policyline
Version:
Attributes Based Access Control library for Node.JS
118 lines (108 loc) • 2.92 kB
JavaScript
let expect = require('chai').expect;
let PolicyLine = require('../dist/policyline.min');
let Policy = PolicyLine.Policy;
describe("Policy Group", function () {
it(": group condition - two operands", function () {
let policyGroup = { // all algorithms set in 'all' by default
expression: '(admin OR super_admin)OR(user AND location)',
policies: {
user: {
effect: "permit",
target: [
'resource.occupation="host"..regExp',
'resource.age>=17'
]
},
location: {
effect: "permit",
target: [
'resource.age<66',
'resource.name.last="Ghost"',
'resource.likes~=["vaporizing", "talking"]',
]
},
admin: {
target: [
'user.role="admin"',
'resource.test="test"'
],
effect: "permit",
},
super_admin: {
target: [
'user.role="super_admin"',
'resource.test="second_test"'
],
effect: "permit"
}
}
};
// mongoose 'find' object from 'http://mongoosejs.com/docs/queries.html'
let result = {
occupation: /host/,
'name.last': 'Ghost',
age: {
$gte: 17,
$lt: 66
},
likes: {
$in: ['vaporizing', 'talking']
}
};
let policy = new Policy(policyGroup);
expect(policy.check({
user: {},
action: {},
env: {}
})).to.equal(true);
expect(policy.getConditions()).to.deep.equal(result);
});
it(": group condition - one operand", function () {
let policyGroup = { // all algorithms set in 'all' by default
expression: '(admin OR super_admin)OR(user AND location)',
policies: {
user: {
effect: "permit",
target: [
'resource.occupation="host/"..regExp',
'resource.age>=17'
]
},
location: {
effect: "permit",
target: [
'resource.age<66',
'resource.name.last="Ghost"',
'resource.likes~=["vaporizing", "talking"]',
]
},
admin: {
target: [
'user.role="admin"',
'resource.test="test"'
],
effect: "permit",
},
super_admin: {
target: [
'user.role="super_admin"',
'resource.test="second_test"'
],
effect: "permit"
}
}
};
// mongoose 'find' object from 'http://mongoosejs.com/docs/queries.html'
let result = {test: 'test'};
let policy = new Policy(policyGroup);
expect(policy.check({
user: {
role: 'admin',
},
env: {},
action: {},
})).to.equal(true);
expect(policy.getConditions()).to.deep.equal(result);
});
// todo watchers policy group testing
});