, false); } /** - * updatePolicyLocally updates an authorization rule from the current policy without + * selfUpdatePolicyLocally updates an authorization rule from the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule not exists, the function returns false. * Otherwise the function returns true by changing it to the new rule. @@ -628,12 +628,12 @@ export class ManagementEnforcer extends InternalEnforcer { * @param oldRule the policy will be remove * @param newRule the policy will be added */ - public async updatePolicyLocally(oldRule: string[], newRule: string[]): Promise { - return this.updateNamedPolicyLocally('p', oldRule, newRule); + public async selfUpdatePolicyLocally(oldRule: string[], newRule: string[]): Promise { + return this.selfUpdateNamedPolicyLocally('p', oldRule, newRule); } /** - * updateNamedPolicyLocally updates an authorization rule from the current named policy without + * selfUpdateNamedPolicyLocally updates an authorization rule from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule not exists, the function returns false. * Otherwise the function returns true by changing it to the new rule. @@ -643,34 +643,34 @@ export class ManagementEnforcer extends InternalEnforcer { * @param newRule the policy rule will be added * @return succeeds or not. */ - public async updateNamedPolicyLocally(ptype: string, oldRule: string[], newRule: string[]): Promise { + public async selfUpdateNamedPolicyLocally(ptype: string, oldRule: string[], newRule: string[]): Promise { return this.updatePolicyInternal('p', ptype, oldRule, newRule, false, false); } /** - * removePolicyLocally removes an authorization rule from the current policy without + * selfRemovePolicyLocally removes an authorization rule from the current policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param params the "p" policy rule, ptype "p" is implicitly used. * @return succeeds or not. */ - public async removePolicyLocally(...params: string[]): Promise { - return this.removeNamedPolicyLocally('p', ...params); + public async selfRemovePolicyLocally(...params: string[]): Promise { + return this.selfRemoveNamedPolicyLocally('p', ...params); } /** - * removePoliciesLocally removes authorization rules from the current policy without + * selfRemovePoliciesLocally removes authorization rules from the current policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param rules the "p" policy rules, ptype "p" is implicitly used. * @return succeeds or not. */ - public async removePoliciesLocally(rules: string[][]): Promise { - return this.removeNamedPoliciesLocally('p', rules); + public async selfRemovePoliciesLocally(rules: string[][]): Promise { + return this.selfRemoveNamedPoliciesLocally('p', rules); } /** - * removeFilteredPolicy removes an authorization rule from the current policy without + * selfRemoveFilteredPolicyLocally removes an authorization rule from the current policy without * persistence via the adapter and without calling the update() function of the watcher. * Field filters can be specified. * @@ -679,36 +679,36 @@ export class ManagementEnforcer extends InternalEnforcer { * means not to match this field. * @return succeeds or not. */ - public async removeFilteredPolicyLocally(fieldIndex: number, ...fieldValues: string[]): Promise { - return this.removeFilteredNamedPolicyLocally('p', fieldIndex, ...fieldValues); + public async selfRemoveFilteredPolicyLocally(fieldIndex: number, ...fieldValues: string[]): Promise { + return this.selfRemoveFilteredNamedPolicyLocally('p', fieldIndex, ...fieldValues); } /** - * removeNamedPolicyLocally removes an authorization rule from the current named policy without + * selfRemoveNamedPolicyLocally removes an authorization rule from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param ptype the policy type, can be "p", "p2", "p3", .. * @param params the "p" policy rule. * @return succeeds or not. */ - public async removeNamedPolicyLocally(ptype: string, ...params: string[]): Promise { + public async selfRemoveNamedPolicyLocally(ptype: string, ...params: string[]): Promise { return this.removePolicyInternal('p', ptype, params, false, false); } /** - * removeNamedPoliciesLocally removes authorization rules from the current named policy without + * selfRemoveNamedPoliciesLocally removes authorization rules from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param ptype the policy type, can be "p", "p2", "p3", .. * @param rules the "p" policy rules. * @return succeeds or not. */ - public async removeNamedPoliciesLocally(ptype: string, rules: string[][]): Promise { + public async selfRemoveNamedPoliciesLocally(ptype: string, rules: string[][]): Promise { return this.removePoliciesInternal('p', ptype, rules, false, false); } /** - * removeFilteredNamedPolicyLocally removes an authorization rule from the current named policy without + * selfRemoveFilteredNamedPolicyLocally removes an authorization rule from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * Field filters can be specified. * @@ -718,24 +718,24 @@ export class ManagementEnforcer extends InternalEnforcer { * means not to match this field. * @return succeeds or not. */ - public async removeFilteredNamedPolicyLocally(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { + public async selfRemoveFilteredNamedPolicyLocally(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { return this.removeFilteredPolicyInternal('p', ptype, fieldIndex, fieldValues, false, false); } /** - * addGroupingPolicyLocally adds a role inheritance rule to the current policy. + * selfAddGroupingPolicyLocally adds a role inheritance rule to the current policy. * If the rule already exists, the function returns false and the rule will not be added. * Otherwise the function returns true by adding the new rule. * * @param params the "g" policy rule, ptype "g" is implicitly used. * @return succeeds or not. */ - public async addGroupingPolicyLocally(...params: string[]): Promise { - return this.addNamedGroupingPolicyLocally('g', ...params); + public async selfAddGroupingPolicyLocally(...params: string[]): Promise { + return this.selfAddNamedGroupingPolicyLocally('g', ...params); } /** - * addGroupingPoliciesLocally adds a role inheritance rules to the current policy without + * selfAddGroupingPoliciesLocally adds a role inheritance rules to the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rules will not be added. * Otherwise the function returns true by adding the new rules. @@ -743,12 +743,12 @@ export class ManagementEnforcer extends InternalEnforcer { * @param rules the "g" policy rules, ptype "g" is implicitly used. * @return succeeds or not. */ - public async addGroupingPoliciesLocally(rules: string[][]): Promise { - return this.addNamedGroupingPoliciesLocally('g', rules); + public async selfAddGroupingPoliciesLocally(rules: string[][]): Promise { + return this.selfAddNamedGroupingPoliciesLocally('g', rules); } /** - * addNamedGroupingPolicyLocally adds a named role inheritance rule to the current policy without + * selfAddNamedGroupingPolicyLocally adds a named role inheritance rule to the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rule will not be added. * Otherwise the function returns true by adding the new rule. @@ -757,12 +757,12 @@ export class ManagementEnforcer extends InternalEnforcer { * @param params the "g" policy rule. * @return succeeds or not. */ - public async addNamedGroupingPolicyLocally(ptype: string, ...params: string[]): Promise { + public async selfAddNamedGroupingPolicyLocally(ptype: string, ...params: string[]): Promise { return this.addPolicyInternal('g', ptype, params, false, false); } /** - * addNamedGroupingPoliciesLocally adds named role inheritance rules to the current policy without + * selfAddNamedGroupingPoliciesLocally adds named role inheritance rules to the current policy without * persistence via the adapter and without calling the update() function of the watcher. * If the rule already exists, the function returns false and the rules will not be added. * Otherwise the function returns true by adding the new rules. @@ -771,34 +771,34 @@ export class ManagementEnforcer extends InternalEnforcer { * @param rules the "g" policy rule. * @return succeeds or not. */ - public async addNamedGroupingPoliciesLocally(ptype: string, rules: string[][]): Promise { + public async selfAddNamedGroupingPoliciesLocally(ptype: string, rules: string[][]): Promise { return this.addPoliciesInternal('g', ptype, rules, false, false); } /** - * removeGroupingPolicyLocally removes a role inheritance rule from the current policy without + * selfRemoveGroupingPolicyLocally removes a role inheritance rule from the current policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param params the "g" policy rule, ptype "g" is implicitly used. * @return succeeds or not. */ - public async removeGroupingPolicyLocally(...params: string[]): Promise { - return this.removeNamedGroupingPolicyLocally('g', ...params); + public async selfRemoveGroupingPolicyLocally(...params: string[]): Promise { + return this.selfRemoveNamedGroupingPolicyLocally('g', ...params); } /** - * removeGroupingPoliciesLocally removes role inheritance rules from the current policy without + * selfRemoveGroupingPoliciesLocally removes role inheritance rules from the current policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param rules the "g" policy rules, ptype "g" is implicitly used. * @return succeeds or not. */ - public async removeGroupingPoliciesLocally(rules: string[][]): Promise { - return this.removeNamedGroupingPoliciesLocally('g', rules); + public async selfRemoveGroupingPoliciesLocally(rules: string[][]): Promise { + return this.selfRemoveNamedGroupingPoliciesLocally('g', rules); } /** - * removeFilteredGroupingPolicyLocally removes a role inheritance rule from the current policy, field filters can be specified without + * selfRemoveFilteredGroupingPolicyLocally removes a role inheritance rule from the current policy, field filters can be specified without * persistence via the adapter and without calling the update() function of the watcher. * * @param fieldIndex the policy rule's start index to be matched. @@ -806,36 +806,36 @@ export class ManagementEnforcer extends InternalEnforcer { * means not to match this field. * @return succeeds or not. */ - public async removeFilteredGroupingPolicyLocally(fieldIndex: number, ...fieldValues: string[]): Promise { - return this.removeFilteredNamedGroupingPolicyLocally('g', fieldIndex, ...fieldValues); + public async selfRemoveFilteredGroupingPolicyLocally(fieldIndex: number, ...fieldValues: string[]): Promise { + return this.selfRemoveFilteredNamedGroupingPolicyLocally('g', fieldIndex, ...fieldValues); } /** - * removeNamedGroupingPolicyLocally removes a role inheritance rule from the current named policy without + * selfRemoveNamedGroupingPolicyLocally removes a role inheritance rule from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param ptype the policy type, can be "g", "g2", "g3", .. * @param params the "g" policy rule. * @return succeeds or not. */ - public async removeNamedGroupingPolicyLocally(ptype: string, ...params: string[]): Promise { + public async selfRemoveNamedGroupingPolicyLocally(ptype: string, ...params: string[]): Promise { return this.removePolicyInternal('g', ptype, params, false, false); } /** - * removeNamedGroupingPoliciesLocally removes role inheritance rules from the current named policy without + * selfRemoveNamedGroupingPoliciesLocally removes role inheritance rules from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param ptype the policy type, can be "g", "g2", "g3", .. * @param rules the "g" policy rules. * @return succeeds or not. */ - public async removeNamedGroupingPoliciesLocally(ptype: string, rules: string[][]): Promise { + public async selfRemoveNamedGroupingPoliciesLocally(ptype: string, rules: string[][]): Promise { return this.removePoliciesInternal('g', ptype, rules, false, false); } /** - * removeFilteredNamedGroupingPolicyLocally removes a role inheritance rule from the current named policy without + * selfRemoveFilteredNamedGroupingPolicyLocally removes a role inheritance rule from the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * Field filters can be specified. * @@ -845,24 +845,24 @@ export class ManagementEnforcer extends InternalEnforcer { * means not to match this field. * @return succeeds or not. */ - public async removeFilteredNamedGroupingPolicyLocally(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { + public async selfRemoveFilteredNamedGroupingPolicyLocally(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise { return this.removeFilteredPolicyInternal('g', ptype, fieldIndex, fieldValues, false, false); } /** - * UpdateGroupingPolicyLocally updates an rule to the current named policy without + * selfUpdateGroupingPolicyLocally updates an rule to the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param oldRule the old rule. * @param newRule the new rule. * @return succeeds or not. */ - public async updateGroupingPolicyLocally(oldRule: string[], newRule: string[]): Promise { - return this.updateNamedGroupingPolicyLocally('g', oldRule, newRule); + public async selfUpdateGroupingPolicyLocally(oldRule: string[], newRule: string[]): Promise { + return this.selfUpdateNamedGroupingPolicyLocally('g', oldRule, newRule); } /** - * updateNamedGroupingPolicyLocally updates an rule to the current named policy without + * selfUpdateNamedGroupingPolicyLocally updates an rule to the current named policy without * persistence via the adapter and without calling the update() function of the watcher. * * @param ptype the policy type, can be "g", "g2", "g3", .. @@ -870,27 +870,7 @@ export class ManagementEnforcer extends InternalEnforcer { * @param newRule the new rule. * @return succeeds or not. */ - public async updateNamedGroupingPolicyLocally(ptype: string, oldRule: string[], newRule: string[]): Promise { + public async selfUpdateNamedGroupingPolicyLocally(ptype: string, oldRule: string[], newRule: string[]): Promise { return this.updatePolicyInternal('g', ptype, oldRule, newRule, false, false); } - - public async selfRemovePolicyLocally(sec: string, ptype: string, rule: string[]): Promise { - return this.removePolicyInternal(sec, ptype, rule, false, false); - } - - public async selfRemoveFilteredPolicyLocally(sec: string, ptype: string, fieldIndex: number, fieldValues: string[]): Promise { - return this.removeFilteredPolicyInternal(sec, ptype, fieldIndex, fieldValues, false, false); - } - - public async selfUpdatePolicyLocally(sec: string, ptype: string, oldRule: string[], newRule: string[]): Promise { - return this.updatePolicyInternal(sec, ptype, oldRule, newRule, false, false); - } - - public async selfAddPoliciesLocally(sec: string, ptype: string, rule: string[][]): Promise { - return this.addPoliciesInternal(sec, ptype, rule, false, false); - } - - public async selfRemovePoliciesLocally(sec: string, ptype: string, rule: string[][]): Promise { - return this.removePoliciesInternal(sec, ptype, rule, false, false); - } } diff --git a/test/managementAPI.test.ts b/test/managementAPI.test.ts index 7def4cc5..abbb0cd5 100644 --- a/test/managementAPI.test.ts +++ b/test/managementAPI.test.ts @@ -378,14 +378,14 @@ test('updateNamedGroupingPolicy', async () => { testArray2DEquals(groupingPolicy, [['alice', 'update_test']]); }); -test('addPolicyLocally', async () => { +test('selfAddPolicyLocally', async () => { const p = ['eve', 'data3', 'read']; - const added = await e.addPolicyLocally(...p); + const added = await e.selfAddPolicyLocally(...p); expect(added).toBe(true); expect(await e.hasPolicy(...p)).toBe(true); }); -test('addPoliciesLocally', async () => { +test('selfAddPoliciesLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); const rules = [ @@ -394,21 +394,21 @@ test('addPoliciesLocally', async () => { ['leyo', 'data4', 'read'], ['ham', 'data4', 'write'], ]; - const added = await e.addPoliciesLocally(rules); + const added = await e.selfAddPoliciesLocally(rules); expect(added).toBe(true); for (const rule of rules) { expect(await e.hasPolicy(...rule)).toBe(true); } }); -test('addNamedPolicyLocally', async () => { +test('selfAddNamedPolicyLocally', async () => { const p = ['eve', 'data3', 'read']; - const added = await e.addNamedPolicyLocally('p', ...p); + const added = await e.selfAddNamedPolicyLocally('p', ...p); expect(added).toBe(true); expect(await e.hasPolicy(...p)).toBe(true); }); -test('addNamedPoliciesLocally', async () => { +test('selfAddNamedPoliciesLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); const rules = [ @@ -417,75 +417,75 @@ test('addNamedPoliciesLocally', async () => { ['leyo', 'data4', 'read'], ['ham', 'data4', 'write'], ]; - const added = await e.addNamedPoliciesLocally('p', rules); + const added = await e.selfAddNamedPoliciesLocally('p', rules); expect(added).toBe(true); for (const rule of rules) { expect(await e.hasPolicy(...rule)).toBe(true); } }); -test('updatePolicyLocally', async () => { +test('selfUpdatePolicyLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); const p = ['alice', 'data1', 'read']; const q = ['alice', 'data2', 'read']; - const updated = await e.updatePolicyLocally(p, q); + const updated = await e.selfUpdatePolicyLocally(p, q); expect(updated).toBe(true); expect(await e.hasPolicy(...p)).toBe(false); expect(await e.hasPolicy(...q)).toBe(true); }); -test('updateNamedPolicyLocally', async () => { +test('selfUpdateNamedPolicyLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); const p = ['alice', 'data1', 'read']; const q = ['alice', 'data2', 'read']; - const updated = await e.updateNamedPolicyLocally('p', p, q); + const updated = await e.selfUpdateNamedPolicyLocally('p', p, q); expect(updated).toBe(true); expect(await e.hasPolicy(...p)).toBe(false); expect(await e.hasPolicy(...q)).toBe(true); }); -test('removePolicyLocally', async () => { +test('selfRemovePolicyLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); const p = ['alice', 'data1', 'read']; - const removed = await e.removePolicyLocally(...p); + const removed = await e.selfRemovePolicyLocally(...p); expect(removed).toBe(true); expect(await e.hasPolicy(...p)).toBe(false); }); -test('removePoliciesLocally', async () => { +test('selfRemovePoliciesLocally', async () => { const rules = [ ['jack', 'data4', 'read'], ['katy', 'data4', 'write'], ['leyo', 'data4', 'read'], ['ham', 'data4', 'write'], ]; - const added = await e.addPoliciesLocally(rules); + const added = await e.selfAddPoliciesLocally(rules); expect(added).toBe(true); - const removed = await e.removePoliciesLocally(rules); + const removed = await e.selfRemovePoliciesLocally(rules); expect(removed).toBe(true); for (const rule of rules) { expect(await e.hasPolicy(...rule)).toBe(false); } }); -test('removeFilteredPolicyLocally', async () => { +test('selfRemoveFilteredPolicyLocally', async () => { const p = ['alice', 'data1', 'read']; - const removed = await e.removeFilteredPolicyLocally(0, ...p); + const removed = await e.selfRemoveFilteredPolicyLocally(0, ...p); expect(removed).toBe(true); expect(await e.hasPolicy(...p)).toBe(false); }); -test('removeNamedPolicyLocally', async () => { +test('selfRemoveNamedPolicyLocally', async () => { const p = ['alice', 'data1', 'read']; - const removed = await e.removeNamedPolicyLocally('p', ...p); + const removed = await e.selfRemoveNamedPolicyLocally('p', ...p); expect(removed).toBe(true); expect(await e.hasPolicy(...p)).toBe(false); }); -test('removeNamedPoliciesLocally', async () => { +test('selfRemoveNamedPoliciesLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); const rules = [ @@ -494,115 +494,115 @@ test('removeNamedPoliciesLocally', async () => { ['leyo', 'data4', 'read'], ['ham', 'data4', 'write'], ]; - const added = await e.addPoliciesLocally(rules); + const added = await e.selfAddPoliciesLocally(rules); expect(added).toBe(true); - const removed = await e.removeNamedPoliciesLocally('p', rules); + const removed = await e.selfRemoveNamedPoliciesLocally('p', rules); expect(removed).toBe(true); for (const rule of rules) { expect(await e.hasPolicy(...rule)).toBe(false); } }); -test('removeFilteredNamedPolicyLocally', async () => { +test('selfRemoveFilteredNamedPolicyLocally', async () => { const p = ['alice', 'data1', 'read']; - const removed = await e.removeFilteredNamedPolicyLocally('p', 0, ...p); + const removed = await e.selfRemoveFilteredNamedPolicyLocally('p', 0, ...p); expect(removed).toBe(true); expect(await e.hasPolicy(...p)).toBe(false); }); -test('addGroupingPolicyLocally', async () => { - const added = await e.addGroupingPolicyLocally('group1', 'data2_admin'); +test('selfAddGroupingPolicyLocally', async () => { + const added = await e.selfAddGroupingPolicyLocally('group1', 'data2_admin'); expect(added).toBe(true); }); -test('addGroupingPoliciesLocally', async () => { +test('selfAddGroupingPoliciesLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); const groupingRules = [ ['ham', 'data4_admin'], ['jack', 'data5_admin'], ]; - const added = await e.addGroupingPoliciesLocally(groupingRules); + const added = await e.selfAddGroupingPoliciesLocally(groupingRules); expect(added).toBe(true); }); -test('addNamedGroupingPolicyLocally', async () => { - const added = await e.addNamedGroupingPolicyLocally('g', 'group1', 'data2_admin'); +test('selfAddNamedGroupingPolicyLocally', async () => { + const added = await e.selfAddNamedGroupingPolicyLocally('g', 'group1', 'data2_admin'); expect(added).toBe(true); }); -test('addNamedGroupingPoliciesLocally', async () => { +test('selfAddNamedGroupingPoliciesLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); const groupingRules = [ ['ham', 'data4_admin'], ['jack', 'data5_admin'], ]; - const added = await e.addNamedGroupingPoliciesLocally('g', groupingRules); + const added = await e.selfAddNamedGroupingPoliciesLocally('g', groupingRules); expect(added).toBe(true); }); -test('removeGroupingPolicyLocally', async () => { - const removed = await e.removeGroupingPolicyLocally('alice', 'data2_admin'); +test('selfRemoveGroupingPolicyLocally', async () => { + const removed = await e.selfRemoveGroupingPolicyLocally('alice', 'data2_admin'); expect(removed).toBe(true); }); -test('removeGroupingPoliciesLocally', async () => { +test('selfRemoveGroupingPoliciesLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); const groupingRules = [ ['ham', 'data4_admin'], ['jack', 'data5_admin'], ]; - const added = await e.addGroupingPoliciesLocally(groupingRules); + const added = await e.selfAddGroupingPoliciesLocally(groupingRules); expect(added).toBe(true); - const removed = await e.removeGroupingPoliciesLocally(groupingRules); + const removed = await e.selfRemoveGroupingPoliciesLocally(groupingRules); expect(removed).toBe(true); }); -test('removeFilteredGroupingPolicyLocally', async () => { - const removed = await e.removeFilteredGroupingPolicyLocally(0, 'alice'); +test('selfRemoveFilteredGroupingPolicyLocally', async () => { + const removed = await e.selfRemoveFilteredGroupingPolicyLocally(0, 'alice'); expect(removed).toBe(true); }); -test('removeFilteredNamedGroupingPolicyLocally', async () => { - const removed = await e.removeFilteredNamedGroupingPolicyLocally('g', 0, 'alice'); +test('selfRemoveFilteredNamedGroupingPolicyLocally', async () => { + const removed = await e.selfRemoveFilteredNamedGroupingPolicyLocally('g', 0, 'alice'); expect(removed).toBe(true); }); -test('removeNamedGroupingPoliciesLocally', async () => { +test('selfRemoveNamedGroupingPoliciesLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); const groupingRules = [ ['ham', 'data4_admin'], ['jack', 'data5_admin'], ]; - const added = await e.addGroupingPoliciesLocally(groupingRules); + const added = await e.selfAddGroupingPoliciesLocally(groupingRules); expect(added).toBe(true); - const removed = await e.removeNamedGroupingPoliciesLocally('g', groupingRules); + const removed = await e.selfRemoveNamedGroupingPoliciesLocally('g', groupingRules); expect(removed).toBe(true); }); -test('updateGroupingPolicyLocally', async () => { +test('selfUpdateGroupingPolicyLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); let groupingPolicy = await e.getGroupingPolicy(); testArray2DEquals(groupingPolicy, [['alice', 'data2_admin']]); - const updated = e.updateGroupingPolicyLocally(['alice', 'data2_admin'], ['alice', 'update_test']); + const updated = e.selfUpdateGroupingPolicyLocally(['alice', 'data2_admin'], ['alice', 'update_test']); groupingPolicy = await e.getGroupingPolicy(); testArray2DEquals(groupingPolicy, [['alice', 'update_test']]); }); -test('updateNamedGroupingPolicyLocally', async () => { +test('selfUpdateNamedGroupingPolicyLocally', async () => { const a = new FileAdapter('examples/rbac_policy.csv'); e.setAdapter(a); let groupingPolicy = await e.getGroupingPolicy(); testArray2DEquals(groupingPolicy, [['alice', 'data2_admin']]); - const updated = e.updateNamedGroupingPolicyLocally('g', ['alice', 'data2_admin'], ['alice', 'update_test']); + const updated = e.selfUpdateNamedGroupingPolicyLocally('g', ['alice', 'data2_admin'], ['alice', 'update_test']); groupingPolicy = await e.getGroupingPolicy(); testArray2DEquals(groupingPolicy, [['alice', 'update_test']]); });