test: added tests cases for possible bug with subjectPriority and loadPolicy

ajfranzoia · ajfranzoia · commit a3ae02958880 · 2025-06-29T15:23:07.000-03:00
diff --git a/examples/subject_priority_policy_simple.csv b/examples/subject_priority_policy_simple.csv
@@ -0,0 +1,3 @@
+p, group, data1, read, deny
+p, user, data1, read, allow
+g, user, group
diff --git a/test/enforcer.test.ts b/test/enforcer.test.ts
@@ -733,6 +733,42 @@ test('TestSubjectPriority', async () => {
   testEnforceEx(e, 'alice', 'data1', 'read', [true, ['alice', 'data1', 'read', 'allow']]);
 });
 
+test('TestSubjectPriority with CSV converted to addPolicy/addGroupingPolicy', async () => {
+  const e = await newEnforcer('examples/subject_priority_model.conf');
+
+  await e.addPolicy('root', 'data1', 'read', 'deny');
+  await e.addPolicy('admin', 'data1', 'read', 'deny');
+  await e.addPolicy('editor', 'data1', 'read', 'deny');
+  await e.addPolicy('subscriber', 'data1', 'read', 'deny');
+  await e.addPolicy('jane', 'data1', 'read', 'allow');
+  await e.addPolicy('alice', 'data1', 'read', 'allow');
+
+  await e.addGroupingPolicy('admin', 'root');
+  await e.addGroupingPolicy('editor', 'admin');
+  await e.addGroupingPolicy('subscriber', 'admin');
+  await e.addGroupingPolicy('jane', 'editor');
+  await e.addGroupingPolicy('alice', 'subscriber');
+
+  testEnforceEx(e, 'jane', 'data1', 'read', [true, ['jane', 'data1', 'read', 'allow']]);
+  testEnforceEx(e, 'alice', 'data1', 'read', [true, ['alice', 'data1', 'read', 'allow']]);
+});
+
+test('TestSubjectPriority simpler with CSV', async () => {
+  const e = await newEnforcer('examples/subject_priority_model.conf', 'examples/subject_priority_policy_simple.csv');
+
+  testEnforceEx(e, 'user', 'data1', 'read', [true, ['user', 'data1', 'read', 'allow']]);
+});
+
+test('TestSubjectPriority simpler with addPolicy', async () => {
+  const e = await newEnforcer('examples/subject_priority_model.conf');
+
+  await e.addPolicy('group', 'data1', 'read', 'deny');
+  await e.addPolicy('user', 'data1', 'read', 'allow');
+  await e.addGroupingPolicy('user', 'group');
+
+  testEnforceEx(e, 'user', 'data1', 'read', [true, ['user', 'data1', 'read', 'allow']]);
+});
+
 test('TestSubjectPriorityWithDomain', async () => {
   const e = await newEnforcer('examples/subject_priority_model_with_domain.conf', 'examples/subject_priority_policy_with_domain.csv');
   testEnforceEx(e, 'alice', 'data1', 'write', [true, ['alice', 'data1', 'domain1', 'write', 'allow']], 'domain1');
diff --git a/test/model.test.ts b/test/model.test.ts
@@ -447,3 +447,23 @@ test('ABACModelWithInOperator', async () => {
 
   await expect(e.enforce(rule1, rule2)).resolves.toBe(true);
 });
+
+test('TestPriorityModel SUBJECT', async () => {
+  const e = await newEnforcer('examples/subject_priority_model.conf');
+
+  await e.addPolicy('root', 'data1', 'read', 'deny');
+  await e.addPolicy('admin', 'data1', 'read', 'deny');
+  await e.addPolicy('editor', 'data1', 'read', 'deny');
+  await e.addPolicy('subscriber', 'data1', 'read', 'deny');
+  await e.addPolicy('jane', 'data1', 'read', 'allow');
+  await e.addPolicy('alice', 'data1', 'read', 'allow');
+
+  await e.addGroupingPolicy('admin', 'root');
+  await e.addGroupingPolicy('editor', 'admin');
+  await e.addGroupingPolicy('subscriber', 'admin');
+  await e.addGroupingPolicy('jane', 'editor');
+  await e.addGroupingPolicy('alice', 'subscriber');
+
+  await testEnforce(e, 'jane', 'data1', 'read', true);
+  await testEnforce(e, 'alice', 'data1', 'read', true);
+});

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+p, group, data1, read, deny`
	`2`	`+p, user, data1, read, allow`
	`3`	`+g, user, group`