Skip to content

Commit

Permalink
feat: Add deleteAllUsersByDomain, deleteDomains rbac method (#111)
Browse files Browse the repository at this point in the history
  • Loading branch information
@basakest
basakest committed Sep 29, 2021
1 parent 4a7ddb6 commit d7b799c
Show file tree
Hide file tree
Showing 2 changed files with 101 additions and 0 deletions.
51 changes: 51 additions & 0 deletions src/Enforcer.php
View file
Expand Up @@ -535,4 +535,55 @@ public function deleteRoleForUserInDomain(string $user, string $role, string $do
{
return $this->removeGroupingPolicy($user, $role, $domain);
}

/**
* DeleteAllUsersByDomain would delete all users associated with the domain.
*
* @param string $domain
* @return bool
*/
public function deleteAllUsersByDomain(string $domain): bool
{
$g = $this->model['g']['g'];
$p = $this->model['p']['p'];
$index = $this->getDomainIndex('p');

$getUser = function (int $index, array $policies, string $domain): array {
if (count($policies) == 0 || count($policies[0]) <= $index) {
return [];
}
$res = [];
foreach ($policies as $policy) {
if ($policy[$index] == $domain) {
$res[] = $policy;
}
}
return $res;
};

$users = $getUser(2, $g->policy, $domain);
$this->removeGroupingPolicies($users);
$users = $getUser($index, $p->policy, $domain);
$this->removePolicies($users);
return true;
}

/**
* DeleteDomains would delete all associated users and roles.
* It would delete all domains if parameter is not provided.
*
* @param string ...$domains
* @return bool
*/
public function deleteDomains(string ...$domains): bool
{
if (count($domains) == 0) {
$this->clearPolicy();
return true;
}
foreach ($domains as $domain) {
$this->deleteAllUsersByDomain($domain);
}
return true;
}
}
50 changes: 50 additions & 0 deletions tests/Unit/EnforcerTest.php
View file
Expand Up @@ -393,4 +393,54 @@ public function testBatchEnforce()
]);
$this->assertEquals([true, true, false], $res);
}

public function testDeleteAllUsersByDomain()
{
$e = new Enforcer($this->modelAndPolicyPath . '/rbac_with_domains_model.conf', $this->modelAndPolicyPath . '/rbac_with_domains_policy.csv');

$e->deleteAllUsersByDomain('domain1');
$this->assertEquals([
['admin', 'domain2', 'data2', 'read'],
['admin', 'domain2', 'data2', 'write'],
], $e->getPolicy());
$this->assertEquals([
['bob', 'admin', 'domain2']
], $e->getGroupingPolicy());

$e = new Enforcer($this->modelAndPolicyPath . '/rbac_with_domains_model.conf', $this->modelAndPolicyPath . '/rbac_with_domains_policy.csv');
$e->deleteAllUsersByDomain('domain2');
$this->assertEquals([
['admin', 'domain1', 'data1', 'read'],
['admin', 'domain1', 'data1', 'write'],
], $e->getPolicy());
$this->assertEquals([
['alice', 'admin', 'domain1']
], $e->getGroupingPolicy());
}

public function testDeleteDomains()
{
$e = new Enforcer($this->modelAndPolicyPath . '/rbac_with_domains_model.conf', $this->modelAndPolicyPath . '/rbac_with_domains_policy.csv');

$e->deleteDomains();
$this->assertEquals([], $e->getPolicy());
$this->assertEquals([], $e->getGroupingPolicy());

$e = new Enforcer($this->modelAndPolicyPath . '/rbac_with_domains_model.conf', $this->modelAndPolicyPath . '/rbac_with_domains_policy.csv');

$e->deleteDomains('domain1');
$this->assertEquals([
['admin', 'domain2', 'data2', 'read'],
['admin', 'domain2', 'data2', 'write'],
], $e->getPolicy());
$this->assertEquals([
['bob', 'admin', 'domain2']
], $e->getGroupingPolicy());

$e = new Enforcer($this->modelAndPolicyPath . '/rbac_with_domains_model.conf', $this->modelAndPolicyPath . '/rbac_with_domains_policy.csv');

$e->deleteDomains('domain1', 'domain2');
$this->assertEquals([], $e->getPolicy());
$this->assertEquals([], $e->getGroupingPolicy());
}
}

0 comments on commit d7b799c

Please sign in to comment.