[Test] public virtual void testUserOverrideGlobalRevokeAuthorizationCheck() { TestResource resource1 = new TestResource("resource1", 100); // create global authorization which revokes all permissions to all users (on resource1): IAuthorization globalGrant = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); globalGrant.Resource = (Resources)resource1.resourceType(); globalGrant.ResourceId = AuthorizationFields.Any; globalGrant.RemovePermission(Permissions.All); authorizationService.SaveAuthorization(globalGrant); // add Permissions.Read for jonny IAuthorization localRevoke = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGrant); localRevoke.UserId = "jonny"; localRevoke.Resource = (Resources)resource1.resourceType(); localRevoke.ResourceId = AuthorizationFields.Any; localRevoke.AddPermission(Permissions.Read); authorizationService.SaveAuthorization(localRevoke); // jonny does not have Permissions.All permissions Assert.IsFalse(authorizationService.IsUserAuthorized("jonny", null, Permissions.All, (Resources)resource1.resourceType())); // jonny can read Assert.True(authorizationService.IsUserAuthorized("jonny", null, Permissions.Read, (Resources)resource1.resourceType())); // jonny can't Delete Assert.IsFalse(authorizationService.IsUserAuthorized("jonny", null, Permissions.Delete, (Resources)resource1.resourceType())); // someone else can't do anything Assert.IsFalse(authorizationService.IsUserAuthorized("someone else", null, Permissions.All, (Resources)resource1.resourceType())); Assert.IsFalse(authorizationService.IsUserAuthorized("someone else", null, Permissions.Read, (Resources)resource1.resourceType())); Assert.IsFalse(authorizationService.IsUserAuthorized("someone else", null, Permissions.Delete, (Resources)resource1.resourceType())); }
[Test] public virtual void testGroupOverrideGlobalGrantAuthorizationCheck() { TestResource resource1 = new TestResource("resource1", 100); // create global authorization which grants all permissions to all users (on resource1): IAuthorization globalGrant = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); globalGrant.Resource = (Resources)resource1.resourceType(); globalGrant.ResourceId = AuthorizationFields.Any; globalGrant.AddPermission(Permissions.All); authorizationService.SaveAuthorization(globalGrant); // revoke Permissions.Read for group "sales" IAuthorization groupRevoke = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeRevoke); groupRevoke.GroupId = "sales"; groupRevoke.Resource = (Resources)resource1.resourceType(); groupRevoke.ResourceId = AuthorizationFields.Any; groupRevoke.RemovePermission(Permissions.Read); authorizationService.SaveAuthorization(groupRevoke); IList <string> jonnysGroups = new List <string>() { "sales", "marketing" }; IList <string> someOneElsesGroups = new List <string>() { "marketing" }; // jonny does not have Permissions.All permissions if queried with groups Assert.IsFalse(authorizationService.IsUserAuthorized("jonny", jonnysGroups, Permissions.All, (Resources)resource1.resourceType())); // if queried without groups he has Assert.True(authorizationService.IsUserAuthorized("jonny", null, Permissions.All, (Resources)resource1.resourceType())); // jonny can't read if queried with groups Assert.IsFalse(authorizationService.IsUserAuthorized("jonny", jonnysGroups, Permissions.Read, (Resources)resource1.resourceType())); // if queried without groups he has Assert.True(authorizationService.IsUserAuthorized("jonny", null, Permissions.Read, (Resources)resource1.resourceType())); // someone else who is in group "marketing" but but not "sales" can Assert.True(authorizationService.IsUserAuthorized("someone else", someOneElsesGroups, Permissions.All, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("someone else", someOneElsesGroups, Permissions.Read, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("someone else", null, Permissions.All, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("someone else", null, Permissions.Read, (Resources)resource1.resourceType())); // he could'nt if he were in jonny's groups Assert.IsFalse(authorizationService.IsUserAuthorized("someone else", jonnysGroups, Permissions.All, (Resources)resource1.resourceType())); Assert.IsFalse(authorizationService.IsUserAuthorized("someone else", jonnysGroups, Permissions.Read, (Resources)resource1.resourceType())); // jonny can still Delete Assert.True(authorizationService.IsUserAuthorized("jonny", jonnysGroups, Permissions.Delete, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("jonny", null, Permissions.Delete, (Resources)resource1.resourceType())); }
[Test] public virtual void testUserOverrideGroupOverrideGlobalAuthorizationCheck() { TestResource resource1 = new TestResource("resource1", 100); // create global authorization which grants all permissions to all users (on resource1): IAuthorization globalGrant = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); globalGrant.Resource = (Resources)resource1.resourceType(); globalGrant.ResourceId = AuthorizationFields.Any; globalGrant.AddPermission(Permissions.All); authorizationService.SaveAuthorization(globalGrant); // revoke Permissions.Read for group "sales" IAuthorization groupRevoke = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeRevoke); groupRevoke.GroupId = "sales"; groupRevoke.Resource = (Resources)resource1.resourceType(); groupRevoke.ResourceId = AuthorizationFields.Any; groupRevoke.RemovePermission(Permissions.Read); authorizationService.SaveAuthorization(groupRevoke); // add Permissions.Read for jonny IAuthorization userGrant = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGrant); userGrant.UserId = "jonny"; userGrant.Resource = (Resources)resource1.resourceType(); userGrant.ResourceId = AuthorizationFields.Any; userGrant.AddPermission(Permissions.Read); authorizationService.SaveAuthorization(userGrant); IList <string> jonnysGroups = new List <string>() { "sales", "marketing" }; IList <string> someOneElsesGroups = new List <string>() { "marketing" }; // jonny can read Assert.True(authorizationService.IsUserAuthorized("jonny", jonnysGroups, Permissions.Read, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("jonny", null, Permissions.Read, (Resources)resource1.resourceType())); // someone else in the same groups cannot Assert.IsFalse(authorizationService.IsUserAuthorized("someone else", jonnysGroups, Permissions.Read, (Resources)resource1.resourceType())); // someone else in different groups can Assert.True(authorizationService.IsUserAuthorized("someone else", someOneElsesGroups, Permissions.Read, (Resources)resource1.resourceType())); }
public virtual void testGlobalGrantAuthorizationCheck() { TestResource resource1 = new TestResource("resource1", 100); // create global authorization which grants all permissions to all users (on resource1): IAuthorization globalAuth = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); globalAuth.Resource = (Resources)resource1.resourceType(); globalAuth.ResourceId = AuthorizationFields.Any; globalAuth.AddPermission(Permissions.All); authorizationService.SaveAuthorization(globalAuth); IList <string> jonnysGroups = (new string[] { "sales", "marketing" }); IList <string> someOneElsesGroups = (new string[] { "marketing" }); // this authorizes any user to do anything in this resource: Assert.True(authorizationService.IsUserAuthorized("jonny", null, Permissions.All, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("jonny", jonnysGroups, Permissions.All, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("someone", null, Permissions.Create, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("someone", someOneElsesGroups, Permissions.Create, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("someone else", null, Permissions.Delete, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("jonny", null, Permissions.All, (Resources)resource1.resourceType(), "someId")); Assert.True(authorizationService.IsUserAuthorized("jonny", jonnysGroups, Permissions.All, (Resources)resource1.resourceType(), "someId")); Assert.True(authorizationService.IsUserAuthorized("someone", null, Permissions.Create, (Resources)resource1.resourceType(), "someId")); Assert.True(authorizationService.IsUserAuthorized("someone else", null, Permissions.Delete, (Resources)resource1.resourceType(), "someOtherId")); }
[Test] public virtual void testUserOverrideGlobalGrantAuthorizationCheck() { TestResource resource1 = new TestResource("resource1", 100); // create global authorization which grants all permissions to all users (on resource1): IAuthorization globalGrant = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); globalGrant.Resource = (Resources)resource1.resourceType(); globalGrant.ResourceId = AuthorizationFields.Any; globalGrant.AddPermission(Permissions.All); authorizationService.SaveAuthorization(globalGrant); // revoke Permissions.Read for jonny IAuthorization localRevoke = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeRevoke); localRevoke.UserId = "jonny"; localRevoke.Resource = (Resources)resource1.resourceType(); localRevoke.ResourceId = AuthorizationFields.Any; localRevoke.RemovePermission(Permissions.Read); authorizationService.SaveAuthorization(localRevoke); IList <string> jonnysGroups = new List <string>() { "sales", "marketing" }; IList <string> someOneElsesGroups = new List <string>() { "marketing" }; // jonny does not have Permissions.All permissions Assert.IsFalse(authorizationService.IsUserAuthorized("jonny", null, Permissions.All, (Resources)resource1.resourceType())); Assert.IsFalse(authorizationService.IsUserAuthorized("jonny", jonnysGroups, Permissions.All, (Resources)resource1.resourceType())); // jonny can't read Assert.IsFalse(authorizationService.IsUserAuthorized("jonny", null, Permissions.Read, (Resources)resource1.resourceType())); Assert.IsFalse(authorizationService.IsUserAuthorized("jonny", jonnysGroups, Permissions.Read, (Resources)resource1.resourceType())); // someone else can Assert.True(authorizationService.IsUserAuthorized("someone else", null, Permissions.All, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("someone else", someOneElsesGroups, Permissions.Read, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("someone else", null, Permissions.All, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("someone else", someOneElsesGroups, Permissions.Read, (Resources)resource1.resourceType())); // jonny can still Delete Assert.True(authorizationService.IsUserAuthorized("jonny", null, Permissions.Delete, (Resources)resource1.resourceType())); Assert.True(authorizationService.IsUserAuthorized("jonny", jonnysGroups, Permissions.Delete, (Resources)resource1.resourceType())); }
public virtual void testUpdatePersistentAuthorization() { TestResource resource1 = new TestResource("resource1", 100); TestResource resource2 = new TestResource("resource1", 101); IAuthorization authorization = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGrant); authorization.UserId = "aUserId"; //authorization.Resource = resource1; authorization.ResourceId = "aResourceId"; authorization.AddPermission(Permissions.Access); // save the authorization authorizationService.SaveAuthorization(authorization); // validate authorization IAuthorization savedAuthorization = authorizationService.CreateAuthorizationQuery().First(); Assert.AreEqual("aUserId", savedAuthorization.UserId); Assert.AreEqual(resource1.resourceType(), savedAuthorization.ResourceType); Assert.AreEqual("aResourceId", savedAuthorization.ResourceId); Assert.True(savedAuthorization.IsPermissionGranted(Permissions.Access)); // update authorization savedAuthorization.UserId = "anotherUserId"; //savedAuthorization.Resource = resource2; savedAuthorization.ResourceId = "anotherResourceId"; savedAuthorization.AddPermission(Permissions.Delete); authorizationService.SaveAuthorization(savedAuthorization); // validate authorization updated savedAuthorization = authorizationService.CreateAuthorizationQuery().First(); Assert.AreEqual("anotherUserId", savedAuthorization.UserId); Assert.AreEqual(resource2.resourceType(), savedAuthorization.ResourceType); Assert.AreEqual("anotherResourceId", savedAuthorization.ResourceId); Assert.True(savedAuthorization.IsPermissionGranted(Permissions.Access)); Assert.True(savedAuthorization.IsPermissionGranted(Permissions.Delete)); }
public virtual void testDisabledAuthorizationCheck() { // given TestResource resource1 = new TestResource("resource1", 100); // when bool isAuthorized = authorizationService.IsUserAuthorized("jonny", null, Permissions.Update, (Resources)resource1.resourceType()); // then Assert.True(isAuthorized); }
[Test] public virtual void testAuthorizationCheckEmptyDb() { TestResource resource1 = new TestResource("resource1", 100); TestResource resource2 = new TestResource("resource2", 101); IList <string> jonnysGroups = new List <string>() { "sales", "marketing" }; IList <string> someOneElsesGroups = new List <string>() { "marketing" }; // Collections.singletonList("marketing"); // if no authorizations are in Db, nothing is authorized Assert.IsFalse(authorizationService.IsUserAuthorized("jonny", jonnysGroups, Permissions.All, (Resources)resource1.resourceType())); Assert.IsFalse(authorizationService.IsUserAuthorized("someone", someOneElsesGroups, Permissions.Create, (Resources)resource2.resourceType())); Assert.IsFalse(authorizationService.IsUserAuthorized("someone else", null, Permissions.Delete, (Resources)resource1.resourceType())); Assert.IsFalse(authorizationService.IsUserAuthorized("jonny", jonnysGroups, Permissions.All, (Resources)resource1.resourceType(), "someId")); Assert.IsFalse(authorizationService.IsUserAuthorized("someone", someOneElsesGroups, Permissions.Create, (Resources)resource1.resourceType(), "someId")); Assert.IsFalse(authorizationService.IsUserAuthorized("someone else", null, Permissions.Delete, (Resources)resource1.resourceType(), "someOtherId")); }
[Test] public virtual void testNullAuthorizationCheck() { TestResource resource1 = new TestResource("resource1", 100); Assert.IsFalse(authorizationService.IsUserAuthorized(null, null, Permissions.Update, (Resources)resource1.resourceType())); }