/// <summary>
/// Adds access rule with an action of <see cref="AccessRuleViolationAction.Error"/>
/// </summary>
/// <param name="pageDirectoryId">Id of the directory to add the rule to.</param>
/// <param name="userAreaCode">
/// Unique 3 character code representing the user area to restrict
/// the page to. This cannot be the Cofoundry admin user area, as
/// access rules do not apply to admin panel users.
/// </param>
/// <param name="roleId">
/// Optionally restrict access to a specific role within the selected
/// user area.
/// </param>
/// <param name="configration">
/// Optional additional configuration action to run before the
/// command is executed.
/// </param>
public async Task AddAccessRuleAsync(
int pageDirectoryId,
string userAreaCode,
int?roleId = null,
Action <UpdatePageDirectoryAccessRuleSetCommand> configration = null
)
{
var command = new UpdatePageDirectoryAccessRuleSetCommand()
{
PageDirectoryId = pageDirectoryId,
ViolationAction = AccessRuleViolationAction.Error
};
command.AccessRules.AddNew(userAreaCode, roleId);
if (configration != null)
{
configration(command);
}
using var scope = _serviceProvider.CreateScope();
var contentRepository = scope
.ServiceProvider
.GetRequiredService <IAdvancedContentRepository>()
.WithElevatedPermissions();
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(command);
}
public async Task CanAddViolationAction(AccessRuleViolationAction action)
{
var uniqueData = UNIQUE_PREFIX + nameof(CanAddViolationAction) + action.ToString().Substring(0, 2);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var command = new UpdatePageDirectoryAccessRuleSetCommand()
{
PageDirectoryId = directoryId,
ViolationAction = action
};
command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode, app.SeededEntities.TestUserArea2.RoleA.RoleId);
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(command);
var directory = await dbContext
.PageDirectories
.AsNoTracking()
.FilterById(directoryId)
.SingleOrDefaultAsync();
using (new AssertionScope())
{
directory.Should().NotBeNull();
directory.AccessRuleViolationActionId.Should().Be((int)action);
}
}
public async Task CanChangeRole()
{
var uniqueData = UNIQUE_PREFIX + nameof(CanChangeRole);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var userArea1 = app.SeededEntities.TestUserArea1;
var userArea2 = app.SeededEntities.TestUserArea2;
var command = new UpdatePageDirectoryAccessRuleSetCommand()
{
PageDirectoryId = directoryId,
UserAreaCodeForSignInRedirect = userArea1.UserAreaCode
};
command.AccessRules.AddNew(userArea1.UserAreaCode, userArea1.RoleA.RoleId);
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(command);
var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageDirectoryAccessRuleSetCommand>(directoryId));
updateCommand.UserAreaCodeForSignInRedirect = userArea2.UserAreaCode;
var roleAccessRuleCommand = updateCommand.AccessRules.Single();
roleAccessRuleCommand.UserAreaCode = userArea2.UserAreaCode;
roleAccessRuleCommand.RoleId = userArea2.RoleA.RoleId;
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(updateCommand);
var directory = await dbContext
.PageDirectories
.AsNoTracking()
.Include(p => p.AccessRules)
.FilterById(directoryId)
.SingleOrDefaultAsync();
using (new AssertionScope())
{
directory.Should().NotBeNull();
directory.UserAreaCodeForSignInRedirect.Should().Be(updateCommand.UserAreaCodeForSignInRedirect);
var userAreaAccessRule = directory.AccessRules.Single();
userAreaAccessRule.Should().NotBeNull();
userAreaAccessRule.UserAreaCode.Should().Be(roleAccessRuleCommand.UserAreaCode);
userAreaAccessRule.RoleId.Should().Be(roleAccessRuleCommand.RoleId);
}
}
public async Task CanUpdateWithSameData()
{
var uniqueData = UNIQUE_PREFIX + nameof(CanUpdateWithSameData);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var userArea = app.SeededEntities.TestUserArea1;
var command = new UpdatePageDirectoryAccessRuleSetCommand()
{
PageDirectoryId = directoryId,
UserAreaCodeForSignInRedirect = userArea.UserAreaCode,
ViolationAction = AccessRuleViolationAction.NotFound
};
command.AccessRules.AddNew(userArea.UserAreaCode);
command.AccessRules.AddNew(userArea.UserAreaCode, userArea.RoleA.RoleId);
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(command);
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(command);
var directory = await dbContext
.PageDirectories
.AsNoTracking()
.Include(p => p.AccessRules)
.FilterById(directoryId)
.SingleOrDefaultAsync();
using (new AssertionScope())
{
directory.Should().NotBeNull();
directory.AccessRuleViolationActionId.Should().Be((int)command.ViolationAction);
directory.UserAreaCodeForSignInRedirect.Should().Be(command.UserAreaCodeForSignInRedirect);
var userAreaAccessRule = directory.AccessRules.Single(a => !a.RoleId.HasValue);
userAreaAccessRule.Should().NotBeNull();
var roleAccessArea = directory.AccessRules.Single(a => a.RoleId.HasValue);
roleAccessArea.Should().NotBeNull();
roleAccessArea.UserAreaCode.Should().Be(userArea.UserAreaCode);
}
}
public async Task CanChangeViolationAction()
{
var uniqueData = UNIQUE_PREFIX + nameof(CanChangeViolationAction);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var command = new UpdatePageDirectoryAccessRuleSetCommand()
{
PageDirectoryId = directoryId,
ViolationAction = AccessRuleViolationAction.Error
};
command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode);
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(command);
var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageDirectoryAccessRuleSetCommand>(directoryId));
updateCommand.ViolationAction = AccessRuleViolationAction.NotFound;
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(updateCommand);
var directory = await dbContext
.PageDirectories
.AsNoTracking()
.Include(p => p.AccessRules)
.FilterById(directoryId)
.SingleOrDefaultAsync();
using (new AssertionScope())
{
directory.Should().NotBeNull();
directory.UserAreaCodeForSignInRedirect.Should().BeNull();
directory.AccessRuleViolationActionId.Should().Be((int)updateCommand.ViolationAction);
directory.AccessRules.Should().HaveCount(1);
}
}
public async Task CanDelete()
{
var uniqueData = UNIQUE_PREFIX + nameof(CanDelete);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var command = new UpdatePageDirectoryAccessRuleSetCommand()
{
PageDirectoryId = directoryId
};
command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId);
command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode);
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(command);
var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageDirectoryAccessRuleSetCommand>(directoryId));
var accessRuleCommand = updateCommand.AccessRules.Single(r => r.RoleId == app.SeededEntities.TestUserArea1.RoleA.RoleId);
updateCommand.AccessRules.Remove(accessRuleCommand);
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(updateCommand);
var accessRules = await dbContext
.PageDirectoryAccessRules
.AsNoTracking()
.FilterByPageDirectoryId(directoryId)
.ToListAsync();
using (new AssertionScope())
{
accessRules.Should().HaveCount(1);
var accessRule = accessRules.Single();
accessRule.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea2.UserAreaCode);
accessRule.RoleId.Should().BeNull();
}
}
public async Task WithUserArea_CanAdd()
{
var uniqueData = UNIQUE_PREFIX + nameof(WithUserArea_CanAdd);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var command = new UpdatePageDirectoryAccessRuleSetCommand()
{
PageDirectoryId = directoryId
};
command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode);
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(command);
var accessRules = await dbContext
.PageDirectoryAccessRules
.AsNoTracking()
.FilterByPageDirectoryId(directoryId)
.ToListAsync();
using (new AssertionScope())
{
accessRules.Should().HaveCount(1);
var accessRule = accessRules.Single();
accessRule.CreateDate.Should().NotBeDefault();
accessRule.CreatorId.Should().BePositive();
accessRule.PageDirectoryAccessRuleId.Should().BePositive();
accessRule.PageDirectoryId.Should().Be(directoryId);
accessRule.RoleId.Should().BeNull();
accessRule.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea1.UserAreaCode);
}
}
public async Task WhenRoleNotInUserArea_Throws()
{
var uniqueData = UNIQUE_PREFIX + nameof(WhenRoleNotInUserArea_Throws);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var command = new UpdatePageDirectoryAccessRuleSetCommand()
{
PageDirectoryId = directoryId,
};
command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId);
await contentRepository
.Awaiting(r => r.PageDirectories().AccessRules().UpdateAsync(command))
.Should()
.ThrowAsync <ValidationException>()
.WithMemberNames("RoleId");
}
public async Task WhenUpdated_SendsMessage()
{
var uniqueData = UNIQUE_PREFIX + nameof(WhenUpdated_SendsMessage);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var command = new UpdatePageDirectoryAccessRuleSetCommand()
{
PageDirectoryId = directoryId
};
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(command);
app.Mocks
.CountMessagesPublished <PageDirectoryAccessRulesUpdatedMessage>(m => m.PageDirectoryId == directoryId)
.Should().Be(1);
}
public Task UpdateAsync(UpdatePageDirectoryAccessRuleSetCommand command)
{
return(ExtendableContentRepository.ExecuteCommandAsync(command));
}
public async Task MapsAccessRules()
{
var uniqueData = UNIQUE_PREFIX + nameof(MapsAccessRules);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var directory1Id = await app.TestData.PageDirectories().AddAsync(uniqueData);
var directory2Id = await app.TestData.PageDirectories().AddAsync(uniqueData, directory1Id);
await app.TestData.PageDirectories().AddAccessRuleAsync(
directory1Id,
app.SeededEntities.TestUserArea1.UserAreaCode,
null,
c => c.ViolationAction = AccessRuleViolationAction.Error
);
var addRuleToDirectory2Command = new UpdatePageDirectoryAccessRuleSetCommand()
{
PageDirectoryId = directory2Id,
ViolationAction = AccessRuleViolationAction.NotFound,
UserAreaCodeForSignInRedirect = app.SeededEntities.TestUserArea2.UserAreaCode
};
addRuleToDirectory2Command
.AccessRules
.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId)
.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode);
await contentRepository
.PageDirectories()
.AccessRules()
.UpdateAsync(addRuleToDirectory2Command);
var allDirectories = await contentRepository
.PageDirectories()
.GetAll()
.AsRoutes()
.ExecuteAsync();
var directory = allDirectories.SingleOrDefault(d => d.PageDirectoryId == directory2Id);
using (new AssertionScope())
{
directory.Should().NotBeNull();
directory.AccessRuleSets.Should().NotBeNull().And.HaveCount(2);
var directory1RuleSet = directory.AccessRuleSets.Skip(1).FirstOrDefault();
directory1RuleSet.Should().NotBeNull();
directory1RuleSet.AccessRules.Should().HaveCount(1);
directory1RuleSet.ViolationAction.Should().Be(AccessRuleViolationAction.Error);
directory1RuleSet.AccessRules.Should().NotBeNull();
directory1RuleSet.UserAreaCodeForSignInRedirect.Should().BeNull();
var rule1 = directory1RuleSet.AccessRules.FirstOrDefault();
rule1.Should().NotBeNull();
rule1.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea1.UserAreaCode);
rule1.RoleId.Should().BeNull();
var directory2RuleSet = directory.AccessRuleSets.FirstOrDefault();
directory2RuleSet.Should().NotBeNull();
directory2RuleSet.AccessRules.Should().HaveCount(2);
directory2RuleSet.ViolationAction.Should().Be(addRuleToDirectory2Command.ViolationAction);
directory2RuleSet.AccessRules.Should().NotBeNull();
directory2RuleSet.UserAreaCodeForSignInRedirect.Should().Be(addRuleToDirectory2Command.UserAreaCodeForSignInRedirect);
var rule2A = directory2RuleSet.AccessRules.FirstOrDefault();
rule2A.Should().NotBeNull();
rule2A.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea1.UserAreaCode);
rule2A.RoleId.Should().Be(app.SeededEntities.TestUserArea1.RoleA.RoleId);
var rule2B = directory2RuleSet.AccessRules.Skip(1).FirstOrDefault();
rule2B.Should().NotBeNull();
rule2B.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea2.UserAreaCode);
rule2B.RoleId.Should().BeNull();
}
}
