Ejemplo n.º 1
0
        public async Task Get_Module_With_A_Lesson_And_An_Exercise(Mock <IAuthorizationService> authorizationService, IStateService stateService, Module module, Module invalidModule, User user)
        {
            authorizationService.Setup(x => x.HasWriteAccess(user, It.IsAny <Module>(), It.IsAny <CancellationToken>())).ReturnsAsync(false);

            module.Concepts.First().Exercises.First().Questions.First().Answers.First().Valid = true;

            invalidModule.Concepts.First().Exercises.First().Questions.First().Answers.ForEach(x => x.Valid = false);
            invalidModule.Concepts.First().Lessons.Clear();

            var context     = TestSetup.SetupContext();
            var httpContext = TestSetup.SetupHttpContext().SetupSession(user);

            await context.Modules.AddAsync(module);

            await context.Modules.AddAsync(invalidModule);

            await context.SaveChangesAsync();

            var service = new ModuleService(context, httpContext, authorizationService.Object, stateService);
            var result  = await service.Get(module.Id);

            var invalidResult = await service.Get(invalidModule.Id);

            result.Should().NotBeNull().And.BeEquivalentTo(module);
            invalidResult.Should().BeNull();
        }
Ejemplo n.º 2
0
        public static bool HasAccess(string controllerName, string actionName, string customName)
        {
            var userService = new UserService();
            var user        = userService.Get();

            var userAuthorizationService = new UserRoleService();
            var moduleService            = new ModuleService();

            int moduleId = 0;

            var actions = actionName.Split(',');

            foreach (var action in actions)
            {
                var module = moduleService.Get($"{controllerName}.{action}.{customName}");

                if (module != null)
                {
                    moduleId = module.Id;
                    break;
                }
            }

            if (moduleId == 0)
            {
                return(false);
            }

            if (userAuthorizationService.GetUserRole(moduleId, user.Id))
            {
                return(true);
            }

            return(false);
        }
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            try
            {
                if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>(true).Any() ||
                    actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>(true).Any())
                {
                    return;
                }

                var routingValues     = actionContext.Request.GetRouteData().Values;
                var currentController = string.IsNullOrEmpty(RootController) ? ((string)routingValues["controller"] ?? string.Empty) : RootController;

                var ClaimsIdentity = (ClaimsIdentity)actionContext.RequestContext.Principal.Identity;
                var contextUser    = ClaimsIdentity.Claims.FirstOrDefault().Value;

                if (!int.TryParse(contextUser, out var userId))
                {
                    var userService = new UserService();
                    var user        = userService.GetByUsername(contextUser);
                    userId = user.Id;
                }

                var ApiUserRoleService = new ApiUserRoleService();
                var moduleService      = new ModuleService();

                var isAllowed = false;

                var actions = Action.Split(',');
                foreach (var action in actions)
                {
                    var module = moduleService.Get($"{currentController}.{action}");
                    isAllowed = isAllowed || ApiUserRoleService.GetUserRole(module.Id, userId);
                }

                if (isAllowed)
                {
                    base.OnAuthorization(actionContext);
                }
                else
                {
                    base.HandleUnauthorizedRequest(actionContext);
                }
            }
            catch (Exception e)
            {
                base.HandleUnauthorizedRequest(actionContext);
            }
        }
Ejemplo n.º 4
0
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            try
            {
                if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
                {
                    return;
                }

                var routingValues     = filterContext.RouteData.Values;
                var currentController = string.IsNullOrEmpty(RootController) ?  ((string)routingValues["controller"] ?? string.Empty) : RootController;
                //var currentAction = (string)routingValues["action"] ?? string.Empty;

                var contextUser = filterContext.RequestContext.HttpContext.User.Identity.Name;

                if (!int.TryParse(contextUser, out var userId))
                {
                    var userService = new UserService();
                    var user        = userService.GetByUsername(contextUser);
                    userId = user.Id;
                }

                var userAuthorizationService = new UserRoleService();
                var moduleService            = new ModuleService();

                var isAllowed = false;
                var url       = filterContext.HttpContext.Request.RawUrl;

                var actions = Action.Split(',');
                foreach (var action in actions)
                {
                    var module = moduleService.Get($"{currentController}.{action}");
                    isAllowed = isAllowed || userAuthorizationService.GetUserRole(module.Id, userId);
                }

                if (isAllowed)
                {
                    base.OnAuthorization(filterContext);
                }
                else
                {
                    filterContext.Result = new RedirectResult("/kullanici/oturum-ac?auth=0&ReturnUrl=" + url);
                }
            }
            catch
            {
                filterContext.Result = new HttpUnauthorizedResult();
            }
        }
Ejemplo n.º 5
0
        public async Task Get_Entire_Module_With_Write_Access(Mock <IAuthorizationService> authorizationService, IStateService stateService, Module module, User user)
        {
            authorizationService.Setup(x => x.HasWriteAccess(user, module, It.IsAny <CancellationToken>())).ReturnsAsync(true);

            module.Concepts.First().Exercises.First().Questions.First().Answers.ForEach(x => x.Valid = false);

            var context     = TestSetup.SetupContext();
            var httpContext = TestSetup.SetupHttpContext().SetupSession(user);

            await context.Users.AddAsync(user);

            await context.Modules.AddAsync(module);

            await context.SaveChangesAsync();

            var service = new ModuleService(context, httpContext, authorizationService.Object, stateService);
            var result  = await service.Get(module.Id);

            result.Should().BeEquivalentTo(module);
        }