Beispiel #1
0
        public void SimpleRowPermissionRules()
        {
            InsertCurrentPrincipal(); // Not related to row permissions.

            // Insert the test data (server code bypasses row permissions):

            using (var scope = TestScope.Create())
            {
                var repository = scope.Resolve <Common.DomRepository>();
                var context    = scope.Resolve <Common.ExecutionContext>();
                repository.DemoRowPermissions1.Document.Delete(repository.DemoRowPermissions1.Document.Query());
                repository.DemoRowPermissions1.Employee.Delete(repository.DemoRowPermissions1.Employee.Query());
                repository.DemoRowPermissions1.Division.Delete(repository.DemoRowPermissions1.Division.Query());

                var div1 = new DemoRowPermissions1.Division {
                    Name = "div1"
                };
                var div2 = new DemoRowPermissions1.Division {
                    Name = "div2"
                };
                repository.DemoRowPermissions1.Division.Insert(new[] { div1, div2 });

                // The current user:
                var emp1 = new DemoRowPermissions1.Employee
                {
                    UserName   = context.UserInfo.UserName,
                    DivisionID = div1.ID
                };
                repository.DemoRowPermissions1.Employee.Insert(new[] { emp1 });

                // The user can access doc1, because it's in the same division:
                var doc1 = new DemoRowPermissions1.Document {
                    Title = "doc1", DivisionID = div1.ID
                };
                // The user cannot access doc2:
                var doc2 = new DemoRowPermissions1.Document {
                    Title = "doc2", DivisionID = div2.ID
                };
                repository.DemoRowPermissions1.Document.Insert(new[] { doc1, doc2 });

                scope.CommitAndClose();
            }

            // Simulate client request: Reading all documents (access denied)

            using (var scope = TestScope.Create(builder => builder.ConfigureIgnoreClaims()))
            {
                var processingEngine = scope.Resolve <IProcessingEngine>();
                var serverCommand    = new ReadCommandInfo
                {
                    DataSource  = typeof(DemoRowPermissions1.Document).FullName,
                    ReadRecords = true
                };
                var serverResponse = processingEngine.Execute(new[] { serverCommand });
                var report         = GenerateReport(serverResponse);
                Console.WriteLine("Server response: " + report);
                Assert.IsTrue(report.Contains("You are not authorized"));
            }

            // Simulate client request: Reading the user's documents

            using (var scope = TestScope.Create(builder => builder.ConfigureIgnoreClaims()))
            {
                var processingEngine = scope.Resolve <IProcessingEngine>();
                var serverCommand    = new ReadCommandInfo
                {
                    DataSource  = typeof(DemoRowPermissions1.Document).FullName,
                    ReadRecords = true,
                    Filters     = new[] { new FilterCriteria(typeof(Common.RowPermissionsReadItems)) }
                };
                var serverResponse = processingEngine.Execute(new[] { serverCommand });
                var report         = GenerateReport(serverResponse);
                Console.WriteLine("Server response: " + report);
                Assert.AreEqual("doc1", report);
            }
        }
        public void SimpleRowPermissionRules()
        {
            InsertCurrentPrincipal(); // Not related to row permissions.

            // Insert the test data (server code bypasses row permissions):

            using (var container = new RhetosTestContainer(commitChanges: true))
            {
                var repository = container.Resolve<Common.DomRepository>();
                var context = container.Resolve<Common.ExecutionContext>();
                repository.DemoRowPermissions1.Document.Delete(repository.DemoRowPermissions1.Document.All());
                repository.DemoRowPermissions1.Employee.Delete(repository.DemoRowPermissions1.Employee.All());
                repository.DemoRowPermissions1.Division.Delete(repository.DemoRowPermissions1.Division.All());

                var div1 = new DemoRowPermissions1.Division { Name = "div1" };
                var div2 = new DemoRowPermissions1.Division { Name = "div2" };
                repository.DemoRowPermissions1.Division.Insert(new[] { div1, div2 });

                // The current user:
                var emp1 = new DemoRowPermissions1.Employee
                {
                    UserName = context.UserInfo.UserName,
                    DivisionID = div1.ID
                };
                repository.DemoRowPermissions1.Employee.Insert(new[] { emp1 });

                // The user can access doc1, because it's in the same division:
                var doc1 = new DemoRowPermissions1.Document { Title = "doc1", DivisionID = div1.ID };
                // The user cannot access doc2:
                var doc2 = new DemoRowPermissions1.Document { Title = "doc2", DivisionID = div2.ID };
                repository.DemoRowPermissions1.Document.Insert(new[] { doc1, doc2 });
            }

            // Simulate client request: Reading all documents (access denied)

            using (var container = new RhetosTestContainer())
            {
                container.AddIgnoreClaims();
                var processingEngine = container.Resolve<IProcessingEngine>();
                var serverCommand = new ReadCommandInfo
                {
                    DataSource = typeof(DemoRowPermissions1.Document).FullName,
                    ReadRecords = true
                };
                var serverResponse = processingEngine.Execute(new[] { serverCommand });
                var report = GenerateReport(serverResponse);
                Console.WriteLine("Server response: " + report);
                Assert.IsTrue(report.Contains("You are not authorized"));
            }

            // Simulate client request: Reading the user's documents

            using (var container = new RhetosTestContainer())
            {
                container.AddIgnoreClaims();
                var processingEngine = container.Resolve<IProcessingEngine>();
                var serverCommand = new ReadCommandInfo
                {
                    DataSource = typeof(DemoRowPermissions1.Document).FullName,
                    ReadRecords = true,
                    Filters = new[] { new FilterCriteria(typeof(Common.RowPermissionsReadItems)) }
                };
                var serverResponse = processingEngine.Execute(new[] { serverCommand });
                var report = GenerateReport(serverResponse);
                Console.WriteLine("Server response: " + report);
                Assert.AreEqual("doc1", report);
            }
        }