Beispiel #1
0
 public virtual bool Equals(Customer other)
 {
     if (ReferenceEquals(null, other)) return false;
     if (ReferenceEquals(this, other)) return true;
     if (CustomerId != default(string))
     {
         return other.CustomerId == CustomerId;
     }
     return other.CustomerId == CustomerId && other.CompanyName == CompanyName && other.ContactName == ContactName && other.ContactTitle == ContactTitle && other.Address == Address && other.City == City && other.Region == Region && other.PostalCode == PostalCode && other.Country == Country && other.Phone == Phone && other.Fax == Fax && 1 == 1 && 1 == 1;
 }
        public void Guest_user_trying_to_search_secured_entity_should_get_no_results()
        {
            var operationName = "/Customer/Read";
            var readOperationOnCustomer = AuthZRepository.CreateOperation(operationName);
            UsersGroup guestGroup = AuthZRepository.CreateUsersGroup("TmpGuests");
            AuthZRepository.AssociateUserWith(SampleUser, guestGroup);

            var customerRepository = ServiceLocator.Current.GetInstance<CustomerRepository>();

            var customerToSecure = customerRepository.Read("ALFKI");

            var c = new Customer();
            c.CustomerId = customerToSecure.CustomerId;

            var permissionBuilder = ServiceLocator.Current.GetInstance<IPermissionsBuilderService>();
            permissionBuilder.Allow(readOperationOnCustomer)
                .For(guestGroup)
                .OnEverything()
                .DefaultLevel()
                .Save();

            permissionBuilder.Allow(readOperationOnCustomer)
                .For(AdminUser)
                .OnEverything()
                .DefaultLevel()
                .Save();

            permissionBuilder.Deny(readOperationOnCustomer)
                .For(guestGroup)
                .On(customerToSecure)
                .DefaultLevel()
                .Save();

            // read as an Admin
            Debug.WriteLine(AuthZService.GetAuthorizationInformation(CurrentUser, customerToSecure, operationName));
            Assert.That(customerRepository.Search("A", null, null, null, null,null,null,null,null,null, null).AsEnumerable().FirstOrDefault(x => x.CustomerId == "ALFKI"), Is.Not.Null);

            // read as a Guest
            CurrentUser = SampleUser;
            Debug.WriteLine(AuthZService.GetAuthorizationInformation(CurrentUser, customerToSecure, operationName));
            Assert.That(customerRepository.Search("A", null, null, null, null, null, null, null, null, null, null).AsEnumerable().FirstOrDefault(x => x.CustomerId == "ALFKI"), Is.Null);
        }