public void CanAssociateAccountWithMultipleGroups()
{
Account ayende = new Account();
ayende.Name = "ayende";
session.Save(ayende);
EntitiesGroup group = authorizationRepository.CreateEntitiesGroup("Accounts");
EntitiesGroup group2 = authorizationRepository.CreateEntitiesGroup("Accounts of second group");
authorizationRepository.AssociateEntityWith(ayende, "Accounts");
authorizationRepository.AssociateEntityWith(ayende, "Accounts of second group");
session.Flush();
session.Evict(ayende);
session.Evict(group);
session.Evict(group2);
EntitiesGroup[] groups = authorizationRepository.GetAssociatedEntitiesGroupsFor(ayende);
Assert.Equal(2, groups.Length);
Assert.Equal("Accounts", groups[0].Name);
Assert.Equal("Accounts of second group", groups[1].Name);
}
/// <summary>
/// Removes the specified entities group.
/// Will also delete all permissions that are associated with this group.
/// </summary>
/// <param name="entitesGroupName">Name of the entites group.</param>
public virtual void RemoveEntitiesGroup(string entitesGroupName)
{
EntitiesGroup group = GetEntitiesGroupByName(entitesGroupName);
if (group == null)
{
return;
}
Guard.Against(group.DirectChildren.Count != 0, "Cannot remove entity group '" + entitesGroupName + "' because is has child groups. Remove those groups and try again.");
session.CreateQuery("delete Permission p where p.EntitiesGroup = :group")
.SetEntity("group", group)
.ExecuteUpdate();
// we have to do this in order to ensure that we play
// nicely with the second level cache and collection removals
if (group.Parent != null)
{
group.Parent.DirectChildren.Remove(group);
}
foreach (EntitiesGroup parent in group.AllParents)
{
parent.AllChildren.Remove(group);
}
group.AllParents.Clear();
group.Entities.Clear();
session.Delete(group);
}
public void AssociateEntityWith <TEntity>(TEntity entity, EntitiesGroup entitiesGroup) where TEntity : IEntityInformationExtractor <TEntity>
{
var key = entity.SecurityKey;
var reference = GetOrCreateEntityReference <TEntity>(key);
entitiesGroup.Entities.Add(reference);
}
/// <summary>
/// Associates the entity with a group with the specified name
/// </summary>
/// <typeparam name="TEntity">The type of the entity.</typeparam>
/// <param name="entity">The entity.</param>
/// <param name="groupName">Name of the group.</param>
public virtual void AssociateEntityWith <TEntity>(TEntity entity, string groupName) where TEntity : class
{
EntitiesGroup entitiesGroup = GetEntitiesGroupByName(groupName);
Guard.Against <ArgumentException>(entitiesGroup == null, "There is no entities group named: " + groupName);
AssociateEntityWith(entity, entitiesGroup);
}
/// <summary>
/// Associates the entity with the specified group
/// </summary>
/// <typeparam name="TEntity">The type of the entity.</typeparam>
/// <param name="entity">The entity.</param>
/// <param name="entitiesGroup">The entities group.</param>
public void AssociateEntityWith <TEntity>(TEntity entity, EntitiesGroup entitiesGroup) where TEntity : class
{
Guid key = Security.ExtractKey(entity);
EntityReference reference = GetOrCreateEntityReference <TEntity>(key);
entitiesGroup.Entities.Add(reference);
}
/// <summary>
/// Creates a new entities group.
/// </summary>
/// <param name="name">The name of the new group.</param>
public virtual EntitiesGroup CreateEntitiesGroup(string name)
{
EntitiesGroup eg = new EntitiesGroup {
Name = name
};
session.Save(eg);
return(eg);
}
///<summary>
/// Renames an existing entities group
///</summary>
///<param name="entitiesGroupName">The name of the entities group to rename</param>
///<param name="newName">The new name of the entities group</param>
///<returns>The renamed group</returns>
public virtual EntitiesGroup RenameEntitiesGroup(string entitiesGroupName, string newName)
{
EntitiesGroup group = GetEntitiesGroupByName(entitiesGroupName);
Guard.Against(group == null, "There is no entities group named: " + entitiesGroupName);
group.Name = newName;
session.Save(group);
return(group);
}
/// <summary>
/// Set the entity group this permission is built for
/// </summary>
/// <param name="entitiesGroupName">Name of the entities group.</param>
/// <returns></returns>
public ILevelPermissionBuilder On(string entitiesGroupName)
{
EntitiesGroup entitiesGroup =
permissionBuilderService
.authorizationRepository
.GetEntitiesGroupByName(entitiesGroupName);
Guard.Against <ArgumentException>(entitiesGroup == null,
"There is no entities group named: " + entitiesGroupName);
return(On(entitiesGroup));
}
private void AddDefaultPermissions(Operation operation, User toUser)
{
EntitiesGroup group = authorizationRepository.CreateEntitiesGroup("Assigned to " + toUser.Name);
permissionsBuilderService
.Allow(operation)
.For(toUser)
.On(group)
.DefaultLevel()
.Save();
}
public void CanGetEntitiesGroupByName()
{
EntitiesGroup group = authorizationRepository.CreateEntitiesGroup("Accounts");
session.Flush();
session.Evict(group);
group = authorizationRepository.GetEntitiesGroupByName("Accounts");
Assert.NotNull(group);
}
/// <summary>
/// Removes the entities from the specified group
/// </summary>
/// <typeparam name="TEntity">The type of the entity.</typeparam>
/// <param name="entity">The entity.</param>
/// <param name="entitiesGroupName">Name of the entities group.</param>
public void DetachEntityFromGroup <TEntity>(TEntity entity, string entitiesGroupName) where TEntity : class
{
EntitiesGroup entitiesGroup = GetEntitiesGroupByName(entitiesGroupName);
Guard.Against <ArgumentException>(entitiesGroup == null,
"There is no entities group named: " + entitiesGroupName);
Guid key = Security.ExtractKey(entity);
EntityReference reference = GetOrCreateEntityReference <TEntity>(key);
entitiesGroup.Entities.Remove(reference);
}
public void CanCreateEntitesGroup()
{
EntitiesGroup group = authorizationRepository.CreateEntitiesGroup("Accounts");
session.Flush();
session.Evict(group);
EntitiesGroup groupFromDb = session.Get <EntitiesGroup>(group.Id);
Assert.NotNull(groupFromDb);
Assert.Equal(group.Name, groupFromDb.Name);
}
public void DeeplyNestedEntitiesGroup()
{
EntitiesGroup group = authorizationRepository.CreateEntitiesGroup("Root");
for (int j = 0; j < 50; j++)
{
group = authorizationRepository.CreateChildEntityGroupOf(group.Name, "Child #" + j);
}
authorizationRepository.AssociateEntityWith(account, "Child #49");
EntitiesGroup[] groups = authorizationRepository.GetAncestryAssociationOfEntity(account, "Root");
Assert.Equal(51, groups.Length);
}
public void CanRemoveNestedEntityGroup()
{
EntitiesGroup regularAccounts = authorizationRepository.CreateChildEntityGroupOf("Important Accounts",
"Regular Accounts");
authorizationRepository.RemoveEntitiesGroup("Regular Accounts");
Assert.Null(authorizationRepository.GetEntitiesGroupByName("Regular Accounts"));
EntitiesGroup importantAccounts = authorizationRepository.GetEntitiesGroupByName("Important Accounts");
Assert.Equal(0, importantAccounts.DirectChildren.Count);
Assert.Equal(0, importantAccounts.AllChildren.Count);
Assert.Equal(0, regularAccounts.AllParents.Count);
}
/// <summary>
/// Gets the ancestry association of an entity with the named entity group.
/// This allows to track how an entity is associated to a group through
/// their ancestry.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="entityGroupName">Name of the entity group.</param>
/// <returns></returns>
public virtual EntitiesGroup[] GetAncestryAssociationOfEntity <TEntity>(TEntity entity, string entityGroupName) where TEntity : class
{
EntitiesGroup desiredGroup = GetEntitiesGroupByName(entityGroupName);
ICollection <EntitiesGroup> directGroups =
SecurityCriterions.DirectEntitiesGroups(entity)
.GetExecutableCriteria(session)
.SetCacheable(true)
.List <EntitiesGroup>();
if (directGroups.Contains(desiredGroup))
{
return(new[] { desiredGroup });
}
// as a nice benefit, this does an eager load of all the groups in the hierarchy
// in an efficient way, so we don't have SELECT N + 1 here, nor do we need
// to load the Entities collection (which may be very large) to check if we are associated
// directly or not
EntitiesGroup[] associatedGroups = GetAssociatedEntitiesGroupsFor(entity);
if (Array.IndexOf(associatedGroups, desiredGroup) == -1)
{
return(new EntitiesGroup[0]);
}
// now we need to find out the path to it
List <EntitiesGroup> shortest = new List <EntitiesGroup>();
foreach (EntitiesGroup entitiesGroup in associatedGroups)
{
List <EntitiesGroup> path = new List <EntitiesGroup>();
EntitiesGroup current = entitiesGroup;
while (current != null && current != desiredGroup)
{
path.Add(current);
current = current.Parent;
}
if (current != null)
{
path.Add(current);
}
// Valid paths are those that are contains the desired group
// and start in one of the groups that are directly associated
// with the user
if (path.Contains(desiredGroup) && directGroups.Contains(path[0]))
{
shortest = Min(shortest, path);
}
}
return(shortest.ToArray());
}
/// <summary>
/// Creates the entity group as a child of <paramref name="parentGroupName"/>.
/// </summary>
/// <param name="parentGroupName">Name of the parent group.</param>
/// <param name="usersGroupName">Name of the users group.</param>
/// <returns></returns>
public virtual EntitiesGroup CreateChildEntityGroupOf(string parentGroupName, string usersGroupName)
{
EntitiesGroup parent = GetEntitiesGroupByName(parentGroupName);
Guard.Against <ArgumentException>(parent == null,
"Parent users group '" + parentGroupName + "' does not exists");
EntitiesGroup group = CreateEntitiesGroup(usersGroupName);
group.Parent = parent;
group.AllParents.AddAll(parent.AllParents);
group.AllParents.Add(parent);
parent.DirectChildren.Add(group);
parent.AllChildren.Add(group);
return(group);
}
public void CannotRenameEntitiesGroupToAnAlreadyExistingEntitiesGroup()
{
EntitiesGroup group = authorizationRepository.CreateEntitiesGroup("Accounts");
EntitiesGroup group2 = authorizationRepository.CreateEntitiesGroup("ExistingGroup");
session.Flush();
session.Evict(group);
session.Evict(group2);
Exception exception = Assert.Throws <GenericADOException>(
() =>
{
authorizationRepository.RenameEntitiesGroup("Accounts", "ExistingGroup");
session.Flush();
}).InnerException;
Assert.Contains("unique", exception.Message);
}
public void CanAssociateAccountWithNestedGroup()
{
Account beto = new Account();
beto.Name = "beto account";
session.Save(beto);
authorizationRepository.CreateEntitiesGroup("Executive Accounts");
EntitiesGroup group = authorizationRepository.CreateChildEntityGroupOf("Executive Accounts", "Manager Accounts");
authorizationRepository.AssociateEntityWith(beto, "Manager Accounts");
session.Flush();
session.Evict(beto);
session.Evict(group);
EntitiesGroup[] groups = authorizationRepository.GetAssociatedEntitiesGroupsFor(beto);
Assert.Equal(2, groups.Length);
Assert.Equal("Executive Accounts", groups[0].Name);
Assert.Equal("Manager Accounts", groups[1].Name);
}
/// <summary>
/// Set the entity group this permission is built for
/// </summary>
/// <param name="entitiesGroup">The entities group.</param>
/// <returns></returns>
public ILevelPermissionBuilder On(EntitiesGroup entitiesGroup)
{
permission.EntitiesGroup = entitiesGroup;
return(this);
}
