/// <summary> /// Adds access rule with an action of <see cref="AccessRuleViolationAction.Error"/> /// </summary> /// <param name="pageDirectoryId">Id of the directory to add the rule to.</param> /// <param name="userAreaCode"> /// Unique 3 character code representing the user area to restrict /// the page to. This cannot be the Cofoundry admin user area, as /// access rules do not apply to admin panel users. /// </param> /// <param name="roleId"> /// Optionally restrict access to a specific role within the selected /// user area. /// </param> /// <param name="configration"> /// Optional additional configuration action to run before the /// command is executed. /// </param> public async Task AddAccessRuleAsync( int pageDirectoryId, string userAreaCode, int?roleId = null, Action <UpdatePageDirectoryAccessRuleSetCommand> configration = null ) { var command = new UpdatePageDirectoryAccessRuleSetCommand() { PageDirectoryId = pageDirectoryId, ViolationAction = AccessRuleViolationAction.Error }; command.AccessRules.AddNew(userAreaCode, roleId); if (configration != null) { configration(command); } using var scope = _serviceProvider.CreateScope(); var contentRepository = scope .ServiceProvider .GetRequiredService <IAdvancedContentRepository>() .WithElevatedPermissions(); await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(command); }
public async Task CanAddViolationAction(AccessRuleViolationAction action) { var uniqueData = UNIQUE_PREFIX + nameof(CanAddViolationAction) + action.ToString().Substring(0, 2); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var command = new UpdatePageDirectoryAccessRuleSetCommand() { PageDirectoryId = directoryId, ViolationAction = action }; command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode, app.SeededEntities.TestUserArea2.RoleA.RoleId); await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(command); var directory = await dbContext .PageDirectories .AsNoTracking() .FilterById(directoryId) .SingleOrDefaultAsync(); using (new AssertionScope()) { directory.Should().NotBeNull(); directory.AccessRuleViolationActionId.Should().Be((int)action); } }
public async Task CanChangeRole() { var uniqueData = UNIQUE_PREFIX + nameof(CanChangeRole); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var userArea1 = app.SeededEntities.TestUserArea1; var userArea2 = app.SeededEntities.TestUserArea2; var command = new UpdatePageDirectoryAccessRuleSetCommand() { PageDirectoryId = directoryId, UserAreaCodeForSignInRedirect = userArea1.UserAreaCode }; command.AccessRules.AddNew(userArea1.UserAreaCode, userArea1.RoleA.RoleId); await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(command); var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageDirectoryAccessRuleSetCommand>(directoryId)); updateCommand.UserAreaCodeForSignInRedirect = userArea2.UserAreaCode; var roleAccessRuleCommand = updateCommand.AccessRules.Single(); roleAccessRuleCommand.UserAreaCode = userArea2.UserAreaCode; roleAccessRuleCommand.RoleId = userArea2.RoleA.RoleId; await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(updateCommand); var directory = await dbContext .PageDirectories .AsNoTracking() .Include(p => p.AccessRules) .FilterById(directoryId) .SingleOrDefaultAsync(); using (new AssertionScope()) { directory.Should().NotBeNull(); directory.UserAreaCodeForSignInRedirect.Should().Be(updateCommand.UserAreaCodeForSignInRedirect); var userAreaAccessRule = directory.AccessRules.Single(); userAreaAccessRule.Should().NotBeNull(); userAreaAccessRule.UserAreaCode.Should().Be(roleAccessRuleCommand.UserAreaCode); userAreaAccessRule.RoleId.Should().Be(roleAccessRuleCommand.RoleId); } }
public async Task CanUpdateWithSameData() { var uniqueData = UNIQUE_PREFIX + nameof(CanUpdateWithSameData); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var userArea = app.SeededEntities.TestUserArea1; var command = new UpdatePageDirectoryAccessRuleSetCommand() { PageDirectoryId = directoryId, UserAreaCodeForSignInRedirect = userArea.UserAreaCode, ViolationAction = AccessRuleViolationAction.NotFound }; command.AccessRules.AddNew(userArea.UserAreaCode); command.AccessRules.AddNew(userArea.UserAreaCode, userArea.RoleA.RoleId); await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(command); await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(command); var directory = await dbContext .PageDirectories .AsNoTracking() .Include(p => p.AccessRules) .FilterById(directoryId) .SingleOrDefaultAsync(); using (new AssertionScope()) { directory.Should().NotBeNull(); directory.AccessRuleViolationActionId.Should().Be((int)command.ViolationAction); directory.UserAreaCodeForSignInRedirect.Should().Be(command.UserAreaCodeForSignInRedirect); var userAreaAccessRule = directory.AccessRules.Single(a => !a.RoleId.HasValue); userAreaAccessRule.Should().NotBeNull(); var roleAccessArea = directory.AccessRules.Single(a => a.RoleId.HasValue); roleAccessArea.Should().NotBeNull(); roleAccessArea.UserAreaCode.Should().Be(userArea.UserAreaCode); } }
public async Task CanChangeViolationAction() { var uniqueData = UNIQUE_PREFIX + nameof(CanChangeViolationAction); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var command = new UpdatePageDirectoryAccessRuleSetCommand() { PageDirectoryId = directoryId, ViolationAction = AccessRuleViolationAction.Error }; command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode); await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(command); var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageDirectoryAccessRuleSetCommand>(directoryId)); updateCommand.ViolationAction = AccessRuleViolationAction.NotFound; await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(updateCommand); var directory = await dbContext .PageDirectories .AsNoTracking() .Include(p => p.AccessRules) .FilterById(directoryId) .SingleOrDefaultAsync(); using (new AssertionScope()) { directory.Should().NotBeNull(); directory.UserAreaCodeForSignInRedirect.Should().BeNull(); directory.AccessRuleViolationActionId.Should().Be((int)updateCommand.ViolationAction); directory.AccessRules.Should().HaveCount(1); } }
public async Task CanDelete() { var uniqueData = UNIQUE_PREFIX + nameof(CanDelete); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var command = new UpdatePageDirectoryAccessRuleSetCommand() { PageDirectoryId = directoryId }; command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId); command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode); await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(command); var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageDirectoryAccessRuleSetCommand>(directoryId)); var accessRuleCommand = updateCommand.AccessRules.Single(r => r.RoleId == app.SeededEntities.TestUserArea1.RoleA.RoleId); updateCommand.AccessRules.Remove(accessRuleCommand); await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(updateCommand); var accessRules = await dbContext .PageDirectoryAccessRules .AsNoTracking() .FilterByPageDirectoryId(directoryId) .ToListAsync(); using (new AssertionScope()) { accessRules.Should().HaveCount(1); var accessRule = accessRules.Single(); accessRule.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea2.UserAreaCode); accessRule.RoleId.Should().BeNull(); } }
public async Task WithUserArea_CanAdd() { var uniqueData = UNIQUE_PREFIX + nameof(WithUserArea_CanAdd); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var command = new UpdatePageDirectoryAccessRuleSetCommand() { PageDirectoryId = directoryId }; command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode); await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(command); var accessRules = await dbContext .PageDirectoryAccessRules .AsNoTracking() .FilterByPageDirectoryId(directoryId) .ToListAsync(); using (new AssertionScope()) { accessRules.Should().HaveCount(1); var accessRule = accessRules.Single(); accessRule.CreateDate.Should().NotBeDefault(); accessRule.CreatorId.Should().BePositive(); accessRule.PageDirectoryAccessRuleId.Should().BePositive(); accessRule.PageDirectoryId.Should().Be(directoryId); accessRule.RoleId.Should().BeNull(); accessRule.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea1.UserAreaCode); } }
public async Task WhenRoleNotInUserArea_Throws() { var uniqueData = UNIQUE_PREFIX + nameof(WhenRoleNotInUserArea_Throws); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var command = new UpdatePageDirectoryAccessRuleSetCommand() { PageDirectoryId = directoryId, }; command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId); await contentRepository .Awaiting(r => r.PageDirectories().AccessRules().UpdateAsync(command)) .Should() .ThrowAsync <ValidationException>() .WithMemberNames("RoleId"); }
public async Task WhenUpdated_SendsMessage() { var uniqueData = UNIQUE_PREFIX + nameof(WhenUpdated_SendsMessage); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var command = new UpdatePageDirectoryAccessRuleSetCommand() { PageDirectoryId = directoryId }; await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(command); app.Mocks .CountMessagesPublished <PageDirectoryAccessRulesUpdatedMessage>(m => m.PageDirectoryId == directoryId) .Should().Be(1); }
public Task UpdateAsync(UpdatePageDirectoryAccessRuleSetCommand command) { return(ExtendableContentRepository.ExecuteCommandAsync(command)); }
public async Task MapsAccessRules() { var uniqueData = UNIQUE_PREFIX + nameof(MapsAccessRules); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var directory1Id = await app.TestData.PageDirectories().AddAsync(uniqueData); var directory2Id = await app.TestData.PageDirectories().AddAsync(uniqueData, directory1Id); await app.TestData.PageDirectories().AddAccessRuleAsync( directory1Id, app.SeededEntities.TestUserArea1.UserAreaCode, null, c => c.ViolationAction = AccessRuleViolationAction.Error ); var addRuleToDirectory2Command = new UpdatePageDirectoryAccessRuleSetCommand() { PageDirectoryId = directory2Id, ViolationAction = AccessRuleViolationAction.NotFound, UserAreaCodeForSignInRedirect = app.SeededEntities.TestUserArea2.UserAreaCode }; addRuleToDirectory2Command .AccessRules .AddNew(app.SeededEntities.TestUserArea1.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId) .AddNew(app.SeededEntities.TestUserArea2.UserAreaCode); await contentRepository .PageDirectories() .AccessRules() .UpdateAsync(addRuleToDirectory2Command); var allDirectories = await contentRepository .PageDirectories() .GetAll() .AsRoutes() .ExecuteAsync(); var directory = allDirectories.SingleOrDefault(d => d.PageDirectoryId == directory2Id); using (new AssertionScope()) { directory.Should().NotBeNull(); directory.AccessRuleSets.Should().NotBeNull().And.HaveCount(2); var directory1RuleSet = directory.AccessRuleSets.Skip(1).FirstOrDefault(); directory1RuleSet.Should().NotBeNull(); directory1RuleSet.AccessRules.Should().HaveCount(1); directory1RuleSet.ViolationAction.Should().Be(AccessRuleViolationAction.Error); directory1RuleSet.AccessRules.Should().NotBeNull(); directory1RuleSet.UserAreaCodeForSignInRedirect.Should().BeNull(); var rule1 = directory1RuleSet.AccessRules.FirstOrDefault(); rule1.Should().NotBeNull(); rule1.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea1.UserAreaCode); rule1.RoleId.Should().BeNull(); var directory2RuleSet = directory.AccessRuleSets.FirstOrDefault(); directory2RuleSet.Should().NotBeNull(); directory2RuleSet.AccessRules.Should().HaveCount(2); directory2RuleSet.ViolationAction.Should().Be(addRuleToDirectory2Command.ViolationAction); directory2RuleSet.AccessRules.Should().NotBeNull(); directory2RuleSet.UserAreaCodeForSignInRedirect.Should().Be(addRuleToDirectory2Command.UserAreaCodeForSignInRedirect); var rule2A = directory2RuleSet.AccessRules.FirstOrDefault(); rule2A.Should().NotBeNull(); rule2A.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea1.UserAreaCode); rule2A.RoleId.Should().Be(app.SeededEntities.TestUserArea1.RoleA.RoleId); var rule2B = directory2RuleSet.AccessRules.Skip(1).FirstOrDefault(); rule2B.Should().NotBeNull(); rule2B.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea2.UserAreaCode); rule2B.RoleId.Should().BeNull(); } }