public void Test_GetQueries_SubjectWith2SEs2SQsDifferentPermissions() { QueryRepository queryRepository; EntityType securableEntityType1; EntityType securableEntityType2; Role subject; List <StructuredQuery> result; Report authReport1; Report authReport2; // Test: // // |--------------> Read // | // Subject -------> Access Rule -----------> SE1 // | // |-----> Access Rule -----------> SE2 // | // |--------------> Modify using (DatabaseContext.GetContext(true)) { securableEntityType1 = Entity.Create <EntityType>(); securableEntityType1.Save(); authReport1 = TestQueries.Entities().ToReport(); authReport1.Save(); securableEntityType2 = Entity.Create <EntityType>(); securableEntityType2.Save(); authReport2 = TestQueries.Entities().ToReport(); authReport2.Save(); subject = Entity.Create <Role>(); subject.Save(); new AccessRuleFactory().AddAllowReadQuery(subject.As <Subject>(), securableEntityType1.As <SecurableEntity>(), authReport1); new AccessRuleFactory().AddAllowModifyQuery(subject.As <Subject>(), securableEntityType1.As <SecurableEntity>(), authReport2); queryRepository = new QueryRepository(); result = new List <StructuredQuery>(queryRepository.GetQueries(subject.Id, Permissions.Read, new[] { securableEntityType1.Id, securableEntityType2.Id }).Select(q => q.Query)); Assert.That(result, Is.EquivalentTo(new [] { ReportToQueryConverter.Instance.Convert(authReport1) }) .Using(new StructuredQueryEqualityComparer()), "Incorrect read queries"); result = new List <StructuredQuery>(queryRepository.GetQueries(subject.Id, Permissions.Modify, new[] { securableEntityType1.Id, securableEntityType2.Id }).Select(q => q.Query)); Assert.That(result, Is.EquivalentTo(new [] { ReportToQueryConverter.Instance.Convert(authReport2) }) .Using(new StructuredQueryEqualityComparer()), "Incorrect modify queries"); } }
public void Test_GetQueries_NullPermission( ) { Role testSubject; EntityType testSecurableEntityType; IEnumerable <AccessRuleQuery> result; AccessRule accessRule; Report report; QueryRepository queryRepository; using (DatabaseContext.GetContext(true)) { testSecurableEntityType = Entity.Create <EntityType>( ); testSecurableEntityType.Save( ); report = TestQueries.Entities( ).ToReport( ); report.Save( ); accessRule = Entity.Create <AccessRule>( ); accessRule.AccessRuleEnabled = true; accessRule.PermissionAccess.Add(Entity.Get <Permission>(Permissions.Read)); accessRule.ControlAccess = testSecurableEntityType.As <SecurableEntity>( ); accessRule.AccessRuleReport = report; accessRule.Save( ); testSubject = Entity.Create <Role>( ); testSubject.AllowAccess.Add(accessRule.As <AccessRule>( )); testSubject.Save( ); queryRepository = new QueryRepository( ); result = new List <AccessRuleQuery>(queryRepository.GetQueries(testSubject.Id, null, new [] { testSecurableEntityType.Id })); Assert.That(result, Is.Not.Empty); } }
public void Test_GetQueries_SubjectWithAccessRuleButNoPermissions() { QueryRepository queryRepository; SecurableEntity securableEntityType; AccessRule accessRule; Role subject; IEnumerable <AccessRuleQuery> result; Report authReport; using (DatabaseContext.GetContext(true)) { securableEntityType = Entity.Create <EntityType>().As <SecurableEntity>(); securableEntityType.Save(); authReport = Entity.Create <Report>(); authReport.Save(); accessRule = Entity.Create <AccessRule>(); accessRule.AccessRuleEnabled = true; accessRule.ControlAccess = securableEntityType; accessRule.AccessRuleReport = authReport; accessRule.Save(); subject = Entity.Create <Role>(); subject.AllowAccess.Add(accessRule.As <AccessRule>()); subject.Save(); queryRepository = new QueryRepository(); result = queryRepository.GetQueries(subject.Id, Permissions.Read, new[] { securableEntityType.Id }); Assert.That(result, Is.Not.Null); Assert.That(result, Is.Empty); } }
public ActionResult Counts() { O2CV1QueryDto queryDto; List <O2CV1QueryDto> listQuery = QueryRepository.GetQueries(); return(View(listQuery)); }
/// <summary> /// Return the list of all objects that the subject has access to, and the reason for the access. /// </summary> /// <param name="subjectId">The role or user </param> /// <param name="settings">Settings</param> /// <returns>List of access reasons.</returns> public IReadOnlyList <AccessReason> GetTypeAccessReasons(long subjectId, [NotNull] TypeAccessReasonSettings settings) { // Get list of applicable access rules // null permission = matches any permission // null securableEntityTypes = matches any type IReadOnlyList <AccessRuleQuery> queries = QueryRepository.GetQueries(subjectId, null, null).ToList( ); // Preload all applicable access rules IEnumerable <long> accessRuleIds = queries.Select(query => query.AccessRuleId); IDictionary <long, AccessRule> accessRules = EntityRepository.Get <AccessRule>(accessRuleIds).ToDictionary(e => e.Id); // Build initial list of reasons List <AccessReason> reasons = new List <AccessReason>( ); foreach (AccessRuleQuery ruleQuery in queries) { AccessRule accessRule; if (!accessRules.TryGetValue(ruleQuery.AccessRuleId, out accessRule)) { continue; // assert false } bool allInstances = ruleQuery.DoesQueryGrantAllOfTypes(ruleQuery.ControlsAccessForTypeId); bool perUser = !allInstances && ruleQuery.DoesQueryReferToCurrentUser( ); AccessRuleScope scope = allInstances ? AccessRuleScope.AllInstances : (perUser ? AccessRuleScope.PerUser : AccessRuleScope.SomeInstances); AccessReason reason = new AccessReason { AccessRuleQuery = ruleQuery, AccessRule = accessRule, SubjectId = accessRule.AllowAccessBy?.Id ?? 0, TypeId = ruleQuery.ControlsAccessForTypeId, Description = "Access rule: " + (accessRule.AccessRuleReport?.Name ?? accessRule.Name), AccessRuleScope = scope }; AddPermissionsToReason(reason); reasons.Add(reason); } // Add implicit reasons due to relationship security AddReasonsByGroup(reasons); IEnumerable <AccessReason> result = reasons; result = FilterReasonsToUserTypes(result, settings); result = FilterOverlappingReasons(result); return(result.ToList( )); }
public void TestSinglePermissionQuery(string permissionAlias) { QueryRepository queryRepository; SecurableEntity securableEntityType; AccessRule accessRule; Role subject; List <AccessRuleQuery> result; Permission permission; Report report; using (DatabaseContext.GetContext(true)) { permission = Entity.Get <Permission>(permissionAlias); securableEntityType = Entity.Create <EntityType>().As <SecurableEntity>(); securableEntityType.Save(); report = TestQueries.Entities().ToReport(); report.Save(); accessRule = Entity.Create <AccessRule>(); accessRule.AccessRuleEnabled = true; accessRule.PermissionAccess.Add(permission); accessRule.ControlAccess = securableEntityType; accessRule.AccessRuleReport = report; accessRule.Save(); subject = Entity.Create <Role>(); subject.AllowAccess.Add(accessRule.As <AccessRule>()); subject.Save(); queryRepository = new QueryRepository(); result = new List <AccessRuleQuery>(queryRepository.GetQueries(subject.Id, permission, new[] { securableEntityType.Id })); Assert.That(result, Has.Count.EqualTo(1)); Assert.That(TestQueries.IsCreatedFrom(result[0].Query, report), Is.True); } }
public void Test_GetQueries_SubjectWithoutAccessRules() { QueryRepository queryRepository; EntityType testSecurableEntityType; Role testSubject; IEnumerable <AccessRuleQuery> result; using (DatabaseContext.GetContext(true)) { testSecurableEntityType = Entity.Create <EntityType>(); testSecurableEntityType.Save(); testSubject = Entity.Create <Role>(); testSubject.Save(); queryRepository = new QueryRepository(); result = queryRepository.GetQueries(testSubject.Id, Permissions.Read, new[] { testSecurableEntityType.Id }); Assert.That(result, Is.Not.Null); Assert.That(result, Is.Empty); } }
public void Test_GetQueries_SubjectWith2SEs2SQs() { QueryRepository queryRepository; EntityType securableEntityType1; EntityType securableEntityType2; Role subject; AccessRule accessRule1; AccessRule accessRule2; List <AccessRuleQuery> result; Report authReport1; Report authReport2; // Test: // // |--------------> Read // | // Subject -------> Access Rule -----------> SE1 // | // |-----> Access Rule -----------> SE2 // | // |--------------> Read using (DatabaseContext.GetContext(true)) { securableEntityType1 = Entity.Create <EntityType>(); securableEntityType1.Save(); authReport1 = TestQueries.Entities().ToReport(); authReport1.Save(); accessRule1 = Entity.Create <AccessRule>(); accessRule1.AccessRuleEnabled = true; accessRule1.PermissionAccess.Add(Permissions.Read.Entity.As <Permission>()); accessRule1.ControlAccess = securableEntityType1.As <SecurableEntity>(); accessRule1.AccessRuleReport = authReport1; accessRule1.Save(); securableEntityType2 = Entity.Create <EntityType>(); securableEntityType2.Save(); authReport2 = TestQueries.Entities().ToReport(); authReport2.Save(); accessRule2 = Entity.Create <AccessRule>(); accessRule2.AccessRuleEnabled = true; accessRule2.PermissionAccess.Add(Permissions.Read.Entity.As <Permission>()); accessRule2.ControlAccess = securableEntityType2.As <SecurableEntity>(); accessRule2.AccessRuleReport = authReport2; accessRule2.Save(); subject = Entity.Create <Role>(); subject.AllowAccess.Add(accessRule1.As <AccessRule>()); subject.AllowAccess.Add(accessRule2.As <AccessRule>()); subject.Save(); queryRepository = new QueryRepository(); result = new List <AccessRuleQuery>(queryRepository.GetQueries(subject.Id, Permissions.Read, new[] { securableEntityType1.Id, securableEntityType2.Id })); Assert.That(result, Is.Not.Null); Assert.That(result, Has.Count.EqualTo(2)); Assert.That(result.Select(q => q.Query), Is.EquivalentTo(new [] { ReportToQueryConverter.Instance.Convert(authReport1), ReportToQueryConverter.Instance.Convert(authReport2) }) .Using(new StructuredQueryEqualityComparer())); } }