public void Update()
{
var xorg = new Ogre
{
Key = new PersistonKey("Ogre", DatonKey.NEWPK, false),
Name = "Xorg",
Money = 4,
PaymentMethod = new List <Ogre.PaymentMethodRow>
{
new Ogre.PaymentMethodRow {
Method = "credit", Notes = "usually declined"
}
}
};
//bill can't update money
var bill = new User();
bill.Roles = new[]
{
new RetroRole
{
BaseLevel = PermissionLevel.All,
TableOverrides = new List <TablePermission>
{
new TablePermission
{
TableName = "Ogre",
BaseLevel = PermissionLevel.View | PermissionLevel.Modify,
ColumnOverrides = new List <ColumnPermission>
{
new ColumnPermission {
ColumnName = "Money", BaseLevel = PermissionLevel.None
}
}
},
new TablePermission
{
TableName = "PaymentMethod",
Level = (usr, daton, tabname) => PermissionLevel.None
}
}
}
};
var ddict = new DataDictionary();
ddict.AddDatonUsingClassAnnotation(typeof(Ogre));
var ogredef = ddict.DatonDefs["Ogre"];
var paymentdef = ogredef.MainTableDef.Children[0];
var diff = new PersistonDiff(ogredef, xorg.Key, xorg.Version)
{
MainTable = new List <PersistonDiff.DiffRow>
{
new PersistonDiff.DiffRow
{
Kind = DiffKind.Other,
Columns = new Dictionary <string, object>
{
{ "Name", "Priscilla" }, //allowed
{ "Money", (decimal)5.49 } //disallowed
},
ChildTables = new Dictionary <TableDef, List <PersistonDiff.DiffRow> >
{
{
paymentdef,
new List <PersistonDiff.DiffRow>
{
new PersistonDiff.DiffRow
{
Kind = DiffKind.Other,
Columns = new Dictionary <string, object>
{
{ "Method", "cash" }, //disallowed by function
{ "Notes", "cash is best" }
}
}
}
}
}
}
}
};
var guard = new SecurityGuard(ddict, bill);
var errors = guard.GetDisallowedWrites(xorg, ogredef, diff).ToArray();
Assert.AreEqual(3, errors.Length);
Assert.IsTrue(errors[0].Contains("Ogre.Money"));
Assert.IsTrue(errors[1].Contains("PaymentMethod.Method"));
Assert.IsTrue(errors[2].Contains("PaymentMethod.Notes"));
}
public override async Task Save(IDbConnection db, IUser user, Persiston pristineDaton, Persiston modifiedDaton, PersistonDiff diff)
{
await base.Save(db, user, pristineDaton, modifiedDaton, diff);
using var cmd = db.CreateCommand();
//change the notes value after RetroDRY saving
var modifiedCustomer = (Customer)modifiedDaton;
cmd.CommandText = "update Customer set Notes = Notes || '!' where CustomerId=" + modifiedCustomer.CustomerId;
cmd.ExecuteNonQuery();
}
public void Create()
{
var xorg = new Ogre
{
Key = new PersistonKey("Ogre", DatonKey.NEWPK, false),
Name = "Xorg",
Money = 4,
PaymentMethod = new List <Ogre.PaymentMethodRow>
{
new Ogre.PaymentMethodRow {
Method = "credit", Notes = "usually declined"
}
}
};
//nancy can only create new payment rows, not update existing
var nancy = new User();
nancy.Roles = new[]
{
new RetroRole
{
BaseLevel = PermissionLevel.None,
TableOverrides = new List <TablePermission>
{
new TablePermission
{
TableName = "PaymentMethod",
BaseLevel = PermissionLevel.Create
}
}
}
};
var ddict = new DataDictionary();
ddict.AddDatonUsingClassAnnotation(typeof(Ogre));
var ogredef = ddict.DatonDefs["Ogre"];
var paymentdef = ogredef.MainTableDef.Children[0];
var diff = new PersistonDiff(ogredef, xorg.Key, xorg.Version)
{
MainTable = new List <PersistonDiff.DiffRow>
{
new PersistonDiff.DiffRow
{
Kind = DiffKind.Other,
Columns = new Dictionary <string, object>
{
{ "Name", "Priscilla" } //disallowed
},
ChildTables = new Dictionary <TableDef, List <PersistonDiff.DiffRow> >
{
{
paymentdef,
new List <PersistonDiff.DiffRow>
{
new PersistonDiff.DiffRow
{
Kind = DiffKind.Other,
Columns = new Dictionary <string, object>
{
{ "Notes", "disallowed" } //disallowed update
}
},
new PersistonDiff.DiffRow
{
Kind = DiffKind.NewRow,
Columns = new Dictionary <string, object>
{
{ "Method", "barter" } //allowed create row
}
}
}
}
}
}
}
};
var guard = new SecurityGuard(ddict, nancy);
var errors = guard.GetDisallowedWrites(xorg, ogredef, diff).ToArray();
Assert.AreEqual(2, errors.Length);
Assert.IsTrue(errors[0].Contains("Ogre.Name"));
Assert.IsTrue(errors[1].Contains("PaymentMethod.Notes"));
}
