public void Test_GetQueries_SubjectWith2SEs2SQsDifferentPermissions()
{
QueryRepository queryRepository;
EntityType securableEntityType1;
EntityType securableEntityType2;
Role subject;
List <StructuredQuery> result;
Report authReport1;
Report authReport2;
// Test:
//
// |--------------> Read
// |
// Subject -------> Access Rule -----------> SE1
// |
// |-----> Access Rule -----------> SE2
// |
// |--------------> Modify
using (DatabaseContext.GetContext(true))
{
securableEntityType1 = Entity.Create <EntityType>();
securableEntityType1.Save();
authReport1 = TestQueries.Entities().ToReport();
authReport1.Save();
securableEntityType2 = Entity.Create <EntityType>();
securableEntityType2.Save();
authReport2 = TestQueries.Entities().ToReport();
authReport2.Save();
subject = Entity.Create <Role>();
subject.Save();
new AccessRuleFactory().AddAllowReadQuery(subject.As <Subject>(), securableEntityType1.As <SecurableEntity>(), authReport1);
new AccessRuleFactory().AddAllowModifyQuery(subject.As <Subject>(), securableEntityType1.As <SecurableEntity>(), authReport2);
queryRepository = new QueryRepository();
result = new List <StructuredQuery>(queryRepository.GetQueries(subject.Id, Permissions.Read,
new[] { securableEntityType1.Id, securableEntityType2.Id }).Select(q => q.Query));
Assert.That(result,
Is.EquivalentTo(new [] { ReportToQueryConverter.Instance.Convert(authReport1) })
.Using(new StructuredQueryEqualityComparer()), "Incorrect read queries");
result = new List <StructuredQuery>(queryRepository.GetQueries(subject.Id, Permissions.Modify,
new[] { securableEntityType1.Id, securableEntityType2.Id }).Select(q => q.Query));
Assert.That(result,
Is.EquivalentTo(new [] { ReportToQueryConverter.Instance.Convert(authReport2) })
.Using(new StructuredQueryEqualityComparer()), "Incorrect modify queries");
}
}
public void Test_GetQueries_NullPermission( )
{
Role testSubject;
EntityType testSecurableEntityType;
IEnumerable <AccessRuleQuery> result;
AccessRule accessRule;
Report report;
QueryRepository queryRepository;
using (DatabaseContext.GetContext(true))
{
testSecurableEntityType = Entity.Create <EntityType>( );
testSecurableEntityType.Save( );
report = TestQueries.Entities( ).ToReport( );
report.Save( );
accessRule = Entity.Create <AccessRule>( );
accessRule.AccessRuleEnabled = true;
accessRule.PermissionAccess.Add(Entity.Get <Permission>(Permissions.Read));
accessRule.ControlAccess = testSecurableEntityType.As <SecurableEntity>( );
accessRule.AccessRuleReport = report;
accessRule.Save( );
testSubject = Entity.Create <Role>( );
testSubject.AllowAccess.Add(accessRule.As <AccessRule>( ));
testSubject.Save( );
queryRepository = new QueryRepository( );
result = new List <AccessRuleQuery>(queryRepository.GetQueries(testSubject.Id,
null, new [] { testSecurableEntityType.Id }));
Assert.That(result, Is.Not.Empty);
}
}
public void Test_GetQueries_SubjectWithAccessRuleButNoPermissions()
{
QueryRepository queryRepository;
SecurableEntity securableEntityType;
AccessRule accessRule;
Role subject;
IEnumerable <AccessRuleQuery> result;
Report authReport;
using (DatabaseContext.GetContext(true))
{
securableEntityType = Entity.Create <EntityType>().As <SecurableEntity>();
securableEntityType.Save();
authReport = Entity.Create <Report>();
authReport.Save();
accessRule = Entity.Create <AccessRule>();
accessRule.AccessRuleEnabled = true;
accessRule.ControlAccess = securableEntityType;
accessRule.AccessRuleReport = authReport;
accessRule.Save();
subject = Entity.Create <Role>();
subject.AllowAccess.Add(accessRule.As <AccessRule>());
subject.Save();
queryRepository = new QueryRepository();
result = queryRepository.GetQueries(subject.Id, Permissions.Read, new[] { securableEntityType.Id });
Assert.That(result, Is.Not.Null);
Assert.That(result, Is.Empty);
}
}
public ActionResult Counts()
{
O2CV1QueryDto queryDto;
List <O2CV1QueryDto> listQuery = QueryRepository.GetQueries();
return(View(listQuery));
}
/// <summary>
/// Return the list of all objects that the subject has access to, and the reason for the access.
/// </summary>
/// <param name="subjectId">The role or user </param>
/// <param name="settings">Settings</param>
/// <returns>List of access reasons.</returns>
public IReadOnlyList <AccessReason> GetTypeAccessReasons(long subjectId, [NotNull] TypeAccessReasonSettings settings)
{
// Get list of applicable access rules
// null permission = matches any permission
// null securableEntityTypes = matches any type
IReadOnlyList <AccessRuleQuery> queries = QueryRepository.GetQueries(subjectId, null, null).ToList( );
// Preload all applicable access rules
IEnumerable <long> accessRuleIds = queries.Select(query => query.AccessRuleId);
IDictionary <long, AccessRule> accessRules = EntityRepository.Get <AccessRule>(accessRuleIds).ToDictionary(e => e.Id);
// Build initial list of reasons
List <AccessReason> reasons = new List <AccessReason>( );
foreach (AccessRuleQuery ruleQuery in queries)
{
AccessRule accessRule;
if (!accessRules.TryGetValue(ruleQuery.AccessRuleId, out accessRule))
{
continue; // assert false
}
bool allInstances = ruleQuery.DoesQueryGrantAllOfTypes(ruleQuery.ControlsAccessForTypeId);
bool perUser = !allInstances && ruleQuery.DoesQueryReferToCurrentUser( );
AccessRuleScope scope = allInstances ? AccessRuleScope.AllInstances : (perUser ? AccessRuleScope.PerUser : AccessRuleScope.SomeInstances);
AccessReason reason = new AccessReason
{
AccessRuleQuery = ruleQuery,
AccessRule = accessRule,
SubjectId = accessRule.AllowAccessBy?.Id ?? 0,
TypeId = ruleQuery.ControlsAccessForTypeId,
Description = "Access rule: " + (accessRule.AccessRuleReport?.Name ?? accessRule.Name),
AccessRuleScope = scope
};
AddPermissionsToReason(reason);
reasons.Add(reason);
}
// Add implicit reasons due to relationship security
AddReasonsByGroup(reasons);
IEnumerable <AccessReason> result = reasons;
result = FilterReasonsToUserTypes(result, settings);
result = FilterOverlappingReasons(result);
return(result.ToList( ));
}
public void TestSinglePermissionQuery(string permissionAlias)
{
QueryRepository queryRepository;
SecurableEntity securableEntityType;
AccessRule accessRule;
Role subject;
List <AccessRuleQuery> result;
Permission permission;
Report report;
using (DatabaseContext.GetContext(true))
{
permission = Entity.Get <Permission>(permissionAlias);
securableEntityType = Entity.Create <EntityType>().As <SecurableEntity>();
securableEntityType.Save();
report = TestQueries.Entities().ToReport();
report.Save();
accessRule = Entity.Create <AccessRule>();
accessRule.AccessRuleEnabled = true;
accessRule.PermissionAccess.Add(permission);
accessRule.ControlAccess = securableEntityType;
accessRule.AccessRuleReport = report;
accessRule.Save();
subject = Entity.Create <Role>();
subject.AllowAccess.Add(accessRule.As <AccessRule>());
subject.Save();
queryRepository = new QueryRepository();
result = new List <AccessRuleQuery>(queryRepository.GetQueries(subject.Id,
permission, new[] { securableEntityType.Id }));
Assert.That(result, Has.Count.EqualTo(1));
Assert.That(TestQueries.IsCreatedFrom(result[0].Query, report), Is.True);
}
}
public void Test_GetQueries_SubjectWithoutAccessRules()
{
QueryRepository queryRepository;
EntityType testSecurableEntityType;
Role testSubject;
IEnumerable <AccessRuleQuery> result;
using (DatabaseContext.GetContext(true))
{
testSecurableEntityType = Entity.Create <EntityType>();
testSecurableEntityType.Save();
testSubject = Entity.Create <Role>();
testSubject.Save();
queryRepository = new QueryRepository();
result = queryRepository.GetQueries(testSubject.Id, Permissions.Read, new[] { testSecurableEntityType.Id });
Assert.That(result, Is.Not.Null);
Assert.That(result, Is.Empty);
}
}
public void Test_GetQueries_SubjectWith2SEs2SQs()
{
QueryRepository queryRepository;
EntityType securableEntityType1;
EntityType securableEntityType2;
Role subject;
AccessRule accessRule1;
AccessRule accessRule2;
List <AccessRuleQuery> result;
Report authReport1;
Report authReport2;
// Test:
//
// |--------------> Read
// |
// Subject -------> Access Rule -----------> SE1
// |
// |-----> Access Rule -----------> SE2
// |
// |--------------> Read
using (DatabaseContext.GetContext(true))
{
securableEntityType1 = Entity.Create <EntityType>();
securableEntityType1.Save();
authReport1 = TestQueries.Entities().ToReport();
authReport1.Save();
accessRule1 = Entity.Create <AccessRule>();
accessRule1.AccessRuleEnabled = true;
accessRule1.PermissionAccess.Add(Permissions.Read.Entity.As <Permission>());
accessRule1.ControlAccess = securableEntityType1.As <SecurableEntity>();
accessRule1.AccessRuleReport = authReport1;
accessRule1.Save();
securableEntityType2 = Entity.Create <EntityType>();
securableEntityType2.Save();
authReport2 = TestQueries.Entities().ToReport();
authReport2.Save();
accessRule2 = Entity.Create <AccessRule>();
accessRule2.AccessRuleEnabled = true;
accessRule2.PermissionAccess.Add(Permissions.Read.Entity.As <Permission>());
accessRule2.ControlAccess = securableEntityType2.As <SecurableEntity>();
accessRule2.AccessRuleReport = authReport2;
accessRule2.Save();
subject = Entity.Create <Role>();
subject.AllowAccess.Add(accessRule1.As <AccessRule>());
subject.AllowAccess.Add(accessRule2.As <AccessRule>());
subject.Save();
queryRepository = new QueryRepository();
result = new List <AccessRuleQuery>(queryRepository.GetQueries(subject.Id, Permissions.Read,
new[] { securableEntityType1.Id, securableEntityType2.Id }));
Assert.That(result, Is.Not.Null);
Assert.That(result, Has.Count.EqualTo(2));
Assert.That(result.Select(q => q.Query),
Is.EquivalentTo(new [] {
ReportToQueryConverter.Instance.Convert(authReport1),
ReportToQueryConverter.Instance.Convert(authReport2)
})
.Using(new StructuredQueryEqualityComparer()));
}
}
