<a href="https://colab.research.google.com/github/kyhchn/skripsheesh/blob/main/PENGUJIAN_MODEL.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [None]:
# prompt: install z3 prover

!pip install z3-solver


Collecting z3-solver
  Downloading z3_solver-4.15.0.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (602 bytes)
Downloading z3_solver-4.15.0.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (29.5 MB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m29.5/29.5 MB[0m [31m19.1 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: z3-solver
Successfully installed z3-solver-4.15.0.0


In [None]:
from z3 import *


# === Step 1: Enum untuk Role, Action, Resource ===
Roles, (Superadmin, Direktur, Finance, Kasir, Resepsionis, Pegawai_Lapangan, Pelanggan) = EnumSort("Role", [
    "Superadmin", "Direktur", "Finance", "Kasir", "Resepsionis", "Pegawai_Lapangan", "Pelanggan"
])

Actions, (R, C, U, D, Impersonate) = EnumSort("Action", ["R", "C", "U", "D", "Impersonate"])

Resources, (
    User, Customer, MeterReading, Bill, Permission, Role, Role_Perm,
    Journal, COA, FinancialReport, HousingArea,
    R_Superadmin, R_Direktur, R_Finance, R_Kasir, R_Resepsionis, R_Pegawai_Lapangan, R_Pelanggan,
    NoneResource
) = EnumSort("Resource", [
    "User", "Customer", "MeterReading", "Bill", "Permission", "Role", "Role_Perm",
    "Journal", "COA", "FinancialReport", "HousingArea",
    "R_Superadmin", "R_Direktur", "R_Finance", "R_Kasir", "R_Resepsionis", "R_Pegawai_Lapangan", "R_Pelanggan",
    "None"
])


# === Step 2: Function untuk permission dan inheritance ===
has_permission = Function("has_permission", Roles, Actions, Resources, BoolSort())
inherits = Function("inherits", Roles, Roles, BoolSort())

# === Step 3: Mapping string ke enum (biar gampang parsing) ===
role_map = {
    "Superadmin": Superadmin, "Direktur": Direktur, "Finance": Finance,
    "Kasir": Kasir, "Resepsionis": Resepsionis, "Pegawai_Lapangan": Pegawai_Lapangan, "Pelanggan": Pelanggan
}
action_map = {"R": R, "C": C, "U": U, "D": D, "Impersonate": Impersonate}
resource_map = {
    "User": User, "Customer": Customer, "MeterReading": MeterReading, "Bill": Bill,
    "Permission": Permission, "Role": Role, "Role_Perm": Role_Perm,
    "Journal": Journal, "COA": COA, "FinancialReport": FinancialReport,
    "HousingArea": HousingArea, "None": NoneResource,
    "Superadmin": R_Superadmin, "Direktur": R_Direktur, "Finance": R_Finance,
    "Kasir": R_Kasir, "Resepsionis": R_Resepsionis,
    "Pegawai_Lapangan": R_Pegawai_Lapangan, "Pelanggan": R_Pelanggan
}

# === Step 4: Masukkan fakta dari hasil kamu tadi ===
s = Solver()



def perm_tuple(p):
    act, res = map(str.strip, p.split(","))
    return action_map[act], resource_map.get(res, NoneResource)

role_perms = {
    "Superadmin": [
        "R, User", "C, User", "U, User", "R, Customer", "R, MeterReading", "C, Bill",
        "C, Permission", "R, Permission", "U, Permission", "D, Permission",
        "R, Role", "R, Role_Perm", "C, Role", "C, Role_Perm",
        "U, Role", "D, Role_Perm", "D, Role",
        "Impersonate, Finance", "Impersonate, Kasir", "Impersonate, Pegawai_Lapangan",
        "Impersonate, Resepsionis", "Impersonate, Direktur"
    ],
    "Direktur": ["R, FinancialReport"],
    "Finance": ["C, Journal", "R, Journal", "U, Journal", "C, COA", "R, COA", "U, COA", "R, User"],
    "Kasir": ["U, Bill", "C, Journal", "R, Journal", "R, COA", "U, Journal", "R, User"],
    "Resepsionis": ["C, Customer", "U, Customer", "C, HousingArea", "R, HousingArea", "U, HousingArea", "R, User"],
    # "Resepsionis": ["C, Customer", "C, HousingArea", "R, HousingArea", "U, HousingArea", "R, User"],
    "Pegawai_Lapangan": ["C, MeterReading", "U, MeterReading"],
    # "Pegawai_Lapangan": ["C, MeterReading"],
    "Pelanggan": ["R, Customer", "R, Bill", "R, MeterReading"]
}

# Masukkan permission ke dalam Z3
roles = list(role_map.values())
actions = list(action_map.values())
resources = list(resource_map.values())



In [None]:
from collections import defaultdict, deque

inherit_rel = [
    ("Direktur", "Kasir"),
    ("Kasir", "Pelanggan"),
    ("Resepsionis", "Pelanggan"),
    ("Pegawai_Lapangan", "Pelanggan")
]

# Salin base
role_perms = {r: set(perm_list) for r, perm_list in role_perms.items()}

# Buat reverse map dari child → list of parent
child_to_parents = defaultdict(list)
for parent, child in inherit_rel:
    child_to_parents[child].append(parent)

# Wariskan permission dari child ke parent, lakukan sampai stabil
def propagate_permissions():
    changed = True
    while changed:
        changed = False
        for child, parents in child_to_parents.items():
            for parent in parents:
                for perm in role_perms.get(child, []):
                    if perm not in role_perms[parent]:
                        role_perms[parent].add(perm)
                        changed = True

propagate_permissions()

In [None]:
# Pastikan defined_perms dideklarasikan sebelumnya
defined_perms = set()

s.push()

# Menambahkan permission yang sudah didefinisikan
for role, perms in role_perms.items():
    for p in perms:
        act, res = perm_tuple(p)
        defined_perms.add((role_map[role], act, res))


print("\n🔒 Menambahkan constraint: default semua permission yang tidak didefinisikan harus False")
for r in roles:
    for a in actions:
        for res in resources:
            if (r, a, res) not in defined_perms:
                s.add(has_permission(r, a, res) == False)

# Pastikan permission yang didefinisikan adalah True
for r, a, res in defined_perms:
    s.add(has_permission(r, a, res) == True)

if s.check() == sat:
  print("Valdi")
else:
  print("Invalid")


🔒 Menambahkan constraint: default semua permission yang tidak didefinisikan harus False
Valdi


In [None]:
users = [Const(f"user_{i}", Roles) for i in range(12)]

s.push()

# === Step 3: Fakta role assignment ===
s.add(users[0] == Superadmin)        # 1 Superadmin
s.add(users[1] == Direktur)          # 1 Direktur
s.add(users[2] == Finance)           # 2 Finance
s.add(users[3] == Finance)
s.add(users[4] == Kasir)             # 2 Kasir
s.add(users[5] == Kasir)
s.add(users[6] == Resepsionis)       # 2 Resepsionis
s.add(users[7] == Resepsionis)
s.add(users[8] == Pegawai_Lapangan)  # 2 Pegawai Lapangan
s.add(users[9] == Pegawai_Lapangan)
s.add(users[10] == Pelanggan)        # 2 Pelanggan
s.add(users[11] == Pelanggan)

if s.check() == sat:
    m = s.model()
    print("✅ Fakta role assignment:")
    for i in range(len(users)):
        print(f"User {i+1}: {m[users[i]]}")
else:
    print("❌ Tidak bisa assign role dengan fakta tersebut.")

✅ Fakta role assignment:
User 1: Superadmin
User 2: Direktur
User 3: Finance
User 4: Finance
User 5: Kasir
User 6: Kasir
User 7: Resepsionis
User 8: Resepsionis
User 9: Pegawai_Lapangan
User 10: Pegawai_Lapangan
User 11: Pelanggan
User 12: Pelanggan


In [None]:
print("\n SOD_01")
print("\n🔍 Checking constraint: Tidak boleh ada role apa pun yang memiliki dua atau lebih dari permission {C, MeterReading}, {C, Bill}, dan {C, Journal}")

s.push()
for role in roles:
    c_bill = has_permission(role, C, Bill)
    c_journal = has_permission(role, C, Journal)
    c_meter = has_permission(role, C, MeterReading)

    # Dilarang memiliki kombinasi dua atau lebih dari tiga permission ini
    constraint = Not(Or(
        And(c_bill, c_journal),
        And(c_bill, c_meter),
        And(c_journal, c_meter),
        And(c_bill, c_journal, c_meter)
    ))
    s.add(constraint)

if s.check() == sat:
    print("✅ Passed: Tidak ada role yang memiliki dua atau lebih permission tersebut secara bersamaan.")
else:
    print("❌ Failed: Ada role yang memiliki dua atau lebih permission tersebut.")
    print("Model or conflict info:")
    print(s.model())
s.pop()



 OP_08

🔍 Checking constraint: Tidak boleh ada role apa pun yang memiliki dua atau lebih dari permission {C, MeterReading}, {C, Bill}, dan {C, Journal}
✅ Passed: Tidak ada role yang memiliki dua atau lebih permission tersebut secara bersamaan.


In [None]:
print("\n SOD_02")
print("\n🔍 Checking constraint: setiap user hanya satu role (valid role)")
s.push()
for u in users:
    s.add(Or(u == Superadmin, u == Direktur, u == Finance, u == Kasir,
             u == Resepsionis, u == Pegawai_Lapangan, u == Pelanggan))
if s.check() == sat:
    print("✅ Passed: Semua user memiliki role yang valid.")
else:
    print("❌ Failed: Ada user dengan role tidak valid.")
s.pop()


 SOD_02

🔍 Checking constraint: setiap user hanya satu role (valid role)
✅ Passed: Semua user memiliki role yang valid.


In [None]:
# === Constraint Debug Check 2: Hanya satu Superadmin ===
print("\n CA_01")
print("\n🔍 Checking constraint: hanya satu Superadmin")
s.push()

count_superadmin = Sum([If(users[i] == Superadmin, 1, 0) for i in range(len(users))])
s.add(count_superadmin == 1)
if s.check() == sat:
    print("✅ Passed: Hanya satu Superadmin.")
else:
    print("❌ Failed: Jumlah Superadmin tidak tepat.")
s.pop()


 CA_01

🔍 Checking constraint: hanya satu Superadmin
✅ Passed: Hanya satu Superadmin.


In [None]:
# === Constraint Debug Check: Tiap role minimal satu user ===
print("\n CA_02")
print("\n🔍 Checking constraint: tiap role minimal satu user")

s.push()
roles = [Superadmin, Direktur, Finance, Kasir, Resepsionis, Pegawai_Lapangan, Pelanggan]

for role in roles:
    count = Sum([If(user == role, 1, 0) for user in users])
    s.add(count >= 1)

if s.check() == sat:
    print("✅ Passed: Semua role dimiliki minimal oleh satu user.")
else:
    print("❌ Failed: Ada role yang tidak dimiliki oleh user mana pun.")
s.pop()


 CA_02

🔍 Checking constraint: tiap role minimal satu user
✅ Passed: Semua role dimiliki minimal oleh satu user.


In [None]:
# Constraint: Tiap permission minimal digunakan satu role
print("\n CA_03")
print("\n🔍 Checking constraint: tiap permission minimal digunakan satu role")

# Ambil permissions unik yang ada di role_perms
permissions_used = set()
for perms in role_perms.values():
    for p in perms:
        act, res = perm_tuple(p)
        permissions_used.add((act, res))

# Pastikan tiap permission digunakan minimal satu role
for permission in permissions_used:
    s.add(Sum([If(has_permission(role, permission[0], permission[1]), 1, 0) for role in roles]) >= 1)

# Debug: check jika constraint diterima
s.push()
if s.check() == sat:
    print("✅ Passed: Semua permission digunakan minimal satu role.")
else:
    print("❌ Failed: Ada permission yang tidak digunakan oleh role mana pun.")
s.pop()



 CA_03

🔍 Checking constraint: tiap permission minimal digunakan satu role
✅ Passed: Semua permission digunakan minimal satu role.


In [None]:
print("\n OP_07")
print("\n🔍 Checking constraint: Role yang memiliki permission Update harus memiliki permission Read untuk objek terkait")

s.push()

# Constraint: Role yang memiliki permission Update harus memiliki permission Read untuk objek terkait
for role, perms in role_perms.items():
    print(f"{role}: {', '.join(map(str, perms))}")
# Cek semua kombinasi yang secara eksplisit diberikan
for (r, a, res) in defined_perms:
    if a == U:
        print("role ", r, " action ", a, " resource ", res)
        role_map
        s.add(Implies(
            has_permission(r, U, res),
            has_permission(r, R, res)
        ))

if s.check() == sat:
    print("✅ Passed: Role yang memiliki permission Update juga memiliki permission Read untuk objek terkait.")
else:
    print("❌ Failed: Ada role yang tidak memenuhi constraint Update harus punya Read untuk objek terkait.")
s.pop()


 OP_07

🔍 Checking constraint: Role yang memiliki permission Update harus memiliki permission Read untuk objek terkait
Superadmin: R, User, U, Role, U, Permission, U, User, D, Role, R, Permission, R, Customer, Impersonate, Kasir, D, Role_Perm, Impersonate, Resepsionis, R, Role_Perm, C, Permission, C, Role_Perm, C, User, C, Bill, R, Role, Impersonate, Pegawai_Lapangan, R, MeterReading, C, Role, Impersonate, Finance, Impersonate, Direktur, D, Permission
Direktur: R, Journal, R, User, R, COA, R, MeterReading, U, Journal, R, Bill, C, Journal, R, FinancialReport, R, Customer, U, Bill
Finance: R, Journal, R, User, U, COA, R, COA, U, Journal, C, Journal, C, COA
Kasir: R, Journal, R, User, R, COA, R, MeterReading, U, Journal, R, Bill, C, Journal, R, Customer, U, Bill
Resepsionis: R, User, R, MeterReading, U, HousingArea, C, Customer, R, Bill, R, Customer, U, Customer, R, HousingArea, C, HousingArea
Pegawai_Lapangan: R, MeterReading, C, MeterReading, R, Bill, R, Customer, U, MeterReading
Pelan