feat: fixed small issue and added tests

Signed-off-by: Mohit Kumar Singh <[email protected]>

lib/src/enforcer.dart

@@ -165,7 +165,7 @@ class Enforcer extends ManagementEnforcer {
 
   void deleteRole(String role) {
     removeFilteredGroupingPolicy(1, [role]);
-    removeFilteredPolicy(0, role);
+    removeFilteredPolicy(0, [role]);
   }
 
   /// deletePermission deletes a permission.
@@ -175,7 +175,7 @@ class Enforcer extends ManagementEnforcer {
   /// return succeeds or not.
 
   bool deletePermission(List<String> permission) {
-    return deletePermission(permission);
+    return removeFilteredPolicy(1, permission);
   }
 
   /// addPermissionForUser adds a permission for a user or role.
@@ -238,7 +238,7 @@ class Enforcer extends ManagementEnforcer {
   /// return succeeds or not.
 
   bool deletePermissionsForUser(String user) {
-    return removeFilteredPolicy(0, user);
+    return removeFilteredPolicy(0, [user]);
   }
 
   /// getPermissionsForUser gets permissions for a user or role.

lib/src/management_enforcer.dart

@@ -283,7 +283,7 @@ class ManagementEnforcer extends InternalEnforcer {
   ///                    means not to match this field.
   /// return succeeds or not.
 
-  bool removeFilteredPolicy(int fieldIndex, dynamic fieldValues) {
+  bool removeFilteredPolicy(int fieldIndex, List<String> fieldValues) {
     return removeFilteredNamedPolicy('p', fieldIndex, fieldValues);
   }
 
@@ -308,7 +308,7 @@ class ManagementEnforcer extends InternalEnforcer {
   bool removeFilteredNamedPolicy(
     String ptype,
     int fieldIndex,
-    dynamic fieldValues,
+    List<String> fieldValues,
   ) {
     return removeFilteredPolicyInternal('p', ptype, fieldIndex, fieldValues);
   }

lib/src/model/policy.dart

@@ -197,7 +197,9 @@ class Policy {
     for (var i = 0; i < model[sec]![ptype]!.policy.length; i++) {
       var r = model[sec]![ptype]!.policy[i];
       if (ListEquality().equals(rule, r)) {
-        return model[sec]![ptype]!.policy.remove(i);
+        if (model[sec]?[ptype]?.policy.removeAt(i) != null) {
+          return true;
+        }
       }
     }
     return false;

test/enforcer_test.dart

@@ -245,4 +245,200 @@ void main() {
       testEnforce('test 1', e, 'alice', '/alice_data/resource1', 'GET', true);
     }
   });
+
+  group('TestRBACModelInMemory part 1', () {
+    final m = Model();
+    m.addDef('r', 'r', 'sub, obj, act');
+    m.addDef('p', 'p', 'sub, obj, act');
+    m.addDef('g', 'g', '_, _');
+    m.addDef('e', 'e', 'some(where (p.eft == allow))');
+    m.addDef('m', 'm', 'g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act');
+
+    final e = Enforcer.fromModelAndAdapter(m);
+
+    e.addPermissionForUser('alice', ['data1', 'read']);
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+    e.addRoleForUser('alice', 'data2_admin');
+
+    testEnforce('test 1', e, 'alice', 'data1', 'read', true);
+    testEnforce('test 2', e, 'alice', 'data1', 'write', false);
+    testEnforce('test 3', e, 'alice', 'data2', 'read', true);
+    testEnforce('test 4', e, 'alice', 'data2', 'write', true);
+    testEnforce('test 5', e, 'bob', 'data1', 'read', false);
+    testEnforce('test 6', e, 'bob', 'data1', 'write', false);
+    testEnforce('test 7', e, 'bob', 'data2', 'read', false);
+    testEnforce('test 8', e, 'bob', 'data2', 'write', true);
+  });
+  group('TestRBACModelInMemory part 2', () {
+    final m = Model();
+    m.addDef('r', 'r', 'sub, obj, act');
+    m.addDef('p', 'p', 'sub, obj, act');
+    m.addDef('g', 'g', '_, _');
+    m.addDef('e', 'e', 'some(where (p.eft == allow))');
+    m.addDef('m', 'm', 'g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act');
+
+    final e = Enforcer.fromModelAndAdapter(m);
+
+    e.addPermissionForUser('alice', ['data1', 'read']);
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+    e.addRoleForUser('alice', 'data2_admin');
+
+    e.deletePermissionForUser('alice', ['data1', 'read']);
+    e.deletePermissionForUser('bob', ['data2', 'write']);
+    e.deletePermissionForUser('data2_admin', ['data2', 'read']);
+    e.deletePermissionForUser('data2_admin', ['data2', 'write']);
+
+    testEnforce('test 1', e, 'alice', 'data1', 'read', false);
+    testEnforce('test 2', e, 'alice', 'data1', 'write', false);
+    testEnforce('test 3', e, 'alice', 'data2', 'read', false);
+    testEnforce('test 4', e, 'alice', 'data2', 'write', false);
+    testEnforce('test 5', e, 'bob', 'data1', 'read', false);
+    testEnforce('test 6', e, 'bob', 'data1', 'write', false);
+    testEnforce('test 7', e, 'bob', 'data2', 'read', false);
+    testEnforce('test 8', e, 'bob', 'data2', 'write', false);
+  });
+
+  group('TestRBACModelInMemory part 3', () {
+    final m = Model();
+    m.addDef('r', 'r', 'sub, obj, act');
+    m.addDef('p', 'p', 'sub, obj, act');
+    m.addDef('g', 'g', '_, _');
+    m.addDef('e', 'e', 'some(where (p.eft == allow))');
+    m.addDef('m', 'm', 'g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act');
+
+    final e = Enforcer.fromModelAndAdapter(m);
+
+    e.addPermissionForUser('alice', ['data1', 'read']);
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+    e.addRoleForUser('alice', 'data2_admin');
+
+    e.deletePermissionForUser('alice', ['data1', 'read']);
+    e.deletePermissionForUser('bob', ['data2', 'write']);
+    e.deletePermissionForUser('data2_admin', ['data2', 'read']);
+    e.deletePermissionForUser('data2_admin', ['data2', 'write']);
+
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+    e.addRoleForUser('alice', 'data2_admin');
+
+    testEnforce('test 1', e, 'alice', 'data2', 'read', true);
+    testEnforce('test 2', e, 'alice', 'data2', 'write', true);
+    testEnforce('test 3', e, 'bob', 'data2', 'read', false);
+    testEnforce('test 4', e, 'bob', 'data2', 'write', true);
+  });
+
+  group('TestRBACModelInMemory part 4', () {
+    final m = Model();
+    m.addDef('r', 'r', 'sub, obj, act');
+    m.addDef('p', 'p', 'sub, obj, act');
+    m.addDef('g', 'g', '_, _');
+    m.addDef('e', 'e', 'some(where (p.eft == allow))');
+    m.addDef('m', 'm', 'g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act');
+
+    final e = Enforcer.fromModelAndAdapter(m);
+
+    e.addPermissionForUser('alice', ['data1', 'read']);
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+    e.addRoleForUser('alice', 'data2_admin');
+
+    e.deletePermissionForUser('alice', ['data1', 'read']);
+    e.deletePermissionForUser('bob', ['data2', 'write']);
+    e.deletePermissionForUser('data2_admin', ['data2', 'read']);
+    e.deletePermissionForUser('data2_admin', ['data2', 'write']);
+
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+    e.addRoleForUser('alice', 'data2_admin');
+
+    e.deletePermission(['data2', 'write']);
+
+    testEnforce('test 1', e, 'alice', 'data2', 'read', true);
+    testEnforce('test 2', e, 'alice', 'data2', 'write', false);
+    testEnforce('test 3', e, 'bob', 'data2', 'read', false);
+    testEnforce('test 4', e, 'bob', 'data2', 'write', false);
+  });
+
+  group('TestRBACModelInMemory part 5', () {
+    final m = Model();
+    m.addDef('r', 'r', 'sub, obj, act');
+    m.addDef('p', 'p', 'sub, obj, act');
+    m.addDef('g', 'g', '_, _');
+    m.addDef('e', 'e', 'some(where (p.eft == allow))');
+    m.addDef('m', 'm', 'g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act');
+
+    final e = Enforcer.fromModelAndAdapter(m);
+
+    e.addPermissionForUser('alice', ['data1', 'read']);
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+    e.addRoleForUser('alice', 'data2_admin');
+
+    e.deletePermissionForUser('alice', ['data1', 'read']);
+    e.deletePermissionForUser('bob', ['data2', 'write']);
+    e.deletePermissionForUser('data2_admin', ['data2', 'read']);
+    e.deletePermissionForUser('data2_admin', ['data2', 'write']);
+
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+    e.addRoleForUser('alice', 'data2_admin');
+
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+
+    testEnforce('test 1', e, 'alice', 'data2', 'read', true);
+    testEnforce('test 2', e, 'alice', 'data2', 'write', true);
+    testEnforce('test 3', e, 'bob', 'data2', 'read', false);
+    testEnforce('test 4', e, 'bob', 'data2', 'write', true);
+  });
+
+  group('TestRBACModelInMemory part 6', () {
+    final m = Model();
+    m.addDef('r', 'r', 'sub, obj, act');
+    m.addDef('p', 'p', 'sub, obj, act');
+    m.addDef('g', 'g', '_, _');
+    m.addDef('e', 'e', 'some(where (p.eft == allow))');
+    m.addDef('m', 'm', 'g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act');
+
+    final e = Enforcer.fromModelAndAdapter(m);
+
+    e.addPermissionForUser('alice', ['data1', 'read']);
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+    e.addRoleForUser('alice', 'data2_admin');
+
+    e.deletePermissionForUser('alice', ['data1', 'read']);
+    e.deletePermissionForUser('bob', ['data2', 'write']);
+    e.deletePermissionForUser('data2_admin', ['data2', 'read']);
+    e.deletePermissionForUser('data2_admin', ['data2', 'write']);
+
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+    e.addRoleForUser('alice', 'data2_admin');
+
+    e.addPermissionForUser('bob', ['data2', 'write']);
+    e.addPermissionForUser('data2_admin', ['data2', 'read']);
+    e.addPermissionForUser('data2_admin', ['data2', 'write']);
+
+    e.deletePermissionsForUser('data2_admin');
+
+    testEnforce('test 1', e, 'alice', 'data2', 'read', false);
+    testEnforce('test 2', e, 'alice', 'data2', 'write', false);
+    testEnforce('test 3', e, 'bob', 'data2', 'read', false);
+    testEnforce('test 4', e, 'bob', 'data2', 'write', true);
+  });
 }