public void HowToUnitTestItemSecurityWithFakeProvider() { // create sample item using (Sitecore.FakeDb.Db db = new Sitecore.FakeDb.Db { new Sitecore.FakeDb.DbItem("home") }) { Sitecore.Data.Items.Item home = db.GetItem("/sitecore/content/home"); // call your business logic that changes the item security, e.g. denies Read // for Editors var account = Sitecore.Security.Accounts.Role.FromName(@"sitecore\Editors"); var accessRight = Sitecore.Security.AccessControl.AccessRight.ItemRead; var propagationType = Sitecore.Security.AccessControl.PropagationType.Entity; var permission = Sitecore.Security.AccessControl.AccessPermission.Deny; Sitecore.Security.AccessControl.AccessRuleCollection rules = new Sitecore.Security.AccessControl.AccessRuleCollection { Sitecore.Security.AccessControl.AccessRule.Create (account, accessRight, propagationType, permission) }; Sitecore.Security.AccessControl.AuthorizationManager.SetAccessRules(home, rules); // check the account cannot read the item Xunit.Assert.False(home.Security.CanRead(account)); } }
public void HowToUnitTestItemSecurityWithMockedProvider() { // create sample item using (Sitecore.FakeDb.Db db = new Sitecore.FakeDb.Db { new Sitecore.FakeDb.DbItem("home") }) { Sitecore.Data.Items.Item home = db.GetItem("/sitecore/content/home"); // substitute the authorization provider var provider = Substitute.For <Sitecore.Security.AccessControl.AuthorizationProvider>(); #pragma warning disable 618 using (new Sitecore.FakeDb.Security.AccessControl.AuthorizationSwitcher(provider)) #pragma warning restore 618 { // call your business logic that changes the item security, e.g. denies Read // for Editors var account = Sitecore.Security.Accounts.Role.FromName(@"sitecore\Editors"); var accessRight = Sitecore.Security.AccessControl.AccessRight.ItemRead; var propagationType = Sitecore.Security.AccessControl.PropagationType.Entity; var permission = Sitecore.Security.AccessControl.AccessPermission.Deny; Sitecore.Security.AccessControl.AccessRuleCollection rules = new Sitecore.Security.AccessControl.AccessRuleCollection { Sitecore.Security.AccessControl.AccessRule.Create (account, accessRight, propagationType, permission) }; Sitecore.Security.AccessControl.AuthorizationManager.SetAccessRules(home, rules); // check the provider is called with proper arguments provider .Received() .SetAccessRules( home, NSubstitute.Arg.Is <Sitecore.Security.AccessControl.AccessRuleCollection>( r => r[0].Account.Name == @"sitecore\Editors" && r[0].AccessRight.Name == "item:read" && r[0].PropagationType.ToString() == "Entity" && r[0].SecurityPermission.ToString() == "DenyAccess")); } } }
public void HowToUnitTestItemSecurityWithFakeProvider() { // create sample item using (Sitecore.FakeDb.Db db = new Sitecore.FakeDb.Db { new Sitecore.FakeDb.DbItem("home") }) { Sitecore.Data.Items.Item home = db.GetItem("/sitecore/content/home"); // call your business logic that changes the item security, e.g. denies Read // for Editors var account = Sitecore.Security.Accounts.Role.FromName(@"sitecore\Editors"); var accessRight = Sitecore.Security.AccessControl.AccessRight.ItemRead; var propagationType = Sitecore.Security.AccessControl.PropagationType.Entity; var permission = Sitecore.Security.AccessControl.AccessPermission.Deny; Sitecore.Security.AccessControl.AccessRuleCollection rules = new Sitecore.Security.AccessControl.AccessRuleCollection { Sitecore.Security.AccessControl.AccessRule.Create (account, accessRight, propagationType, permission) }; Sitecore.Security.AccessControl.AuthorizationManager.SetAccessRules(home, rules); // check the account cannot read the item Xunit.Assert.False(home.Security.CanRead(account)); } }
public void HowToUnitTestItemSecurityWithMockedProvider() { // create sample item using (Sitecore.FakeDb.Db db = new Sitecore.FakeDb.Db { new Sitecore.FakeDb.DbItem("home") }) { Sitecore.Data.Items.Item home = db.GetItem("/sitecore/content/home"); // substitute the authorization provider var provider = Substitute.For<Sitecore.Security.AccessControl.AuthorizationProvider>(); using (new Sitecore.FakeDb.Security.AccessControl.AuthorizationSwitcher(provider)) { // call your business logic that changes the item security, e.g. denies Read // for Editors var account = Sitecore.Security.Accounts.Role.FromName(@"sitecore\Editors"); var accessRight = Sitecore.Security.AccessControl.AccessRight.ItemRead; var propagationType = Sitecore.Security.AccessControl.PropagationType.Entity; var permission = Sitecore.Security.AccessControl.AccessPermission.Deny; Sitecore.Security.AccessControl.AccessRuleCollection rules = new Sitecore.Security.AccessControl.AccessRuleCollection { Sitecore.Security.AccessControl.AccessRule.Create (account, accessRight, propagationType, permission) }; Sitecore.Security.AccessControl.AuthorizationManager.SetAccessRules(home, rules); // check the provider is called with proper arguments provider .Received() .SetAccessRules( home, NSubstitute.Arg.Is<Sitecore.Security.AccessControl.AccessRuleCollection>( r => r[0].Account.Name == @"sitecore\Editors" && r[0].AccessRight.Name == "item:read" && r[0].PropagationType.ToString() == "Entity" && r[0].SecurityPermission.ToString() == "DenyAccess")); } } }