public void will_enforce_single_role()
{
var singleRolePolicy = new Policy("single", true, new Role("role1"), new Role("role2"));
var multiRolePolicy = new Policy("multi", false, new Role("role1"), new Role("role2"));
var map = new PolicyMap(singleRolePolicy);
map.AddAdditionalPolicy(multiRolePolicy);
var user = new UserDetails()
{
UserId = Guid.NewGuid(), RoleNames = new[] { "role1", "role2" }
};
var userPolicy = map.GetUserPolicy(user); //default single role policy
Assert.Collection(userPolicy.Roles, r => string.Equals("role1", r));
user.PolicyName = "single";
var userPolicy2 = map.GetUserPolicy(user); //explict single role policy
Assert.Collection(userPolicy2.Roles, r => string.Equals("role1", r));
user.PolicyName = "multi";
var userPolicy3 = map.GetUserPolicy(user);//explict multi role policy
Assert.Collection(userPolicy3.Roles, r => string.Equals("role1", r), r => string.Equals("role2", r));
}
public void policy_map_has_correct_roles_and_permisssions()
{
//get policies for users
var systemUserpolicy = _policyMap.GetUserPolicy(_systemUser);
Assert.NotNull(systemUserpolicy);
//check permissions
Assert.True(systemUserpolicy.HasPermission(typeof(AddItem)));
Assert.True(systemUserpolicy.HasPermission(typeof(AddItem).FullName));
Assert.True(systemUserpolicy.HasPermission(new Permission(typeof(AddItem))));
Assert.True(systemUserpolicy.HasPermission(typeof(DisplayItem)));
Assert.False(systemUserpolicy.HasPermission(typeof(DeleteItem)));
Assert.False(systemUserpolicy.HasPermission(typeof(DeleteItem).FullName));
Assert.False(systemUserpolicy.HasPermission(new Permission(typeof(DeleteItem))));
Assert.False(systemUserpolicy.HasPermission(typeof(ExportItem)));
//check roles
Assert.True(systemUserpolicy.HasRole(_userRoleName));
Assert.True(systemUserpolicy.HasRole(_customRoleName));
var customRole = new Role(_customRoleName);
Assert.True(systemUserpolicy.HasRole(customRole));
Assert.False(systemUserpolicy.HasRole(_adminRoleName));
Assert.False(systemUserpolicy.HasRole(_backupRoleName));
Assert.False(systemUserpolicy.HasRole(_backupRole));
var adminUserPolicy = _policyMap.GetUserPolicy(_adminUser);
Assert.NotNull(adminUserPolicy);
//check permissions
Assert.True(adminUserPolicy.HasPermission(typeof(AddItem)));
Assert.True(adminUserPolicy.HasPermission(typeof(DisplayItem)));
Assert.True(adminUserPolicy.HasPermission(typeof(DeleteItem)));
Assert.True(adminUserPolicy.HasPermission(_customPermissionName));
Assert.False(adminUserPolicy.HasPermission(typeof(ExportItem)));
//check roles
Assert.True(adminUserPolicy.HasRole(_adminRoleName));
Assert.False(adminUserPolicy.HasRole(_customRoleName));
Assert.False(adminUserPolicy.HasRole(_backupRoleName));
var backupAgentUserPolicy = _policyMap.GetUserPolicy(_backupAgent);
Assert.NotNull(backupAgentUserPolicy);
//check permissions
Assert.False(backupAgentUserPolicy.HasPermission(typeof(AddItem)));
Assert.False(backupAgentUserPolicy.HasPermission(typeof(DisplayItem)));
Assert.False(backupAgentUserPolicy.HasPermission(typeof(DeleteItem)));
Assert.True(backupAgentUserPolicy.HasPermission(typeof(ExportItem)));
//check roles
Assert.False(backupAgentUserPolicy.HasRole(_adminRoleName));
Assert.False(backupAgentUserPolicy.HasRole(_customRoleName));
Assert.True(backupAgentUserPolicy.HasRole(_backupRoleName));
}
