public void Test_Creation_CacheCreated()
{
CachingEntityAccessControlChecker cachingEntityAccessControlChecker;
cachingEntityAccessControlChecker = new CachingEntityAccessControlChecker();
Assert.That(cachingEntityAccessControlChecker, Has.Property("Cache").Not.Null);
}
public void Test_CheckTypeAccess_SingleCached( )
{
CachingEntityAccessControlChecker checker;
MockRepository mockRepository;
Mock <IEntityAccessControlChecker> mockChecker;
IList <EntityType> entityTypes;
EntityRef user;
EntityRef permission;
entityTypes = new[] { new EntityType() };
user = new EntityRef(100);
permission = new EntityRef(101);
mockRepository = new MockRepository(MockBehavior.Strict);
mockChecker = mockRepository.Create <IEntityAccessControlChecker>();
checker = new CachingEntityAccessControlChecker(mockChecker.Object);
checker.Cache.Add(new UserEntityPermissionTuple(user.Id, entityTypes.First().Id, new[] { permission.Id }), false);
Assert.That(checker.CheckTypeAccess(entityTypes, permission, user), Is.EquivalentTo(entityTypes.ToDictionary(et => et.Id, et => false)));
mockRepository.VerifyAll();
Assert.That(checker.Cache.Count, Is.EqualTo(1), "Incorrect cache count");
Assert.That(
checker.Cache,
Has.Exactly(1)
.Property("Key").EqualTo(new UserEntityPermissionTuple(user.Id, entityTypes.First().Id, new[] { permission.Id }))
.And.Property("Value").EqualTo(false), "Not cached");
}
public void Test_CheckTypeAccess_SingleUncached( )
{
CachingEntityAccessControlChecker checker;
MockRepository mockRepository;
Mock <IEntityAccessControlChecker> mockChecker;
IList <EntityType> entityTypes;
EntityRef user;
EntityRef permission;
Expression <Func <IEntityAccessControlChecker, IDictionary <long, bool> > > canCreate;
entityTypes = new[] { new EntityType() };
user = new EntityRef(100);
permission = new EntityRef(100);
canCreate = c => c.CheckTypeAccess(It.Is <IList <EntityType> >(ets => ets.SequenceEqual(entityTypes)), permission, user);
mockRepository = new MockRepository(MockBehavior.Strict);
mockChecker = mockRepository.Create <IEntityAccessControlChecker>();
mockChecker
.Setup(canCreate)
.Returns(entityTypes.ToDictionary(et => et.Id, et => true));
checker = new CachingEntityAccessControlChecker(mockChecker.Object);
Assert.That(checker.CheckTypeAccess(entityTypes, permission, user), Is.EquivalentTo(entityTypes.ToDictionary(et => et.Id, et => true)));
mockRepository.VerifyAll();
mockChecker.Verify(canCreate, Times.Once);
Assert.That(checker.Cache.Count, Is.EqualTo(1), "Incorrect cache count");
Assert.That(
checker.Cache,
Has.Exactly(1)
.Property("Key").EqualTo(new UserEntityPermissionTuple(user.Id, entityTypes.First().Id, new[] { permission.Id }))
.And.Property("Value").EqualTo(true), "Not cached");
}
public void Test_Clear()
{
CachingEntityAccessControlChecker cachingEntityAccessControlChecker;
Mock <IEntityAccessControlChecker> entityAccessControlChecker;
EntityRef[] entities;
EntityRef[] permissions;
EntityRef user;
entities = new EntityRef[] { 1 };
permissions = new[] { Permissions.Read };
user = new EntityRef(2);
entityAccessControlChecker = new Mock <IEntityAccessControlChecker>(MockBehavior.Strict);
entityAccessControlChecker
.Setup(eacc => eacc.CheckAccess(
It.Is <IList <EntityRef> >(e => e.SequenceEqual(entities, EntityRefComparer.Instance)),
It.Is <IList <EntityRef> >(p => p.SequenceEqual(permissions, EntityRefComparer.Instance)),
It.IsAny <EntityRef>()))
.Returns(new Dictionary <long, bool>()
{
{ entities.First().Id, true }
});
cachingEntityAccessControlChecker = new CachingEntityAccessControlChecker(entityAccessControlChecker.Object);
cachingEntityAccessControlChecker.CheckAccess(entities, permissions, user);
// Sanity check
Assert.That(cachingEntityAccessControlChecker.Cache, Has.Property("Count").Positive, "Not cached");
cachingEntityAccessControlChecker.Clear();
Assert.That(cachingEntityAccessControlChecker.Cache, Has.Property("Count").EqualTo(0), "Not cleared");
}
public void Test_CheckAccess_MultiplePermissions()
{
CachingEntityAccessControlChecker cachingEntityAccessControlChecker;
Mock <IEntityAccessControlChecker> entityAccessControlChecker;
EntityRef[] entities;
EntityRef[] permissions;
EntityRef user;
IDictionary <long, bool> result;
using (DatabaseContext.GetContext(true))
{
entities = new EntityRef[] { 1, 2 };
permissions = new[] { Permissions.Read, Permissions.Modify };
user = new EntityRef(100);
entityAccessControlChecker = new Mock <IEntityAccessControlChecker>(MockBehavior.Strict);
entityAccessControlChecker
.Setup(eacc => eacc.CheckAccess(
It.Is <IList <EntityRef> >(e => e.SequenceEqual(entities, EntityRefComparer.Instance)),
It.Is <IList <EntityRef> >(p => p.SequenceEqual(permissions, EntityRefComparer.Instance)),
It.IsAny <EntityRef>()))
.Returns(new Dictionary <long, bool>()
{
{ entities[0].Id, true }, { entities[1].Id, false }
});
cachingEntityAccessControlChecker = new CachingEntityAccessControlChecker(entityAccessControlChecker.Object);
result = cachingEntityAccessControlChecker.CheckAccess(entities, permissions, user);
// Check results
Assert.That(result, Has.Property("Count").EqualTo(2));
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entities[0].Id).And.Property("Value").EqualTo(true));
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entities[1].Id).And.Property("Value").EqualTo(false));
// Ensure that it is cached
Assert.That(cachingEntityAccessControlChecker.Cache,
Has.Exactly(1)
.Property("Key").EqualTo(new UserEntityPermissionTuple(user.Id, entities[0].Id, permissions.Select(x => x.Id)))
.And.Property("Value").True);
Assert.That(cachingEntityAccessControlChecker.Cache,
Has.Exactly(1)
.Property("Key").EqualTo(new UserEntityPermissionTuple(user.Id, entities[1].Id, permissions.Select(x => x.Id)))
.And.Property("Value").False);
// Second call
result = cachingEntityAccessControlChecker.CheckAccess(entities, permissions, user);
// Check results
Assert.That(result, Has.Property("Count").EqualTo(2));
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entities[0].Id).And.Property("Value").EqualTo(true));
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entities[1].Id).And.Property("Value").EqualTo(false));
// Ensure that CheckAccess was only called once for each Setup call.
entityAccessControlChecker.VerifyAll();
}
}
public void Test_Ctor()
{
CachingEntityAccessControlChecker cachingEntityAccessControlChecker;
cachingEntityAccessControlChecker = new CachingEntityAccessControlChecker();
Assert.That(cachingEntityAccessControlChecker, Has.Property("Cache").Empty);
Assert.That(cachingEntityAccessControlChecker, Has.Property("CacheInvalidator").Not.Null);
Assert.That(cachingEntityAccessControlChecker, Has.Property("Checker").Not.Null);
Assert.That(cachingEntityAccessControlChecker, Has.Property("CacheName").EqualTo("Access control"));
}
public void Test_CheckTypeAccess_SecurityBypass( )
{
CachingEntityAccessControlChecker checker;
MockRepository mockRepository;
Mock <IEntityAccessControlChecker> mockChecker;
IList <EntityType> entityTypes;
EntityRef user;
EntityRef permission;
Expression <Func <IEntityAccessControlChecker, IDictionary <long, bool> > > canCreate;
IDictionary <long, bool> result;
entityTypes = new[] { new EntityType(), new EntityType() };
user = new EntityRef(100);
permission = new EntityRef(101);
canCreate = c => c.CheckTypeAccess(It.Is <IList <EntityType> >(ets => ets.SequenceEqual(entityTypes)), permission, user);
mockRepository = new MockRepository(MockBehavior.Strict);
mockChecker = mockRepository.Create <IEntityAccessControlChecker>();
mockChecker.Setup(canCreate).Returns(entityTypes.ToDictionary(et => et.Id, et => true));
checker = new CachingEntityAccessControlChecker(mockChecker.Object);
checker.Cache.Add(new UserEntityPermissionTuple(user.Id, entityTypes[0].Id, new[] { permission.Id }), false);
using (new SecurityBypassContext())
{
result = checker.CheckTypeAccess(entityTypes, permission, user);
}
Assert.That(result, Has.Count.EqualTo(2));
Assert.That(result, Has.All.Property("Value").EqualTo(true));
Assert.That(result.Keys, Is.EquivalentTo(entityTypes.Select(et => et.Id)));
mockRepository.VerifyAll();
mockChecker.Verify(canCreate, Times.Once);
Assert.That(checker.Cache.Count, Is.EqualTo(1), "Cache contents changed");
Assert.That(
checker.Cache,
Has.Exactly(1)
.Property("Key").EqualTo(new UserEntityPermissionTuple(user.Id, entityTypes[0].Id, new[] { permission.Id }))
.And.Property("Value").EqualTo(false), "Not cached");
}
public void Test_NoCachingWhenBypassSet()
{
CachingEntityAccessControlChecker cachingEntityAccessControlChecker;
Mock <IEntityAccessControlChecker> entityAccessControlChecker;
EntityRef[] entities;
EntityRef[] permissions;
EntityRef user;
entities = new EntityRef[] { 1 };
permissions = new[] { Permissions.Read };
user = new EntityRef(2);
entityAccessControlChecker = new Mock <IEntityAccessControlChecker>(MockBehavior.Strict);
entityAccessControlChecker
.Setup(eacc => eacc.CheckAccess(
It.Is <IList <EntityRef> >(e => e.SequenceEqual(entities, EntityRefComparer.Instance)),
It.Is <IList <EntityRef> >(p => p.SequenceEqual(permissions, EntityRefComparer.Instance)),
It.IsAny <EntityRef>()))
.Returns(new Dictionary <long, bool>()
{
{ entities.First().Id, true }
});
cachingEntityAccessControlChecker = new CachingEntityAccessControlChecker(entityAccessControlChecker.Object);
Assert.That(cachingEntityAccessControlChecker, Has.Property("Cache").Empty,
"Cache not empty before test");
using (new SecurityBypassContext())
{
cachingEntityAccessControlChecker.CheckAccess(entities, permissions, user);
}
Assert.That(cachingEntityAccessControlChecker, Has.Property("Cache").Empty,
"Cache not empty after test");
entityAccessControlChecker.VerifyAll();
}
