feat: add getUsersForRoleInDomain() (#296)

Signed-off-by: imp2002 <[email protected]>

Signed-off-by: imp2002 <[email protected]>

src/main/java/org/casbin/jcasbin/main/Enforcer.java

@@ -418,6 +418,21 @@ public boolean hasPermissionForUser(String user, List<String> permission) {
         return hasPermissionForUser(user, permission.toArray(new String[0]));
     }
 
+    /**
+     * getUsersForRoleInDomain gets the users that a role has inside a domain.
+     *
+     * @param name   the role.
+     * @param domain the domain.
+     * @return the users that the role has in the domain.
+     */
+    public List<String> getUsersForRoleInDomain(String name, String domain) {
+        try {
+            return model.model.get("g").get("g").rm.getUsers(name, domain);
+        } catch (CasbinNameNotExistException ignored) {
+        }
+        return Collections.emptyList();
+    }
+
     /**
      * getRolesForUserInDomain gets the roles that a user has inside a domain.
      *

src/main/java/org/casbin/jcasbin/main/SyncedEnforcer.java

@@ -1195,21 +1195,16 @@ public boolean hasPermissionForUser(String user, List<String> permission) {
     }
 
     /**
-     * getUsersForRoleInDomain gets the users that has a role inside a domain.
+     * getUsersForRoleInDomain gets the users that a role has inside a domain.
      *
-     * @param name   the user.
+     * @param name   the role.
      * @param domain the domain.
-     * @return the users for role in a domain.
-     */
-//    @Override
-//    public List<String> getUsersForRoleInDomain(String name, String domain) {
-//        try {
-//            READ_WRITE_LOCK.readLock().lock();
-//            return super.getUsersForRoleInDomain(name, domain);
-//        } finally {
-//            READ_WRITE_LOCK.readLock().unlock();
-//        }
-//    }
+     * @return the users that the role has in the domain.
+     */
+    @Override
+    public List<String> getUsersForRoleInDomain(String name, String domain) {
+        return runSynchronized(() -> super.getUsersForRoleInDomain(name, domain), READ_WRITE_LOCK.readLock());
+    }
 
     /**
      * getRolesForUserInDomain gets the roles that a user has inside a domain.

src/test/java/org/casbin/jcasbin/main/RbacAPIWithDomainsUnitTest.java

@@ -48,6 +48,35 @@ public void testRoleAPIWithDomains() {
         testGetRolesInDomain(e, "non_exist", "domain2", asList());
     }
 
+    @Test
+    public void testUserAPIWithDomains() {
+        Enforcer e = new Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv");
+
+        testGetUsersInDomain(e, "alice", "domain1", asList());
+        testGetUsersInDomain(e, "bob", "domain1", asList());
+        testGetUsersInDomain(e, "admin", "domain1", asList("alice"));
+        testGetUsersInDomain(e, "non_exist", "domain1", asList());
+
+        testGetUsersInDomain(e, "alice", "domain2", asList());
+        testGetUsersInDomain(e, "bob", "domain2", asList());
+        testGetUsersInDomain(e, "admin", "domain2", asList("bob"));
+        testGetUsersInDomain(e, "non_exist", "domain2", asList());
+
+        e.deleteRoleForUserInDomain("alice", "admin", "domain1");
+        e.addRoleForUserInDomain("alice", "admin", "domain2");
+        e.addRoleForUserInDomain("bob", "admin", "domain1");
+
+        testGetUsersInDomain(e, "alice", "domain1", asList());
+        testGetUsersInDomain(e, "bob", "domain1", asList());
+        testGetUsersInDomain(e, "admin", "domain1", asList("bob"));
+        testGetUsersInDomain(e, "non_exist", "domain1", asList());
+
+        testGetUsersInDomain(e, "alice", "domain2", asList());
+        testGetUsersInDomain(e, "bob", "domain2", asList());
+        testGetUsersInDomain(e, "admin", "domain2", asList("bob", "alice"));
+        testGetUsersInDomain(e, "non_exist", "domain2", asList());
+    }
+
     @Test
     public void testPermissionAPIInDomain() {
         Enforcer e = new Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv");

src/test/java/org/casbin/jcasbin/main/RbacAPIWithPatternMatchUnitTest.java

@@ -85,6 +85,20 @@ public void testRoleAPIWithDomainMatch() {
         testGetRolesInDomain(e, "bob", "domain2", asList("admin"));
     }
 
+    @Test
+    public void testUserAPIWithDomainMatch() {
+        final Enforcer e = new Enforcer("examples/rbac_with_domain_pattern_model.conf", "examples/rbac_with_domain_pattern_policy.csv");
+        e.setRoleManager(new DomainManager(10, null, BuiltInFunctions::allMatch));
+        e.loadPolicy();
+
+        testGetUsersInDomain(e, "admin", "domain1", asList("alice"));
+        testGetUsersInDomain(e, "admin", "domain2", asList("alice", "bob"));
+        testGetUsersInDomain(e, "admin", "any_domain", asList("alice"));
+
+        testGetUsersInDomain(e, "bob", "domain1", asList());
+        testGetUsersInDomain(e, "alice", "domain2", asList());
+    }
+
     @Test
     public void testImplicitPermissionAPIWithDomainMatch() {
         final Enforcer e = new Enforcer("examples/rbac_with_domain_pattern_model.conf");

src/test/java/org/casbin/jcasbin/main/SyncedRbacAPIWithDomainsUnitTest.java

@@ -17,8 +17,7 @@
 import org.junit.Test;
 
 import static java.util.Arrays.asList;
-import static org.casbin.jcasbin.main.TestUtil.testGetPermissionsInDomain;
-import static org.casbin.jcasbin.main.TestUtil.testGetRolesInDomain;
+import static org.casbin.jcasbin.main.TestUtil.*;
 
 public class SyncedRbacAPIWithDomainsUnitTest {
     @Test
@@ -49,6 +48,35 @@ public void testRoleAPIWithDomains() {
         testGetRolesInDomain(e, "non_exist", "domain2", asList());
     }
 
+    @Test
+    public void testUserAPIWithDomains() {
+        Enforcer e = new SyncedEnforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv");
+
+        testGetUsersInDomain(e, "alice", "domain1", asList());
+        testGetUsersInDomain(e, "bob", "domain1", asList());
+        testGetUsersInDomain(e, "admin", "domain1", asList("alice"));
+        testGetUsersInDomain(e, "non_exist", "domain1", asList());
+
+        testGetUsersInDomain(e, "alice", "domain2", asList());
+        testGetUsersInDomain(e, "bob", "domain2", asList());
+        testGetUsersInDomain(e, "admin", "domain2", asList("bob"));
+        testGetUsersInDomain(e, "non_exist", "domain2", asList());
+
+        e.deleteRoleForUserInDomain("alice", "admin", "domain1");
+        e.addRoleForUserInDomain("alice", "admin", "domain2");
+        e.addRoleForUserInDomain("bob", "admin", "domain1");
+
+        testGetUsersInDomain(e, "alice", "domain1", asList());
+        testGetUsersInDomain(e, "bob", "domain1", asList());
+        testGetUsersInDomain(e, "admin", "domain1", asList("bob"));
+        testGetUsersInDomain(e, "non_exist", "domain1", asList());
+
+        testGetUsersInDomain(e, "alice", "domain2", asList());
+        testGetUsersInDomain(e, "bob", "domain2", asList());
+        testGetUsersInDomain(e, "admin", "domain2", asList("bob", "alice"));
+        testGetUsersInDomain(e, "non_exist", "domain2", asList());
+    }
+
     @Test
     public void testPermissionAPIInDomain() {
         Enforcer e = new SyncedEnforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv");

src/test/java/org/casbin/jcasbin/main/TestUtil.java

@@ -209,6 +209,15 @@ static void testGetRolesInDomain(Enforcer e, String name, String domain, List<St
         }
     }
 
+    static void testGetUsersInDomain(Enforcer e, String name, String domain, List<String> res) {
+        List<String> myRes = e.getUsersForRoleInDomain(name, domain);
+        Util.logPrint("Roles for " + name + " under " + domain + ": " + myRes);
+
+        if (!Util.setEquals(res, myRes)) {
+            fail("Roles for " + name + " under " + domain + ": " + myRes + ", supposed to be " + res);
+        }
+    }
+
     static void testGetPermissionsInDomain(Enforcer e, String name, String domain, List<List<String>> res) {
         List<List<String>> myRes = e.getPermissionsForUserInDomain(name, domain);
         Util.logPrint("Permissions for " + name + " under " + domain + ": " + myRes);