public void Test_CollateAccess_TwoEntitiesTwoOperations(bool entity1Read, bool entity2Read, bool entity1Modify, bool entity2Write,
bool expectedEntity1CombinedAccess, bool expectedEntity2CombinedAccess)
{
IDictionary <long, bool> result;
Dictionary <long, IDictionary <long, bool> > operationToAccess;
EntityRef readPermission;
EntityRef modifyPermission;
const int entity1Id = 1;
const int entity2Id = 2;
readPermission = Permissions.Read;
modifyPermission = Permissions.Modify;
operationToAccess = new Dictionary <long, IDictionary <long, bool> >();
operationToAccess[readPermission.Id] = new Dictionary <long, bool>();
operationToAccess[readPermission.Id][entity1Id] = entity1Read;
operationToAccess[readPermission.Id][entity2Id] = entity2Read;
operationToAccess[modifyPermission.Id] = new Dictionary <long, bool>();
operationToAccess[modifyPermission.Id][entity1Id] = entity1Modify;
operationToAccess[modifyPermission.Id][entity2Id] = entity2Write;
result = new EntityAccessControlChecker().CollateAccess(new[] { new EntityRef(entity1Id), new EntityRef(entity2Id) }, operationToAccess);
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entity1Id).And.Property("Value").EqualTo(expectedEntity1CombinedAccess));
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entity2Id).And.Property("Value").EqualTo(expectedEntity2CombinedAccess));
}
public void Test_CollateAccess_EmptyOperationsToAccess()
{
IDictionary <long, bool> result;
result = new EntityAccessControlChecker().CollateAccess(new EntityRef[] { 1 }, new Dictionary <long, IDictionary <long, bool> >());
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(1).And.Property("Value").False);
}
private void Do_AddAllowXXXQuery_AllowMultiple(Action <Subject, SecurableEntity> addAccess, ICollection <EntityRef> operations)
{
EntityType securableEntityType;
const int numEntities = 5;
Entity[] entities;
Subject subject;
IDictionary <long, bool> result;
using (DatabaseContext.GetContext(true))
{
securableEntityType = Entity.Create <EntityType>();
securableEntityType.Inherits.Add(Entity.Get <EntityType>("core:resource"));
securableEntityType.Save();
entities = new Entity[numEntities];
for (int i = 0; i < numEntities; i++)
{
entities[i] = Entity.Create(new EntityRef(securableEntityType.Id)).As <Entity>();
entities[i].Save();
}
subject = Entity.Create <UserAccount>().As <Subject>();
subject.Save();
addAccess(subject, securableEntityType.As <SecurableEntity>());
result = new EntityAccessControlChecker().CheckAccess(entities.Select(x => (EntityRef)x).ToList(),
operations.ToList(), subject);
for (int i = 0; i < numEntities; i++)
{
Assert.That(result,
Has.Exactly(1).Property("Key").EqualTo(entities[i].Id).And.Property("Value").True);
}
}
}
public void Test_CheckAccess_SecurityBypassContext()
{
EntityRef[] entityIds;
IDictionary <long, bool> result;
UserAccount userAccount;
EntityAccessControlChecker entityAccessControlChecker;
MockRepository mockRepository;
entityIds = new EntityRef[] { 1, 2, 3 };
mockRepository = new MockRepository(MockBehavior.Strict);
entityAccessControlChecker = new EntityAccessControlChecker(
mockRepository.Create <IUserRoleRepository>().Object,
mockRepository.Create <IQueryRepository>().Object,
mockRepository.Create <IEntityTypeRepository>().Object
);
userAccount = Entity.Create <UserAccount>();
userAccount.Save();
using (new SecurityBypassContext())
{
result = entityAccessControlChecker.CheckAccess(entityIds,
new[] { Permissions.Read },
userAccount);
}
Assert.That(result, Has.Count.EqualTo(entityIds.Count()));
Assert.That(result, Has.All.Property("Value").True);
mockRepository.VerifyAll();
}
public void Test_AddAllowReadQuery_NameQuery()
{
using (DatabaseContext.GetContext(true))
{
EntityType securableEntityType1;
IEntity entity1A;
IEntity entity1Z;
Subject subject;
Report report;
IDictionary <long, bool> result;
securableEntityType1 = Entity.Create <EntityType>();
securableEntityType1.Inherits.Add(Entity.Get <EntityType>("core:resource"));
securableEntityType1.Save();
entity1A = Entity.Create(new EntityRef(securableEntityType1.Id));
entity1A.SetField("core:name", "A");
entity1A.Save();
entity1Z = Entity.Create(new EntityRef(securableEntityType1.Id));
entity1Z.SetField("core:name", "Z");
entity1Z.Save();
subject = Entity.Create <UserAccount>().As <Subject>();
subject.Save();
report = TestQueries.EntitiesWithNameA().ToReport();
new AccessRuleFactory().AddAllowReadQuery(subject, securableEntityType1.As <SecurableEntity>(), report);
result = new EntityAccessControlChecker().CheckAccess(
new[] { new EntityRef(entity1A.Id), new EntityRef(entity1Z.Id) },
new[] { Permissions.Read },
subject);
Assert.That(result, Has.Property("Count").EqualTo(2));
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entity1A.Id).And.Property("Value").True);
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entity1Z.Id).And.Property("Value").False);
}
}
public void Test_AddAllowCreate_AllowMultipleCreate()
{
EntityType[] securableEntityTypes;
const int numTypes = 5;
Subject subject;
IDictionary <long, bool> result;
IEntity[] entities;
subject = Entity.Create <UserAccount>().As <Subject>();
subject.Save();
securableEntityTypes = new EntityType[numTypes];
for (int i = 0; i < numTypes; i++)
{
securableEntityTypes[i] = Entity.Create <EntityType>();
securableEntityTypes[i].Inherits.Add(Entity.Get <EntityType>("core:resource"));
securableEntityTypes[i].Save();
new AccessRuleFactory().AddAllowCreate(subject, securableEntityTypes[i].As <SecurableEntity>());
}
entities = new IEntity[numTypes];
for (int i = 0; i < numTypes; i++)
{
entities[i] = Entity.Create(securableEntityTypes[i]);
}
result = new EntityAccessControlChecker().CheckAccess(entities.Select(x => new EntityRef(x)).ToList(),
new[] { Permissions.Create }, subject);
Assert.That(result, Has.Count.EqualTo(numTypes));
Assert.That(result.Keys, Is.EquivalentTo(entities.Select(x => x.Id)));
Assert.That(result.Values, Has.All.True);
}
public void Test_CheckAccess_NoEntities()
{
MockRepository mockRepository;
EntityAccessControlChecker entityAccessControlChecker;
Mock <IUserRoleRepository> roleRepository;
Mock <IQueryRepository> queryRepository;
Mock <IEntityTypeRepository> entityTypeRepository;
IDictionary <long, bool> result;
UserAccount userAccount;
userAccount = Entity.Get <UserAccount>(RequestContext.GetContext().Identity.Id);
mockRepository = new MockRepository(MockBehavior.Strict);
roleRepository = mockRepository.Create <IUserRoleRepository>();
queryRepository = mockRepository.Create <IQueryRepository>();
entityTypeRepository = mockRepository.Create <IEntityTypeRepository>();
entityAccessControlChecker = new EntityAccessControlChecker(roleRepository.Object,
queryRepository.Object,
entityTypeRepository.Object);
result = entityAccessControlChecker.CheckAccess(new Collection <EntityRef>(),
new[] { Permissions.Read },
userAccount);
mockRepository.VerifyAll();
Assert.That(result, Is.Empty);
}
public void Test_SkipCheck_Fail()
{
EntityRef user;
user = new EntityRef(1);
Assert.That(EntityAccessControlChecker.SkipCheck(user), Is.False);
}
public void Test_SkipCheck_GlobalUser()
{
EntityRef user;
user = new EntityRef(0); // 0 = Global tenant
Assert.That(EntityAccessControlChecker.SkipCheck(user), Is.True);
}
public void Security_CheckInstancesSecurity(bool grant)
{
IEntityXmlExporter exporter = Factory.EntityXmlExporter;
IEntityXmlImporter importer = Factory.EntityXmlImporter;
string xml;
Definition type = new Definition( );
type.Inherits.Add(UserResource.UserResource_Type);
type.Name = Guid.NewGuid( ).ToString( );
type.Save( );
Resource instance = Entity.Create(type.Id).As <Resource>( );
instance.Name = "Mordor";
instance.Save( );
// Generate the XML as admin
using (RunAsImportExportRole( ))
{
xml = exporter.GenerateXml(instance.Id, EntityXmlExportSettings.Default);
}
// Create a user that can create the types, but not modify the instance
var user = Entity.Create <UserAccount>( );
user.Name = "Frodo";
user.UserHasRole.Add(Entity.Get <Role>("core:importExportRole"));
user.Save( );
new AccessRuleFactory( ).AddAllowCreate(user.As <Subject>( ), type.As <SecurableEntity>( )).Save( );
if (grant)
{
new AccessRuleFactory( ).AddAllowByQuery(user.As <Subject>( ),
type.As <SecurableEntity>( ),
new[] { Permissions.Read, Permissions.Modify },
TestQueries.Entities(new EntityRef(type.Id)).ToReport( )).Save( );
}
var res = new EntityAccessControlChecker( ).CheckTypeAccess(new[] { type.As <EntityType>() }, Permissions.Create, user);
// Try to reimport as non-priv user
using (new SetUser(user))
{
Action run = () => importer.ImportXml(xml, EntityXmlImportSettings.Default);
if (grant)
{
run( );
}
else
{
Assert.That(Assert.Throws <PlatformSecurityException>(() => run( )).Message, Is.StringStarting("Frodo does not have edit access to Mordor"));
}
}
}
public void Test_Creation()
{
EntityAccessControlChecker entityAccessControlChecker;
entityAccessControlChecker = null;
Assert.That(() => entityAccessControlChecker = new EntityAccessControlChecker(), Throws.Nothing);
Assert.That(entityAccessControlChecker, Has.Property("RoleRepository").Not.Null);
Assert.That(entityAccessControlChecker, Has.Property("QueryRepository").Not.Null);
Assert.That(entityAccessControlChecker, Has.Property("EntityTypeRepository").Not.Null);
}
public void Test_SetAll_Entities()
{
long[] entities = { 1, 2 };
IDictionary <long, bool> result;
result = new EntityAccessControlChecker().SetAll(entities, false);
Assert.That(result.Keys, Is.EquivalentTo(entities));
Assert.That(result.Values, Has.All.False);
}
public void Test_SkipCheck_Bypass()
{
EntityRef user;
user = new EntityRef(1);
using (new SecurityBypassContext())
{
Assert.That(EntityAccessControlChecker.SkipCheck(user), Is.True);
}
}
public void Test_CheckAccess_TypelessEntity()
{
IDictionary <long, bool> result;
long testId = EntityId.Max;
result = new EntityAccessControlChecker().CheckAccess(new[] { new EntityRef(testId) },
new[] { Permissions.Read },
Entity.Get <UserAccount>(RequestContext.GetContext().Identity.Id));
Assert.That(result, Has.Count.EqualTo(1));
Assert.That(result[testId], Is.True);
}
public void Test_AddMultiplePermissions()
{
EntityType securableEntityType1;
EntityType securableEntityType2;
Entity entity1;
Entity entity2;
Subject subject;
IDictionary <long, bool> result;
using (DatabaseContext.GetContext(true))
{
securableEntityType1 = Entity.Create <EntityType>();
securableEntityType1.Inherits.Add(Entity.Get <EntityType>("core:resource"));
securableEntityType1.Save();
securableEntityType2 = Entity.Create <EntityType>();
securableEntityType2.Inherits.Add(Entity.Get <EntityType>("core:resource"));
securableEntityType2.Save();
entity1 = Entity.Create(securableEntityType1).As <Entity>();
entity1.SetField("core:alias", "entity1__test");
entity1.Save();
entity2 = Entity.Create(securableEntityType2).As <Entity>();
entity2.SetField("core:alias", "entity2__test");
entity2.Save();
subject = Entity.Create <UserAccount>().As <Subject>();
subject.Save();
new AccessRuleFactory().AddAllowReadQuery(subject, securableEntityType1.As <SecurableEntity>(), TestQueries.Entities().ToReport());
new AccessRuleFactory().AddAllowReadQuery(subject, securableEntityType2.As <SecurableEntity>(), TestQueries.Entities().ToReport());
new AccessRuleFactory().AddAllowModifyQuery(subject, securableEntityType2.As <SecurableEntity>(), TestQueries.Entities().ToReport());
result = new EntityAccessControlChecker().CheckAccess(new EntityRef[] { entity1, entity2 },
new[] { Permissions.Read }, subject);
Assert.That(result,
Has.Exactly(1).Property("Key").EqualTo(entity1.Id).And.Property("Value").True, "Allow read");
Assert.That(result,
Has.Exactly(1).Property("Key").EqualTo(entity2.Id).And.Property("Value").True, "Allow read");
result = new EntityAccessControlChecker().CheckAccess(new EntityRef[] { entity1, entity2 },
new[] { Permissions.Modify }, subject);
Assert.That(result,
Has.Exactly(1).Property("Key").EqualTo(entity1.Id).And.Property("Value").False, "Allow modify");
Assert.That(result,
Has.Exactly(1).Property("Key").EqualTo(entity2.Id).And.Property("Value").True, "Allow modify");
result = new EntityAccessControlChecker().CheckAccess(new EntityRef[] { entity1, entity2 },
new[] { Permissions.Read, Permissions.Modify }, subject);
Assert.That(result,
Has.Exactly(1).Property("Key").EqualTo(entity1.Id).And.Property("Value").False, "Allow read and modify");
Assert.That(result,
Has.Exactly(1).Property("Key").EqualTo(entity2.Id).And.Property("Value").True, "Allow read and modify");
}
}
public void Test_Creation()
{
EntityAccessControlService entityAccessControlService;
IEntityAccessControlChecker entityAccessControlChecker;
entityAccessControlChecker = new EntityAccessControlChecker();
entityAccessControlService = new EntityAccessControlService(entityAccessControlChecker);
Assert.That(entityAccessControlService,
Has.Property("EntityAccessControlChecker").EqualTo(entityAccessControlChecker));
Assert.That(entityAccessControlService,
Has.Property("TraceLevelFactory").EqualTo((Func <int>)entityAccessControlService.GetTraceLevelSetting));
Assert.That(entityAccessControlService,
Has.Property("TraceLevel").Not.Null);
}
public void Test_CollateAccess_EmptyEntities()
{
IDictionary <long, bool> result;
Dictionary <EntityRef, IDictionary <long, bool> > operationToAccess;
EntityRef allowRead;
allowRead = Permissions.Read;
operationToAccess = new Dictionary <EntityRef, IDictionary <long, bool> >();
operationToAccess[allowRead] = new Dictionary <long, bool>();
operationToAccess[allowRead][1] = false;
result = new EntityAccessControlChecker().CollateAccess(new EntityRef[0], new Dictionary <long, IDictionary <long, bool> >());
Assert.That(result, Is.Empty);
}
public void Test_AllowAccessToInvalidIds_NoTypelessEntities()
{
IDictionary <long, ISet <EntityRef> > entityTypes;
Dictionary <long, bool> mapping;
IDictionary <long, bool> result;
mapping = new Dictionary <long, bool>();
mapping[1] = false;
entityTypes = new Dictionary <long, ISet <EntityRef> >();
result = new EntityAccessControlChecker().AllowAccessToTypelessIds(mapping, entityTypes);
Assert.That(result, Has.Count.EqualTo(mapping.Count));
Assert.That(result[1], Is.False);
}
public void Test_CollateAccess_SingleEntityNotAllowed()
{
IDictionary <long, bool> result;
Dictionary <long, IDictionary <long, bool> > operationToAccess;
EntityRef readPermission;
const int entityId = 1;
readPermission = Permissions.Read;
operationToAccess = new Dictionary <long, IDictionary <long, bool> >();
operationToAccess[readPermission.Id] = new Dictionary <long, bool>();
operationToAccess[readPermission.Id][entityId] = false;
result = new EntityAccessControlChecker().CollateAccess(new[] { new EntityRef(entityId) }, new Dictionary <long, IDictionary <long, bool> >());
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entityId).And.Property("Value").False);
}
public void Test_AllowAccessToInvalidIds_EmptyMapping()
{
IDictionary <long, ISet <EntityRef> > entityTypes;
Dictionary <long, bool> mapping;
IDictionary <long, bool> result;
mapping = new Dictionary <long, bool>();
entityTypes = new Dictionary <long, ISet <EntityRef> >();
entityTypes.Add(1, new HashSet <EntityRef> {
new EntityRef(1)
});
result = new EntityAccessControlChecker().AllowAccessToTypelessIds(mapping, entityTypes);
Assert.That(result, Has.Count.EqualTo(mapping.Count));
}
public void Test_BasicSecurity()
{
UserAccount userAccount = null;
EntityType entityType = null;
IEntity entity1 = null;
IEntity entity2 = null;
userAccount = Entity.Create <UserAccount>();
userAccount.Name = "GetEntitiesOfType test user " + Guid.NewGuid().ToString();
userAccount.Save();
entityType = new EntityType();
entityType.Inherits.Add(UserResource.UserResource_Type);
entityType.Save();
entity1 = Entity.Create(new EntityRef(entityType));
entity1.SetField("core:name", "A");
entity1.Save();
entity2 = Entity.Create(new EntityRef(entityType));
entity2.SetField("core:name", "B");
entity2.Save();
new AccessRuleFactory().AddAllowReadQuery(userAccount.As <Subject>(), entityType.As <SecurableEntity>(),
TestQueries.EntitiesWithNameA().ToReport());
// Sanity Check. Check directly to avoid any caching or side effect issue.
IDictionary <long, bool> results = new EntityAccessControlChecker().CheckAccess(
new[] { new EntityRef(entity1), new EntityRef(entity2) },
new[] { Permissions.Read },
new EntityRef(userAccount));
Assert.That(results, Has.Exactly(1).Property("Key").EqualTo(entity1.Id).And.Property("Value").True,
"EntityAccessControlChecker.CheckAccess: No access to Entity ID 1");
Assert.That(results, Has.Exactly(1).Property("Key").EqualTo(entity2.Id).And.Property("Value").False,
"EntityAccessControlChecker.CheckAccess: Access to Entity ID 2");
using (new SetUser(userAccount))
{
IEnumerable <IEntity> entities = Entity.GetInstancesOfType(entityType, true, "name");
Assert.That(entities.Count(), Is.EqualTo(1),
"Entity.GetInstancesOfType: Incorrect count");
Assert.That(entities, Has.Exactly(1).Property("Id").EqualTo(entity1.Id),
"Entity.GetInstancesOfType: Incorrect Id");
}
}
public void Test_CheckAccess_AccessByQueryOnly()
{
UserAccount userAccount;
SecurableEntity securableEntity;
IDictionary <long, bool> result;
AccessRule accessRule;
Report authReport;
// Test:
//
// Folder Instance
// ^
// |
// |
// UserAccount ----> AccessRule -----> FolderType
//
// (no PermissionAccess relationship)
//
using (DatabaseContext.GetContext(true))
{
securableEntity = Entity.Create <SecurableEntity>();
securableEntity.Save();
authReport = Entity.Create <Report>();
authReport.Save();
accessRule = Entity.Create <AccessRule>();
accessRule.AccessRuleEnabled = true;
accessRule.AccessRuleReport = authReport;
accessRule.ControlAccess = securableEntity;
// Do not set accessRule.PermissionAccess
accessRule.Save();
userAccount = Entity.Create <UserAccount>();
userAccount.AllowAccess.Add(accessRule.As <AccessRule>());
userAccount.Save();
result = new EntityAccessControlChecker().CheckAccess(new[] { new EntityRef(securableEntity.Id) },
new[] { Permissions.Read },
new EntityRef(userAccount.Id));
Assert.That(result[securableEntity.Id], Is.False);
}
}
public void Test_CheckAccess_Mocked_TypelessEntity()
{
MockRepository mockRepository;
EntityAccessControlChecker entityAccessControlChecker;
Mock <IUserRoleRepository> roleRepository;
Mock <IQueryRepository> queryRepository;
Mock <IEntityTypeRepository> entityTypeRepository;
IDictionary <long, bool> result;
UserAccount userAccount;
EntityRef[] entitiesToTest;
long testId = EntityId.Max;
userAccount = Entity.Get <UserAccount>(RequestContext.GetContext().Identity.Id);
mockRepository = new MockRepository(MockBehavior.Strict);
roleRepository = mockRepository.Create <IUserRoleRepository>();
roleRepository.Setup(rr => rr.GetUserRoles(userAccount.Id)).Returns(() => new HashSet <long>());
queryRepository = mockRepository.Create <IQueryRepository>();
entitiesToTest = new [] { new EntityRef(testId) };
entityTypeRepository = mockRepository.Create <IEntityTypeRepository>();
entityTypeRepository.Setup(etr => etr.GetEntityTypes(entitiesToTest))
.Returns(() => new Dictionary <long, ISet <EntityRef> >
{
{ EntityTypeRepository.TypelessId, new HashSet <EntityRef> {
new EntityRef(testId)
} }
});
entityAccessControlChecker = new EntityAccessControlChecker(roleRepository.Object,
queryRepository.Object,
entityTypeRepository.Object);
result = entityAccessControlChecker.CheckAccess(entitiesToTest,
new[] { Permissions.Read },
userAccount);
mockRepository.VerifyAll();
Assert.That(result, Has.Count.EqualTo(1));
Assert.That(result[testId], Is.True);
}
public void Test_AllowAccessToInvalidIds_SingleTypelessEntity()
{
IDictionary <long, ISet <EntityRef> > entityTypes;
Dictionary <long, bool> mapping;
IDictionary <long, bool> result;
const long testEntityId = 1;
mapping = new Dictionary <long, bool>();
mapping[testEntityId] = false;
entityTypes = new Dictionary <long, ISet <EntityRef> >();
entityTypes.Add(EntityTypeRepository.TypelessId, new HashSet <EntityRef> {
new EntityRef(testEntityId)
});
result = new EntityAccessControlChecker().AllowAccessToTypelessIds(mapping, entityTypes);
Assert.That(result, Has.Count.EqualTo(mapping.Count));
Assert.That(result[testEntityId], Is.True);
}
public void Test_CheckAccess_UserNoRelationships()
{
UserAccount userAccount;
IEntity folder;
IDictionary <long, bool> result;
using (DatabaseContext.GetContext(true))
{
userAccount = Entity.Create <UserAccount>();
userAccount.Save();
folder = Entity.Create <Folder>();
folder.Save();
result = new EntityAccessControlChecker().CheckAccess(new[] { new EntityRef(folder.Id) },
new[] { Permissions.Read },
new EntityRef(userAccount.Id));
Assert.That(result[folder.Id], Is.False);
}
}
public void Test_CheckAccess_AccessRuleOnly()
{
UserAccount userAccount;
SecurableEntity securableEntity;
IDictionary <long, bool> result;
AccessRule accessRule;
// Test:
//
// Instance
// ^
// |
// |
// UserAccount ------- AccessByQuery -----> SecurableEntity
//
// (no PermissionAccess relationship to Create)
//
using (DatabaseContext.GetContext(true))
{
securableEntity = Entity.Create <SecurableEntity>();
securableEntity.Save();
accessRule = Entity.Create <AccessRule>();
accessRule.AccessRuleEnabled = true;
accessRule.ControlAccess = securableEntity;
accessRule.Save();
userAccount = Entity.Create <UserAccount>();
userAccount.AllowAccess.Add(accessRule);
userAccount.Save();
result = new EntityAccessControlChecker().CheckAccess(new[] { new EntityRef(securableEntity.Id) },
new[] { Permissions.Create },
new EntityRef(userAccount.Id));
Assert.That(result[securableEntity.Id], Is.False);
}
}
public void CheckAutomaticAccess_GrantType(string permissionEntityRef, string testEntityRef, bool expectedResult)
{
Permission permission;
Dictionary <long, IDictionary <long, bool> > permissionToAccess;
IDictionary <long, ISet <EntityRef> > entityTypes;
EntityRef testType;
EntityAccessControlChecker entityAccessControlChecker;
permission = Entity.Get <Permission>(permissionEntityRef);
Assert.That(permission, Is.Not.Null, "Unknown permission.");
permissionToAccess = new Dictionary <long, IDictionary <long, bool> >();
permissionToAccess[permission.Id] = new Dictionary <long, bool>();
testType = new EntityRef(testEntityRef);
entityTypes = new EntityTypeRepository().GetEntityTypes(new [] { testType });
entityAccessControlChecker = new EntityAccessControlChecker();
foreach (KeyValuePair <long, ISet <EntityRef> > entityType in entityTypes)
{
entityAccessControlChecker.CheckAutomaticAccess(
permission, entityType, permissionToAccess);
}
if (expectedResult)
{
Assert.That(
permissionToAccess[permission.Id],
Has.Some.Property("Key").EqualTo(testType.Id)
.And.Property("Value").EqualTo(expectedResult));
}
else
{
Assert.That(
permissionToAccess[permission.Id],
Has.None.Property("Key").EqualTo(testType.Id));
}
}
public void Test_CheckAccess_NoPermissions()
{
MockRepository mockRepository;
EntityAccessControlChecker entityAccessControlChecker;
Mock <IUserRoleRepository> roleRepository;
Mock <IQueryRepository> queryRepository;
Mock <IEntityTypeRepository> entityTypeRepository;
IDictionary <long, bool> result;
EntityRef testEntity;
UserAccount userAccount;
userAccount = Entity.Get <UserAccount>(RequestContext.GetContext().Identity.Id);
testEntity = new EntityRef(1);
mockRepository = new MockRepository(MockBehavior.Strict);
roleRepository = mockRepository.Create <IUserRoleRepository>();
roleRepository.Setup(rr => rr.GetUserRoles(userAccount.Id)).Returns(() => new HashSet <long>());
queryRepository = mockRepository.Create <IQueryRepository>();
entityTypeRepository = mockRepository.Create <IEntityTypeRepository>();
entityAccessControlChecker = new EntityAccessControlChecker(roleRepository.Object,
queryRepository.Object,
entityTypeRepository.Object);
result = entityAccessControlChecker.CheckAccess(new[] { testEntity }, new Collection <EntityRef>(),
userAccount);
mockRepository.VerifyAll();
Assert.That(result,
Has.Exactly(1).Property("Key").EqualTo(testEntity.Id).And.Property("Value").EqualTo(false));
Assert.That(result, Has.Count.EqualTo(1));
}
public void Test_SkipCheck_NullUser()
{
Assert.That(() => EntityAccessControlChecker.SkipCheck(null),
Throws.TypeOf <ArgumentNullException>().And.Property("ParamName").EqualTo("user"));
}
