public void GivenOrderItem_WhenObjectStateIsFinished_ThenItemMayNotBeCancelledOrRejectedOrDeleted()
{
var administrator = new PersonBuilder(this.Session).WithFirstName("Koen").WithUserName("admin").Build();
var administrators = new UserGroups(this.Session).Administrators;
administrators.AddMember(administrator);
this.Session.Derive();
this.Session.Commit();
this.InstantiateObjects(this.Session);
this.SetIdentity("admin");
var item = new PurchaseOrderItemBuilder(this.Session)
.WithPart(this.finishedGood)
.WithQuantityOrdered(3)
.WithActualUnitPrice(5)
.Build();
this.order.AddPurchaseOrderItem(item);
this.Session.Derive();
this.order.PurchaseOrderState = new PurchaseOrderStates(this.Session).Finished;
this.Session.Derive();
Assert.Equal(new PurchaseOrderItemStates(this.Session).Finished, item.PurchaseOrderItemState);
var acl = new AccessControlList(item, this.Session.GetUser());
Assert.False(acl.CanExecute(M.PurchaseOrderItem.Cancel));
Assert.False(acl.CanExecute(M.PurchaseOrderItem.Reject));
Assert.False(acl.CanExecute(M.PurchaseOrderItem.Delete));
}
public void GivenPurchaseOrder_WhenObjectStateIsApproved_ThenCheckTransitions()
{
this.SetIdentity("orderProcessor");
var supplier = new OrganisationBuilder(this.Session).WithName("customer2").Build();
var internalOrganisation = this.InternalOrganisation;
new SupplierRelationshipBuilder(this.Session).WithSupplier(supplier).Build();
var order = new PurchaseOrderBuilder(this.Session)
.WithTakenViaSupplier(supplier)
.Build();
order.Confirm();
this.Session.Derive();
order.Approve();
this.Session.Derive();
Assert.Equal(new PurchaseOrderStates(this.Session).RequestsApproval, order.PurchaseOrderState);
var acl = new AccessControlList(order, this.Session.GetUser());
Assert.False(acl.CanExecute(M.PurchaseOrder.Confirm));
Assert.False(acl.CanExecute(M.PurchaseOrder.Reject));
Assert.False(acl.CanExecute(M.PurchaseOrder.Approve));
Assert.False(acl.CanExecute(M.PurchaseOrder.Continue));
}
public void GivenOrderItem_WhenObjectStateIsCompleted_ThenItemMayNotBeCancelledOrRejectedOrDeleted()
{
var administrator = new PersonBuilder(this.Session).WithFirstName("Koen").WithUserName("admin").Build();
var administrators = new UserGroups(this.Session).Administrators;
administrators.AddMember(administrator);
this.Session.Derive();
this.Session.Commit();
this.InstantiateObjects(this.Session);
this.SetIdentity("admin");
var item = new PurchaseOrderItemBuilder(this.Session)
.WithPart(this.finishedGood)
.WithQuantityOrdered(3)
.WithActualUnitPrice(5)
.Build();
this.order.AddPurchaseOrderItem(item);
this.order.Confirm();
this.Session.Derive();
var shipment = new PurchaseShipmentBuilder(this.Session).WithShipFromParty(this.supplier).WithShipmentMethod(new ShipmentMethods(this.Session).Ground).Build();
var shipmentItem = new ShipmentItemBuilder(this.Session).WithPart(this.finishedGood).Build();
shipment.AddShipmentItem(shipmentItem);
new ShipmentReceiptBuilder(this.Session)
.WithQuantityAccepted(3)
.WithShipmentItem(shipmentItem)
.WithOrderItem(item)
.Build();
this.Session.Derive();
shipment.AppsComplete();
this.Session.Derive();
Assert.Equal(new PurchaseOrderItemStates(this.Session).Completed, item.PurchaseOrderItemState);
var acl = new AccessControlList(item, this.Session.GetUser());
Assert.False(acl.CanExecute(M.PurchaseOrderItem.Cancel));
Assert.False(acl.CanExecute(M.PurchaseOrderItem.Reject));
Assert.False(acl.CanExecute(M.PurchaseOrderItem.Delete));
}
public void GivenPickList_WhenObjectStateIsPicked_ThenCheckTransitions()
{
var store = this.Session.Extent <Store>().First;
store.IsImmediatelyPicked = false;
this.SetIdentity("orderProcessor");
var pickList = new PickListBuilder(this.Session).Build();
this.Session.Derive();
pickList.SetPicked();
this.Session.Derive();
var acl = new AccessControlList(pickList, this.Session.GetUser());
Assert.False(acl.CanExecute(M.PickList.Cancel));
Assert.False(acl.CanExecute(M.PickList.SetPicked));
}
public void GivenSalesOrder_WhenObjectStateIsRejected_ThenCheckTransitions()
{
var customer = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("customer").Build();
var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customer", "Forms"), new string[0]);
var order = new SalesOrderBuilder(this.DatabaseSession)
.WithBillToCustomer(customer)
.WithShipToCustomer(customer)
.WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
.Build();
this.DatabaseSession.Derive(true);
order.Reject();
this.DatabaseSession.Derive(true);
Assert.AreEqual(new SalesOrderObjectStates(this.DatabaseSession).Rejected, order.CurrentObjectState);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Confirm));
Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Cancel));
Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Reject));
Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Approve));
Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Continue));
Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Hold));
}
public void GivenSalesOrder_WhenCustomerChangesValue_ThenAccessPreviousCustomerIsDenied()
{
var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var customerContact1 = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact1").WithLastName("customercontact1").Build();
var customerContact2 = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact2").WithLastName("customercontact2").Build();
var employee = new PersonBuilder(this.DatabaseSession).WithUserName("employee").WithLastName("employee").Build();
var customer1 = new OrganisationBuilder(this.DatabaseSession).WithName("customer1").Build();
var customer2 = new OrganisationBuilder(this.DatabaseSession).WithName("customer2").Build();
new CustomerRelationshipBuilder(this.DatabaseSession)
.WithCustomer(customer1)
.WithInternalOrganisation(internalOrganisation)
.WithFromDate(DateTime.UtcNow)
.Build();
new CustomerRelationshipBuilder(this.DatabaseSession)
.WithCustomer(customer2)
.WithInternalOrganisation(internalOrganisation)
.WithFromDate(DateTime.UtcNow)
.Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact1).WithOrganisation(customer1).WithFromDate(DateTime.UtcNow).Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact2).WithOrganisation(customer2).WithFromDate(DateTime.UtcNow).Build();
new EmploymentBuilder(this.DatabaseSession)
.WithEmployee(employee)
.WithEmployer(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("employee", "Forms"), new string[0]);
var order = new SalesOrderBuilder(this.DatabaseSession)
.WithTakenByInternalOrganisation(internalOrganisation)
.WithShipToCustomer(customer1)
.WithBillToCustomer(customer1)
.WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact1", "Forms"), new string[0]);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
order.BillToCustomer = customer2;
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact1", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
order.ShipToCustomer = customer2;
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact1", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
}
public void GivenSalesInvoice_WhenObjectStateIsWrittenOff_ThenCheckTransitions()
{
var customer = new OrganisationBuilder(this.DatabaseSession).WithName("customer").Build();
var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
.WithAddress1("Haverwerf 15")
.WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
.WithLocality("Mechelen")
.WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
.Build())
.Build();
var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("administrator").Build();
var administrators = new UserGroups(this.DatabaseSession).Administrators;
administrators.AddMember(administrator);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("administrator", "Forms"), new string[0]);
var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
.WithInvoiceNumber("1")
.WithBillToCustomer(customer)
.WithBillToContactMechanism(contactMechanism)
.WithSalesInvoiceType(new SalesInvoiceTypes(this.DatabaseSession).SalesInvoice)
.WithBilledFromInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.Build();
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation).Build();
invoice.Send();
invoice.WriteOff();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanExecute(SalesInvoices.Meta.Send));
Assert.IsFalse(acl.CanExecute(SalesInvoices.Meta.WriteOff));
Assert.IsFalse(acl.CanExecute(SalesInvoices.Meta.CancelInvoice));
}
public void GivenOrderItem_WhenObjectStateIsPartiallyShipped_ThenItemMayNotBeCancelledOrRejectedOrDeleted()
{
var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
var administrators = new UserGroups(this.DatabaseSession).Administrators;
administrators.AddMember(administrator);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
this.InstantiateObjects(this.DatabaseSession);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);
var inventoryItem = (NonSerializedInventoryItem)this.part.InventoryItemsWherePart[0];
inventoryItem.AddInventoryItemVariance(new InventoryItemVarianceBuilder(this.DatabaseSession).WithQuantity(1).WithReason(new VarianceReasons(this.DatabaseSession).Unknown).Build());
this.DatabaseSession.Derive(true);
var item = new SalesOrderItemBuilder(this.DatabaseSession)
.WithProduct(this.good)
.WithQuantityOrdered(3)
.WithActualUnitPrice(5)
.Build();
this.order.AddSalesOrderItem(item);
this.DatabaseSession.Derive(true);
this.order.Confirm();
this.DatabaseSession.Derive(true);
var shipment = (CustomerShipment)this.order.ShipToAddress.ShipmentsWhereShipToAddress[0];
var pickList = shipment.ShipmentItems[0].ItemIssuancesWhereShipmentItem[0].PickListItem.PickListWherePickListItem;
pickList.Picker = new Persons(this.DatabaseSession).FindBy(Persons.Meta.LastName, "orderProcessor");
pickList.SetPicked();
this.DatabaseSession.Derive(true);
var package = new ShipmentPackageBuilder(this.DatabaseSession).Build();
shipment.AddShipmentPackage(package);
foreach (ShipmentItem shipmentItem in shipment.ShipmentItems)
{
package.AddPackagingContent(new PackagingContentBuilder(this.DatabaseSession).WithShipmentItem(shipmentItem).WithQuantity(shipmentItem.Quantity).Build());
}
this.DatabaseSession.Derive(true);
shipment.Ship();
this.DatabaseSession.Derive(true);
Assert.AreEqual(new SalesOrderItemObjectStates(this.DatabaseSession).PartiallyShipped, item.CurrentObjectState);
var acl = new AccessControlList(item, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanExecute(SalesOrderItems.Meta.Cancel));
Assert.IsFalse(acl.CanExecute(SalesOrderItems.Meta.Reject));
Assert.IsFalse(acl.CanExecute(SalesOrderItems.Meta.Delete));
}
public void GivenPurchaseOrder_WhenTakenViaSupplierChangesValue_ThenAccessPreviousSupplierIsDenied()
{
var supplierContact = new PersonBuilder(this.DatabaseSession).WithUserName("suppliercontact").WithLastName("suppliercontact").Build();
var supplierContact2 = new PersonBuilder(this.DatabaseSession).WithUserName("suppliercontact2").WithLastName("suppliercontact2").Build();
var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
var supplier2 = new OrganisationBuilder(this.DatabaseSession).WithName("supplier2").Build();
new SupplierRelationshipBuilder(this.DatabaseSession)
.WithSupplier(supplier)
.WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
new SupplierRelationshipBuilder(this.DatabaseSession)
.WithSupplier(supplier2)
.WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(supplierContact).WithOrganisation(supplier).WithFromDate(DateTime.UtcNow).Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(supplierContact2).WithOrganisation(supplier2).WithFromDate(DateTime.UtcNow).Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);
var order = new PurchaseOrderBuilder(this.DatabaseSession)
.WithTakenViaSupplier(supplier)
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact", "Forms"), new string[0]);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanWrite(PurchaseOrders.Meta.OrderDate));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderDate));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderNumber));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.TotalExVat));
Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
order.TakenViaSupplier = supplier2;
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanWrite(PurchaseOrders.Meta.OrderDate));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderDate));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderNumber));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.TotalExVat));
Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Confirm));
}
public void GivenSalesInvoiceCreatedBySalesRep_WhenCurrentUserInAnotherSalesRepUserGroup_ThenAccessIsDenied()
{
var salesRep2 = new PersonBuilder(this.DatabaseSession).WithUserName("salesRep2").WithLastName("salesRep2").Build();
var customer2 = new OrganisationBuilder(this.DatabaseSession).WithName("customer").Build();
var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
.WithAddress1("Haverwerf 15")
.WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
.WithLocality("Mechelen")
.WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
.Build())
.Build();
var belgium = new Countries(this.DatabaseSession).CountryByIsoCode["BE"];
var euro = belgium.Currency;
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var mechelenAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
var billToMechelen = new PartyContactMechanismBuilder(this.DatabaseSession)
.WithContactMechanism(mechelenAddress)
.WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).BillingAddress)
.WithUseAsDefault(true)
.Build();
var bank = new BankBuilder(this.DatabaseSession).WithCountry(belgium).WithName("ING België").WithBic("BBRUBEBB").Build();
var ownBankAccount = new OwnBankAccountBuilder(this.DatabaseSession)
.WithDescription("BE23 3300 6167 6391")
.WithBankAccount(new BankAccountBuilder(this.DatabaseSession).WithBank(bank).WithCurrency(euro).WithIban("BE23 3300 6167 6391").WithNameOnAccount("Koen").Build())
.Build();
var internalOrganisation2 = new InternalOrganisationBuilder(this.DatabaseSession)
.WithName("internalOrganisation2")
.WithLocale(new Locales(this.DatabaseSession).EnglishGreatBritain)
.WithEmployeeRole(new Roles(this.DatabaseSession).Administrator)
.WithEmployeeRole(new Roles(this.DatabaseSession).Sales)
.WithDefaultPaymentMethod(ownBankAccount)
.WithPreferredCurrency(euro)
.WithPartyContactMechanism(billToMechelen)
.Build();
var facility = new WarehouseBuilder(this.DatabaseSession).WithName("facility").WithOwner(internalOrganisation2).Build();
internalOrganisation2.DefaultFacility = facility;
new StoreBuilder(this.DatabaseSession)
.WithName("store")
.WithDefaultFacility(facility)
.WithOwner(internalOrganisation2)
.WithDefaultShipmentMethod(new ShipmentMethods(this.DatabaseSession).Ground)
.WithDefaultCarrier(new Carriers(this.DatabaseSession).Fedex)
.WithCreditLimit(500)
.WithPaymentGracePeriod(10)
.Build();
new EmploymentBuilder(this.DatabaseSession).WithEmployee(salesRep2).WithEmployer(internalOrganisation2).WithFromDate(DateTime.UtcNow).Build();
new CustomerRelationshipBuilder(this.DatabaseSession)
.WithCustomer(customer2)
.WithInternalOrganisation(internalOrganisation2)
.WithFromDate(DateTime.UtcNow)
.Build();
new SalesRepRelationshipBuilder(this.DatabaseSession)
.WithSalesRepresentative(salesRep2)
.WithCustomer(customer2)
.WithInternalOrganisation(internalOrganisation2)
.WithFromDate(DateTime.UtcNow)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep2", "Forms"), new string[0]);
var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
.WithBilledFromInternalOrganisation(internalOrganisation2)
.WithBillToCustomer(customer2)
.WithBillToContactMechanism(contactMechanism)
.Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesInvoices.Meta.Send));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
}
public void GivenSalesOrderCreatedBySalesRep_WhenCurrentUserInSameSalesRepUserGroup_ThenAccessIsGranted()
{
var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").WithUserName("customer").Build();
var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var salesrep2 = new PersonBuilder(this.DatabaseSession).WithLastName("salesRep2").WithUserName("salesRep2").Build();
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(salesrep2)
.WithEmployer(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.Build();
new SalesRepRelationshipBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithCustomer(customer)
.WithSalesRepresentative(salesrep2)
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
var order = new SalesOrderBuilder(this.DatabaseSession)
.WithBillToCustomer(customer)
.WithShipToCustomer(customer)
.WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
.Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
}
public void GivenCustomerShipmentCreatedByOrderProcessor_WhenCurrentUserIsCustomerContact_ThenReadAccessIsGranted()
{
var customerContact = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact").WithLastName("customercontact").Build();
var employee = new PersonBuilder(this.DatabaseSession).WithUserName("employee").WithLastName("employee").Build();
var customer = new OrganisationBuilder(this.DatabaseSession).WithName("customer").Build();
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var shipToAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
new CustomerRelationshipBuilder(this.DatabaseSession)
.WithCustomer(customer)
.WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact).WithOrganisation(customer).WithFromDate(DateTime.UtcNow).Build();
new EmploymentBuilder(this.DatabaseSession)
.WithEmployee(employee)
.WithEmployer(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
var shipment = new CustomerShipmentBuilder(this.DatabaseSession)
.WithShipToParty(customer)
.WithShipToAddress(shipToAddress)
.WithShipmentMethod(new ShipmentMethods(this.DatabaseSession).Boat)
.Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanExecute(CustomerShipments.Meta.Cancel));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact", "Forms"), new string[0]);
acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
Assert.IsFalse(acl.CanExecute(CustomerShipments.Meta.Cancel));
}
public void GivenCustomerShipmentCreatedByOrderProcessor_WhenCurrentUserInSameOrderProcessorUserGroup_ThenAccessIsGranted()
{
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var orderProcessor2 = new PersonBuilder(this.DatabaseSession).WithLastName("orderProcessor2").WithUserName("orderProcessor2").Build();
var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
var shipToAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
var usergroups = internalOrganisation.UserGroupsWhereParty;
var orderProcessorUserGroup = usergroups.First;
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(orderProcessor2)
.WithEmployer(internalOrganisation)
.Build();
orderProcessorUserGroup.AddMember(orderProcessor2);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").Build();
var shipment = new CustomerShipmentBuilder(this.DatabaseSession)
.WithShipToParty(customer)
.WithShipToAddress(shipToAddress)
.WithShipmentMethod(new ShipmentMethods(this.DatabaseSession).Boat)
.Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanExecute(CustomerShipments.Meta.Cancel));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor2", "Forms"), new string[0]);
acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanExecute(CustomerShipments.Meta.Cancel));
}
public void GivenCustomerShipment_WhenObjectStateIsShipped_ThenCheckTransitions()
{
var assessable = new VatRegimes(this.DatabaseSession).Assessable;
var vatRate21 = new VatRateBuilder(this.DatabaseSession).WithRate(0).Build();
assessable.VatRate = vatRate21;
var good1 = new GoodBuilder(this.DatabaseSession)
.WithSku("10101")
.WithVatRate(vatRate21)
.WithName("good1")
.WithInventoryItemKind(new InventoryItemKinds(this.DatabaseSession).NonSerialized)
.WithUnitOfMeasure(new UnitsOfMeasure(this.DatabaseSession).Piece)
.Build();
var inventoryItem = new NonSerializedInventoryItemBuilder(this.DatabaseSession).WithGood(good1).Build();
inventoryItem.AddInventoryItemVariance(new InventoryItemVarianceBuilder(this.DatabaseSession).WithQuantity(100).WithReason(new VarianceReasons(this.DatabaseSession).Ruined).Build());
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var mechelenAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
var shipToMechelen = new PartyContactMechanismBuilder(this.DatabaseSession)
.WithContactMechanism(mechelenAddress)
.WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).ShippingAddress)
.WithUseAsDefault(true)
.Build();
var billToMechelen = new PartyContactMechanismBuilder(this.DatabaseSession)
.WithContactMechanism(mechelenAddress)
.WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).BillingAddress)
.WithUseAsDefault(true)
.Build();
var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").WithPartyContactMechanism(shipToMechelen).WithPartyContactMechanism(billToMechelen).Build();
var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();
this.DatabaseSession.Derive(true);
var order = new SalesOrderBuilder(this.DatabaseSession)
.WithBillToCustomer(customer)
.WithShipToCustomer(customer)
.WithVatRegime(assessable)
.Build();
var item1 = new SalesOrderItemBuilder(this.DatabaseSession).WithProduct(good1).WithQuantityOrdered(1).WithActualUnitPrice(15).Build();
order.AddSalesOrderItem(item1);
this.DatabaseSession.Derive(true);
order.Confirm();
this.DatabaseSession.Derive(true);
var shipment = (CustomerShipment)item1.OrderShipmentsWhereSalesOrderItem[0].ShipmentItem.ShipmentWhereShipmentItem;
var pickList = shipment.ShipmentItems[0].ItemIssuancesWhereShipmentItem[0].PickListItem.PickListWherePickListItem;
pickList.Picker = new Persons(this.DatabaseSession).FindBy(Persons.Meta.LastName, "orderProcessor");
pickList.SetPicked();
var package = new ShipmentPackageBuilder(this.DatabaseSession).Build();
shipment.AddShipmentPackage(package);
foreach (ShipmentItem shipmentItem in shipment.ShipmentItems)
{
package.AddPackagingContent(new PackagingContentBuilder(this.DatabaseSession).WithShipmentItem(shipmentItem).WithQuantity(shipmentItem.Quantity).Build());
}
this.DatabaseSession.Derive(true);
shipment.Ship();
var acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
Assert.AreEqual(new CustomerShipmentObjectStates(this.DatabaseSession).Shipped, shipment.CurrentObjectState);
Assert.IsFalse(acl.CanExecute(CustomerShipments.Meta.Cancel));
Assert.IsFalse(acl.CanWrite(CustomerShipments.Meta.HandlingInstruction));
}
public void GivenCustomerShipment_WhenObjectStateIsCreated_ThenCheckTransitions()
{
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var shipToAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").Build();
var shipment = new CustomerShipmentBuilder(this.DatabaseSession)
.WithShipToParty(customer)
.WithShipToAddress(shipToAddress)
.WithShipmentMethod(new ShipmentMethods(this.DatabaseSession).Ground)
.Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanExecute(CustomerShipments.Meta.Cancel));
}
public void GivenSalesInvoice_WhenBillToCustomerChangesValue_ThenAccessPreviousCustomerIsDenied()
{
var customer = new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer");
var customer2 = new OrganisationBuilder(this.DatabaseSession).WithName("customer2").Build();
var customerContact = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact").WithLastName("customercontact").Build();
var customerContact2 = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact2").WithLastName("customercontact2").Build();
var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
.WithAddress1("Haverwerf 15")
.WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
.WithLocality("Mechelen")
.WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
.Build())
.Build();
new CustomerRelationshipBuilder(this.DatabaseSession)
.WithCustomer(customer2)
.WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow.Date)
.Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact).WithOrganisation(customer).WithFromDate(DateTime.UtcNow).Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact2).WithOrganisation(customer2).WithFromDate(DateTime.UtcNow).Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
.WithBillToCustomer(customer)
.WithBillToContactMechanism(contactMechanism)
.WithBilledFromInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact", "Forms"), new string[0]);
var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanWrite(SalesInvoices.Meta.InvoiceDate));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceDate));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceNumber));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.TotalExVat));
Assert.IsFalse(acl.CanExecute(SalesInvoices.Meta.Send));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
invoice.BillToCustomer = customer2;
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact", "Forms"), new string[0]);
acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanWrite(SalesInvoices.Meta.InvoiceDate));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceDate));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceNumber));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.TotalExVat));
Assert.IsFalse(acl.CanExecute(SalesInvoices.Meta.Send));
}
public void GivenSalesInvoiceCreatedBySalesRep_WhenCurrentUserInSameSalesRepUserGroup_ThenAccessIsGranted()
{
var customer = new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer");
var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
.WithAddress1("Haverwerf 15")
.WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
.WithLocality("Mechelen")
.WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
.Build())
.Build();
var salesRep2 = new PersonBuilder(this.DatabaseSession).WithUserName("salesRep2").WithLastName("salesRep2").Build();
new EmploymentBuilder(this.DatabaseSession)
.WithEmployee(salesRep2)
.WithEmployer(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
new SalesRepRelationshipBuilder(this.DatabaseSession)
.WithSalesRepresentative(salesRep2)
.WithCustomer(customer)
.WithFromDate(DateTime.UtcNow)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
.WithBilledFromInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithBillToCustomer(customer)
.WithBillToContactMechanism(contactMechanism)
.Build();
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation).Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesInvoices.Meta.Send));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep2", "Forms"), new string[0]);
acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesInvoices.Meta.Send));
}
public void GivenSalesOrderCreatedByCustomer_WhenCurrentUserInAdministratorRole_ThenAccessIsGranted()
{
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").WithUserName("customer").Build();
var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();
var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
var administrators = new UserGroups(this.DatabaseSession).Administrators;
administrators.AddMember(administrator);
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customer", "Forms"), new string[0]);
var order = new SalesOrderBuilder(this.DatabaseSession)
.WithBillToCustomer(customer)
.WithShipToCustomer(customer)
.WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
}
public void GivenSalesOrderCreatedByCustomer_WhenCurrentUserIsSalesRepOfOrganisationThatTakesTheOrder_ThenAccessIsGranted()
{
var customer = new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer");
var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var customerContact = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("customerContact").Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession)
.WithContact(customerContact)
.WithOrganisation(new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer"))
.Build();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customerContact", "Forms"), new string[0]);
var order = new SalesOrderBuilder(this.DatabaseSession)
.WithTakenByInternalOrganisation(internalOrganisation)
.WithBillToCustomer(customer)
.WithShipToCustomer(customer)
.WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
}
public void GivenPurchaseOrderCreatedByProcurementLevel1Role_WhenCurrentUserInAdministratorRole_ThenAccessIsGranted()
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);
var order = new PurchaseOrderBuilder(this.DatabaseSession).Build();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("administrator", "Forms"), new string[0]);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));
}
public void GivenPurchaseOrderCreatedByProcurementLevel1Role_WhenCurrentUserInSameProcurementLevel1RoleUserGroup_ThenAccessIsGranted()
{
var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
new SupplierRelationshipBuilder(this.DatabaseSession).WithSupplier(supplier).WithInternalOrganisation(internalOrganisation).Build();
var purchaser2 = new PersonBuilder(this.DatabaseSession).WithLastName("purchaser2").WithUserName("purchaser2").Build();
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(purchaser2)
.WithEmployer(internalOrganisation)
.Build();
var usergroups = internalOrganisation.UserGroupsWhereParty;
var userGroup = usergroups.First;
userGroup.AddMember(purchaser2);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);
var order = new PurchaseOrderBuilder(this.DatabaseSession).WithTakenViaSupplier(supplier).Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));
}
public void GivenSalesInvoiceCreatedBySalesRep_WhenCurrentUserInAdministratorRole_ThenAccessIsGranted()
{
var customer = new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer");
var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
.WithAddress1("Haverwerf 15")
.WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
.WithLocality("Mechelen")
.WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
.Build())
.Build();
var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
var administrators = new UserGroups(this.DatabaseSession).Administrators;
administrators.AddMember(administrator);
this.DatabaseSession.Derive(true);
var supplierContact = new PersonBuilder(this.DatabaseSession).WithUserName("suppliercontact").WithLastName("suppliercontact").Build();
var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
new SupplierRelationshipBuilder(this.DatabaseSession)
.WithSupplier(supplier)
.WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(supplierContact).WithOrganisation(supplier).WithFromDate(DateTime.UtcNow).Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
.WithInvoiceNumber("1")
.WithBillToCustomer(customer)
.WithBillToContactMechanism(contactMechanism)
.WithSalesInvoiceType(new SalesInvoiceTypes(this.DatabaseSession).SalesInvoice)
.WithBilledFromInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.Build();
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation).Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);
var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesInvoices.Meta.Send));
}
public void GivenPurchaseOrderCreatedByProcurementLevel1Role_WhenCurrentUserInAnotherProcurementLevel1RoleUserGroup_ThenAccessIsDenied()
{
var belgium = new Countries(this.DatabaseSession).CountryByIsoCode["BE"];
var euro = belgium.Currency;
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var mechelenAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
var billToMechelen = new PartyContactMechanismBuilder(this.DatabaseSession)
.WithContactMechanism(mechelenAddress)
.WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).BillingAddress)
.WithUseAsDefault(true)
.Build();
var bank = new BankBuilder(this.DatabaseSession).WithCountry(belgium).WithName("ING België").WithBic("BBRUBEBB").Build();
var ownBankAccount = new OwnBankAccountBuilder(this.DatabaseSession)
.WithDescription("BE23 3300 6167 6391")
.WithBankAccount(new BankAccountBuilder(this.DatabaseSession).WithBank(bank).WithCurrency(euro).WithIban("BE23 3300 6167 6391").WithNameOnAccount("Koen").Build())
.Build();
var purchaser2 = new PersonBuilder(this.DatabaseSession).WithLastName("purchaser2").WithUserName("purchaser2").Build();
var internalOrganisation = new InternalOrganisationBuilder(this.DatabaseSession)
.WithName("new internalOrganisation")
.WithLocale(Singleton.Instance(this.DatabaseSession).DefaultLocale)
.WithEmployeeRole(new Roles(this.DatabaseSession).Administrator)
.WithDefaultPaymentMethod(ownBankAccount)
.WithPreferredCurrency(euro)
.WithPartyContactMechanism(billToMechelen)
.Build();
var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
new SupplierRelationshipBuilder(this.DatabaseSession).WithSupplier(supplier).WithInternalOrganisation(internalOrganisation).Build();
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(purchaser2)
.WithEmployer(internalOrganisation)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);
var order = new PurchaseOrderBuilder(this.DatabaseSession).WithTakenViaSupplier(supplier).WithShipToBuyer(internalOrganisation).Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
}
public void GivenPickListCreatedByOrderProcessor_WhenCurrentUserInAnotherOrderProcessorUserGroup_ThenAccessIsDenied()
{
var belgium = new Countries(this.DatabaseSession).CountryByIsoCode["BE"];
var euro = belgium.Currency;
var bank = new BankBuilder(this.DatabaseSession).WithCountry(belgium).WithName("ING België").WithBic("BBRUBEBB").Build();
var ownBankAccount = new OwnBankAccountBuilder(this.DatabaseSession)
.WithDescription("own account")
.WithBankAccount(new BankAccountBuilder(this.DatabaseSession).WithBank(bank).WithCurrency(euro).WithIban("BE23 3300 6167 6391").WithNameOnAccount("Koen").Build())
.Build();
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var address1 = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
var billingAddress = new PartyContactMechanismBuilder(this.DatabaseSession)
.WithContactMechanism(address1)
.WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).BillingAddress)
.WithUseAsDefault(true)
.Build();
var orderProcessor2 = new PersonBuilder(this.DatabaseSession).WithLastName("orderProcessor2").WithUserName("orderProcessor2").Build();
var internalOrganisation = new InternalOrganisationBuilder(this.DatabaseSession)
.WithName("employer2")
.WithLocale(new Locales(this.DatabaseSession).EnglishGreatBritain)
.WithEmployeeRole(new Roles(this.DatabaseSession).Administrator)
.WithEmployeeRole(new Roles(this.DatabaseSession).Operations)
.WithDefaultPaymentMethod(ownBankAccount)
.WithPreferredCurrency(euro)
.WithPartyContactMechanism(billingAddress)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
var usergroups = internalOrganisation.UserGroupsWhereParty;
usergroups.Filter.AddEquals(UserGroups.Meta.Parent, new Roles(this.DatabaseSession).Operations.UserGroupWhereRole);
var orderProcessorUserGroup = usergroups.First;
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(orderProcessor2)
.WithEmployer(internalOrganisation)
.Build();
orderProcessorUserGroup.AddMember(orderProcessor2);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
var pickList = new PickListBuilder(this.DatabaseSession).Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanRead(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanExecute(PickLists.Meta.Cancel));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor2", "Forms"), new string[0]);
acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
}
public void GivenPurchaseOrder_WhenObjectStateIsOnHold_ThenCheckTransitions()
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
new SupplierRelationshipBuilder(this.DatabaseSession).WithSupplier(supplier).WithInternalOrganisation(internalOrganisation).Build();
var order = new PurchaseOrderBuilder(this.DatabaseSession)
.WithTakenViaSupplier(supplier)
.WithBillToPurchaser(internalOrganisation)
.Build();
order.Confirm();
this.DatabaseSession.Derive(true);
order.Hold();
this.DatabaseSession.Derive(true);
Assert.AreEqual(new PurchaseOrderObjectStates(this.DatabaseSession).OnHold, order.CurrentObjectState);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Cancel));
Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Continue));
Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Confirm));
Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Reject));
Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Approve));
Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Hold));
}
public void GivenPickListCreatedByOrderProcessor_WhenCurrentUserInSameOrderProcessorUserGroup_ThenAccessIsGranted()
{
var orderProcessor2 = new PersonBuilder(this.DatabaseSession).WithLastName("orderProcessor2").WithUserName("orderProcessor2").Build();
var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
var usergroups = internalOrganisation.UserGroupsWhereParty;
usergroups.Filter.AddEquals(UserGroups.Meta.Parent, new Roles(this.DatabaseSession).Operations.UserGroupWhereRole);
var orderProcessorUserGroup = usergroups.First;
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(orderProcessor2)
.WithEmployer(internalOrganisation)
.Build();
orderProcessorUserGroup.AddMember(orderProcessor2);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
var pickList = new PickListBuilder(this.DatabaseSession).Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanRead(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanExecute(PickLists.Meta.Cancel));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor2", "Forms"), new string[0]);
acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanRead(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanExecute(PickLists.Meta.Cancel));
}
public void GivenOrderItem_WhenObjectStateIsRejected_ThenItemMayNotBeCancelledOrRejectedOrDeleted()
{
var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
var administrators = new UserGroups(this.DatabaseSession).Administrators;
administrators.AddMember(administrator);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
this.InstantiateObjects(this.DatabaseSession);
var good = new GoodBuilder(this.DatabaseSession)
.WithSku("10101")
.WithName("good")
.WithUnitOfMeasure(new UnitsOfMeasure(this.DatabaseSession).Piece)
.WithInventoryItemKind(new InventoryItemKinds(this.DatabaseSession).NonSerialized)
.WithVatRate(new VatRates(this.DatabaseSession).FindBy(VatRates.Meta.Rate,21))
.Build();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);
var item = new PurchaseOrderItemBuilder(this.DatabaseSession)
.WithProduct(good)
.WithQuantityOrdered(3)
.WithActualUnitPrice(5)
.Build();
this.order.AddPurchaseOrderItem(item);
this.DatabaseSession.Derive(true);
item.Reject();
this.DatabaseSession.Derive(true);
Assert.AreEqual(new PurchaseOrderItemObjectStates(this.DatabaseSession).Rejected, item.CurrentObjectState);
var acl = new AccessControlList(item, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanExecute(PurchaseOrderItems.Meta.Cancel));
Assert.IsFalse(acl.CanExecute(PurchaseOrderItems.Meta.Reject));
Assert.IsFalse(acl.CanExecute(PurchaseOrderItems.Meta.Delete));
}
public void GivenPickList_WhenObjectStateIsPicked_ThenCheckTransitions()
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
var pickList = new PickListBuilder(this.DatabaseSession).Build();
this.DatabaseSession.Derive(true);
pickList.SetPicked();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanExecute(PickLists.Meta.Cancel));
Assert.IsFalse(acl.CanExecute(PickLists.Meta.SetPicked));
}
public void GivenOrderItem_WhenObjectStateIsRejected_ThenItemMayNotBeCancelledOrRejectedOrDeleted()
{
var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
var administrators = new UserGroups(this.DatabaseSession).Administrators;
administrators.AddMember(administrator);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
this.InstantiateObjects(this.DatabaseSession);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);
var item = new SalesOrderItemBuilder(this.DatabaseSession)
.WithProduct(this.good)
.WithQuantityOrdered(3)
.WithActualUnitPrice(5)
.Build();
this.order.AddSalesOrderItem(item);
this.DatabaseSession.Derive(true);
item.Reject();
this.DatabaseSession.Derive(true);
Assert.AreEqual(new SalesOrderItemObjectStates(this.DatabaseSession).Rejected, item.CurrentObjectState);
var acl = new AccessControlList(item, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanExecute(SalesOrderItems.Meta.Cancel));
Assert.IsFalse(acl.CanExecute(SalesOrderItems.Meta.Reject));
}
public void GivenSalesInvoice_WhenObjectStateIsPartiallyPaid_ThenCheckTransitions()
{
var customer = new OrganisationBuilder(this.DatabaseSession).WithName("customer").Build();
var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
.WithAddress1("Haverwerf 15")
.WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
.WithLocality("Mechelen")
.WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
.Build())
.Build();
var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("administrator").Build();
var administrators = new UserGroups(this.DatabaseSession).Administrators;
administrators.AddMember(administrator);
var good = new GoodBuilder(this.DatabaseSession)
.WithSku("10101")
.WithVatRate(new VatRateBuilder(this.DatabaseSession).WithRate(0).Build())
.WithName("good")
.WithInventoryItemKind(new InventoryItemKinds(this.DatabaseSession).NonSerialized)
.WithUnitOfMeasure(new UnitsOfMeasure(this.DatabaseSession).Piece)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("administrator", "Forms"), new string[0]);
var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
.WithInvoiceNumber("1")
.WithBillToCustomer(customer)
.WithBillToContactMechanism(contactMechanism)
.WithSalesInvoiceType(new SalesInvoiceTypes(this.DatabaseSession).SalesInvoice)
.WithBilledFromInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithSalesInvoiceItem(new SalesInvoiceItemBuilder(this.DatabaseSession).WithProduct(good).WithQuantity(1).WithActualUnitPrice(100M).WithSalesInvoiceItemType(new SalesInvoiceItemTypes(this.DatabaseSession).ProductItem).Build())
.Build();
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation).Build();
this.DatabaseSession.Derive(true);
new ReceiptBuilder(this.DatabaseSession)
.WithAmount(90)
.WithPaymentApplication(new PaymentApplicationBuilder(this.DatabaseSession).WithInvoiceItem(invoice.SalesInvoiceItems[0]).WithAmountApplied(90).Build())
.Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanExecute(SalesInvoices.Meta.Send));
Assert.IsTrue(acl.CanExecute(SalesInvoices.Meta.WriteOff));
Assert.IsFalse(acl.CanExecute(SalesInvoices.Meta.CancelInvoice));
}
