Beispiel #1
0
        public void Operation_Deny_Direct_To_User()
        {
            EngineFactory   factory    = new EngineFactory();
            ISecurityEngine engine     = factory.CreateEngine();
            ISecurityItem   operation1 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation1");
            ISecurityItem   operation2 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation2");
            ISecurityItem   task       = engine.Store.AddSecurityItem().AddBagItem(Name, "Task");

            task.Children.Add(operation1);
            task.Children.Add(operation2);
            ISecurityItem     hasNoAccessFromUserOperation = engine.Store.AddSecurityItem().AddBagItem(Name, "HasNoAccessFromUserOperation");
            ISecurityIdentity user = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user");

            engine.Store.AccessAuthorize(user, task);
            engine.Store.AccessAuthorize(user, operation1).Deny();

            ICheckAccessResult operation1AccessResult = engine.CheckAccess(user, operation1);
            ICheckAccessResult operation2AccessResult = engine.CheckAccess(user, operation2);
            ICheckAccessResult taskAccessResult       = engine.CheckAccess(user, task);
            ICheckAccessResult hasNoAccessFromUserOperationAccessResult = engine.CheckAccess(user, hasNoAccessFromUserOperation);


            Assert.False(operation1AccessResult.HasAccess());
            Assert.True(operation2AccessResult.HasAccess());
            Assert.True(taskAccessResult.HasAccess());
            Assert.False(hasNoAccessFromUserOperationAccessResult.HasAccess());
        }
Beispiel #2
0
        public void Operation_Access_Operation_Direct_To_User()
        {
            EngineFactory     factory   = new EngineFactory();
            ISecurityEngine   engine    = factory.CreateEngine();
            ISecurityItem     operation = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation");
            ISecurityItem     hasNoAccessFromUserOperation = engine.Store.AddSecurityItem().AddBagItem(Name, "HasNoAccessFromUserOperation");
            ISecurityIdentity user = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user");

            engine.Store.AccessAuthorize(user, operation);

            ICheckAccessResult operationAccessResult = engine.CheckAccess(user, operation);
            ICheckAccessResult hasNoAccessFromUserOperationAccessResult = engine.CheckAccess(user, hasNoAccessFromUserOperation);


            Assert.True(operationAccessResult.HasAccess());
            Assert.False(hasNoAccessFromUserOperationAccessResult.HasAccess());
        }
Beispiel #3
0
        public void Operation_Access_To_Group()
        {
            EngineFactory     factory    = new EngineFactory();
            ISecurityEngine   engine     = factory.CreateEngine();
            ISecurityItem     operation  = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation");
            ISecurityIdentity user1      = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user1");
            ISecurityIdentity user2      = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user2");
            ISecurityIdentity adminGroup = engine.Store.AddSecurityIdentity().AddBagItem(Name, "adminGroup");

            adminGroup.Children.Add(user1);
            engine.Store.AccessAuthorize(adminGroup, operation);


            ICheckAccessResult user1AccessResult = engine.CheckAccess(user1, operation);
            ICheckAccessResult user2AccessResult = engine.CheckAccess(user2, operation);

            Assert.True(user1AccessResult.HasAccess());
            Assert.False(user2AccessResult.HasAccess());
        }
        public ICheckAccessResult CheckAccess(ISecurityItem securityItem)
        {
            ICheckAccessResult checkAccessResult = OnlyCheckAccessSelf(securityItem);
            if (checkAccessResult.AccessType == AccessType.Deny)
                return checkAccessResult;
            IList<ICheckAccessResult> allowedParentCheckAccessResults = new List<ICheckAccessResult>();
            foreach (ISecurityIdentity parent in _securityIdentity.Parents)
            {
                ISecurityIdentityAuthorizer securityIdentityAuthorizer = _securityIdentityAuthorizerFactory.CreateCache(parent);
                ICheckAccessResult parentCheckAccessResult = securityIdentityAuthorizer.CheckAccess(securityItem);
                if (parentCheckAccessResult.AccessType == AccessType.Deny)
                    return parentCheckAccessResult;
                if (parentCheckAccessResult.AccessType == AccessType.Allow)
                    allowedParentCheckAccessResults.Add(parentCheckAccessResult);
            }

            if (checkAccessResult.AccessType == AccessType.Allow)
                return checkAccessResult;
            if (allowedParentCheckAccessResults.Count>0)
                return new CheckAccessResult(AccessType.Allow, allowedParentCheckAccessResults.SelectMany(r => r.AffectedAuthorizations));
            return new CheckAccessResult(AccessType.Neutral,Enumerable.Empty<IAccessAuthorization>());
        }
 public static bool HasAccess(this ICheckAccessResult checkAccessResult)
 {
     return(checkAccessResult.AccessType == AccessType.Allow);
 }