public void ShouldReturnLimitedResultsFromCollection()
{
// Arrange
IEntitlementProvider sessionGovernor = MockRepository.GenerateMock <IEntitlementProvider>();
sessionGovernor.Expect(x => x.IsEntitledToAll(typeof(ExampleRoot))).Return(false);
sessionGovernor.Expect(x => x.GetEntitledIds(typeof(ExampleRoot))).Return(new long[] { 1, 2, 3 });
var securedMappingsCache = new MappingsCache(new ISecuredRelationshipBuilder[] { new NullPermissiveExampleSecuredRelationshipBuilder() });
var context = new InMemoryDomainContext <ExampleDomain>(sessionGovernor, securedMappingsCache);
var nonMatchingLeaf = new ExampleLeaf
{
SecuredRoots = new[] { new ExampleRoot {
Id = 4
} }
};
var matchingLeaf = new ExampleLeaf
{
SecuredRoots = new[] { new ExampleRoot {
Id = 3
} }
};
context.Add(nonMatchingLeaf);
context.Add(matchingLeaf);
context.Commit();
// Act
var exampleLeaves = context.AsQueryable <ExampleLeaf>();
var results = exampleLeaves.ToList();
//Assert
results.Should().HaveCount(1);
}
/// <summary>
/// Returns an <see cref="Expression{T}"/> of <see cref="Func{T, TResult}"/> of <see cref="T:T"/>, <see cref="bool"/> that is used to secure an entity set by the include path represented in the IncludedPropertyPath property.
/// </summary>
/// <typeparam name="T">The <see cref="System.Type"/> to be .</typeparam>
/// <param name="entitlements">Contains information about which entities the user has access to.</param>
/// <param name="mappingCache"></param>
/// <returns></returns>
public Expression <Func <T, bool> > GenerateSecurityPredicate <T>(IEntitlementProvider entitlements, MappingsCache mappingCache)
{
if (!IncludedPropertyDetails.Any())
{
// If there are no included properties, we have nothing to do.
return(null);
}
// We need to start at the leaf property and work our way back up, so we reverse the list.
var reversedPropertyDetails = IncludedPropertyDetails.Reverse().ToList();
var leafProperty = reversedPropertyDetails.First();
var leafPropertyRelationships = mappingCache.GetRelationships(leafProperty.DeclaringType);
if (leafPropertyRelationships == null)
{
// If the leaf property's declaring type has no relationships, we have nothing to do.
return(null);
}
// Find the relationship that is by the leaf property's type.
var Relationship = leafPropertyRelationships.SingleOrDefault(x => x.SecuredBy == leafProperty.PropertySingularType);
if (!RelationshipNeedsToBe <T>(entitlements, Relationship))
{
return(null);
}
var entitledIds = entitlements.GetEntitledIds(Relationship.SecuredBy);
var filterLambda = Relationship.GetSimplePredicate(entitledIds);
reversedPropertyDetails.Remove(leafProperty);
foreach (var propertyAccessMetadata in reversedPropertyDetails)
{
if (propertyAccessMetadata.IsEnumerable)
{
filterLambda = GetLambdaForEnumerableProperty <T>(propertyAccessMetadata, filterLambda);
}
else
{
filterLambda = GetLambdaForSimpleProperty <T>(propertyAccessMetadata, filterLambda);
}
}
return((Expression <Func <T, bool> >)filterLambda);
}
public DomainContext(T domain, IEntitlementProvider entitlementProvider, MappingsCache mappingsCache)
: base(domain)
{
_mappingsCache = mappingsCache;
EntitlementProvider = entitlementProvider;
}
public DomainContext(T domain, ILog logger, IEntitlementProvider entitlementProvider)
: base(domain, logger)
{
EntitlementProvider = entitlementProvider;
}
private bool RelationshipNeedsToBe <T>(IEntitlementProvider entitlements, SecuredRelationship securedRelationship)
{
return(securedRelationship != null && !entitlements.IsEntitledToAll(securedRelationship.SecuredBy));
}
public void ShouldReturnCorrectIntersationOfMatchingAndNonMatchingRecordsForNullPropertiesOnNullPermissiveMappings()
{
// Arrange
IEntitlementProvider sessionGovernor = MockRepository.GenerateMock <IEntitlementProvider>();
sessionGovernor.Expect(x => x.IsEntitledToAll(typeof(ExampleRoot))).Return(false);
sessionGovernor.Expect(x => x.GetEntitledIds(typeof(ExampleRoot))).Return(new long[] { 1, 2, 3 });
var securedMappingsCache = new MappingsCache(new ISecuredRelationshipBuilder[] { new NullPermissiveExampleSecuredRelationshipBuilder() });
var context = new InMemoryDomainContext <ExampleDomain>(sessionGovernor, securedMappingsCache);
var singleNonMatchingLeaf = new ExampleLeaf
{
SecuredRoot = new ExampleRoot {
Id = 4
},
SecuredRoots = new[]
{
new ExampleRoot {
Id = 5
}
}
};
var pluralNonMatchingLeaf = new ExampleLeaf
{
SecuredRoot = new ExampleRoot {
Id = 4
},
SecuredRoots = new[]
{
new ExampleRoot {
Id = 5
}
}
};
var combinedNonMatchingLeaf = new ExampleLeaf
{
SecuredRoot = new ExampleRoot
{
Id = 5
},
SecuredRoots = new[]
{
new ExampleRoot {
Id = 6
},
new ExampleRoot {
Id = 7
}
}
};
var combinedMatchingLeaf = new ExampleLeaf
{
SecuredRoot = new ExampleRoot
{
Id = 1
},
SecuredRoots = new[]
{
new ExampleRoot {
Id = 2
},
new ExampleRoot {
Id = 3
}
}
};
var combinedNullMatchingLeaf = new ExampleLeaf();
var singleNullMatchingLeaf = new ExampleLeaf
{
SecuredRoots = new[]
{
new ExampleRoot {
Id = 1
}
}
};
var pluralNullMatchingLeaf = new ExampleLeaf
{
SecuredRoot = new ExampleRoot {
Id = 1
},
};
context.Add(singleNonMatchingLeaf);
context.Add(pluralNonMatchingLeaf);
context.Add(combinedNonMatchingLeaf);
context.Add(combinedMatchingLeaf);
context.Add(combinedNullMatchingLeaf);
context.Add(singleNullMatchingLeaf);
context.Add(pluralNullMatchingLeaf);
context.Commit();
// Act
var exampleLeaves = context.AsQueryable <ExampleLeaf>();
var results = exampleLeaves.ToList();
//Assert
results.Should().HaveCount(4);
}
public InMemoryDomainContext(IEntitlementProvider entitlementProvider, MappingsCache mappingsCache)
{
_mappingsCache = mappingsCache;
EntitlementProvider = entitlementProvider;
}
public DomainRepositoryFactory(IDomain[] domains, IEntitlementProvider entitlementProviders, MappingsCache mappingsCache)
{
_domains = domains;
_entitlementProviders = entitlementProviders;
_mappingsCache = mappingsCache;
}
