public void GivenOrganisation_WhenCurrentUserIsContactForOrganisation_ThenCustomerPermissionsAreGranted()
{
var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
var organisation = new OrganisationBuilder(this.DatabaseSession).WithName("organisation").Build();
var customer = new PersonBuilder(this.DatabaseSession).WithLastName("Customer").WithUserName("customer").Build();
new CustomerRelationshipBuilder(this.DatabaseSession).WithCustomer(organisation).WithInternalOrganisation(internalOrganisation).Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customer).WithOrganisation(organisation).WithFromDate(DateTime.UtcNow).Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customer", "Forms"), new string[0]);
var acl = new AccessControlList(organisation, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanRead(Organisations.Meta.Name));
Assert.IsTrue(acl.CanWrite(Organisations.Meta.Name));
Assert.IsTrue(acl.CanRead(Organisations.Meta.LegalForm));
Assert.IsTrue(acl.CanWrite(Organisations.Meta.LegalForm));
Assert.IsTrue(acl.CanRead(Organisations.Meta.LogoImage));
Assert.IsTrue(acl.CanWrite(Organisations.Meta.LogoImage));
Assert.IsTrue(acl.CanRead(Organisations.Meta.Locale));
Assert.IsTrue(acl.CanWrite(Organisations.Meta.Locale));
Assert.IsFalse(acl.CanRead(Organisations.Meta.OwnerSecurityToken));
Assert.IsFalse(acl.CanWrite(Organisations.Meta.OwnerSecurityToken));
}
public void GivenLoggedUserIsAdministrator_WhenAccessingSingleton_ThenLoggedInUserIsGrantedAccess()
{
var existingAdministrator = new People(this.Session).FindBy(M.Person.UserName, Users.AdministratorUserName);
var secondAdministrator = new PersonBuilder(this.Session).WithLastName("second admin").Build();
Assert.False(secondAdministrator.IsAdministrator);
var internalOrganisation = this.InternalOrganisation;
this.Session.Derive();
this.SetIdentity(Users.AdministratorUserName);
var acl = new AccessControlList(internalOrganisation, existingAdministrator);
Assert.True(acl.CanWrite(M.Organisation.Name));
acl = new AccessControlList(internalOrganisation, secondAdministrator);
Assert.False(acl.CanRead(M.Organisation.Name));
var administrators = new UserGroups(this.Session).Administrators;
administrators.AddMember(secondAdministrator);
this.Session.Derive();
Assert.True(secondAdministrator.IsAdministrator);
acl = new AccessControlList(internalOrganisation, secondAdministrator);
Assert.True(acl.CanWrite(M.Organisation.Name));
}
public void TestEmployeesCanRead()
{
var employeeRole = new Roles(this.Session).Employee;
var employees = new UserGroupBuilder(this.Session)
.WithName("Employees")
.Build();
var john = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build();
employees.AddMember(john);
var invoice = new InvoiceBuilder(this.Session).Build();
var singleton = Singleton.Instance(this.Session);
var defaultSecurityToken = singleton.DefaultSecurityToken;
var accessControl = new AccessControlBuilder(this.Session)
.WithRole(employeeRole)
.WithObject(defaultSecurityToken)
.WithSubjectGroup(employees)
.Build();
var acl = new AccessControlList(invoice, john);
acl.CanRead(Invoice.Meta.Total).ShouldBeTrue();
}
public void GivenSalesOrderCreatedBySalesRep_WhenCurrentUserInSameSalesRepUserGroup_ThenAccessIsGranted()
{
var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").WithUserName("customer").Build();
var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var salesrep2 = new PersonBuilder(this.DatabaseSession).WithLastName("salesRep2").WithUserName("salesRep2").Build();
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(salesrep2)
.WithEmployer(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.Build();
new SalesRepRelationshipBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithCustomer(customer)
.WithSalesRepresentative(salesrep2)
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
var order = new SalesOrderBuilder(this.DatabaseSession)
.WithBillToCustomer(customer)
.WithShipToCustomer(customer)
.WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
.Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
}
public void GivenSalesOrderCreatedByCustomer_WhenCurrentUserIsSalesRepOfOrganisationThatTakesTheOrder_ThenAccessIsGranted()
{
var customer = new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer");
var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var customerContact = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("customerContact").Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession)
.WithContact(customerContact)
.WithOrganisation(new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer"))
.Build();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customerContact", "Forms"), new string[0]);
var order = new SalesOrderBuilder(this.DatabaseSession)
.WithTakenByInternalOrganisation(internalOrganisation)
.WithBillToCustomer(customer)
.WithShipToCustomer(customer)
.WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
}
public void GivenSalesOrderCreatedByCustomer_WhenCurrentUserInAdministratorRole_ThenAccessIsGranted()
{
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").WithUserName("customer").Build();
var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();
var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
var administrators = new UserGroups(this.DatabaseSession).Administrators;
administrators.AddMember(administrator);
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customer", "Forms"), new string[0]);
var order = new SalesOrderBuilder(this.DatabaseSession)
.WithBillToCustomer(customer)
.WithShipToCustomer(customer)
.WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
}
public void GivenSalesOrder_WhenCustomerChangesValue_ThenAccessPreviousCustomerIsDenied()
{
var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var customerContact1 = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact1").WithLastName("customercontact1").Build();
var customerContact2 = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact2").WithLastName("customercontact2").Build();
var employee = new PersonBuilder(this.DatabaseSession).WithUserName("employee").WithLastName("employee").Build();
var customer1 = new OrganisationBuilder(this.DatabaseSession).WithName("customer1").Build();
var customer2 = new OrganisationBuilder(this.DatabaseSession).WithName("customer2").Build();
new CustomerRelationshipBuilder(this.DatabaseSession)
.WithCustomer(customer1)
.WithInternalOrganisation(internalOrganisation)
.WithFromDate(DateTime.UtcNow)
.Build();
new CustomerRelationshipBuilder(this.DatabaseSession)
.WithCustomer(customer2)
.WithInternalOrganisation(internalOrganisation)
.WithFromDate(DateTime.UtcNow)
.Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact1).WithOrganisation(customer1).WithFromDate(DateTime.UtcNow).Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact2).WithOrganisation(customer2).WithFromDate(DateTime.UtcNow).Build();
new EmploymentBuilder(this.DatabaseSession)
.WithEmployee(employee)
.WithEmployer(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("employee", "Forms"), new string[0]);
var order = new SalesOrderBuilder(this.DatabaseSession)
.WithTakenByInternalOrganisation(internalOrganisation)
.WithShipToCustomer(customer1)
.WithBillToCustomer(customer1)
.WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact1", "Forms"), new string[0]);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
order.BillToCustomer = customer2;
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact1", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
order.ShipToCustomer = customer2;
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact1", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
}
public void GivenSalesInvoiceCreatedBySalesRep_WhenCurrentUserInAdministratorRole_ThenAccessIsGranted()
{
var customer = new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer");
var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
.WithAddress1("Haverwerf 15")
.WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
.WithLocality("Mechelen")
.WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
.Build())
.Build();
var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
var administrators = new UserGroups(this.DatabaseSession).Administrators;
administrators.AddMember(administrator);
this.DatabaseSession.Derive(true);
var supplierContact = new PersonBuilder(this.DatabaseSession).WithUserName("suppliercontact").WithLastName("suppliercontact").Build();
var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
new SupplierRelationshipBuilder(this.DatabaseSession)
.WithSupplier(supplier)
.WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(supplierContact).WithOrganisation(supplier).WithFromDate(DateTime.UtcNow).Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
.WithInvoiceNumber("1")
.WithBillToCustomer(customer)
.WithBillToContactMechanism(contactMechanism)
.WithSalesInvoiceType(new SalesInvoiceTypes(this.DatabaseSession).SalesInvoice)
.WithBilledFromInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.Build();
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation).Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);
var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesInvoices.Meta.Send));
}
public void GivenPurchaseOrderCreatedByProcurementLevel1Role_WhenCurrentUserInSameProcurementLevel1RoleUserGroup_ThenAccessIsGranted()
{
var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
new SupplierRelationshipBuilder(this.DatabaseSession).WithSupplier(supplier).WithInternalOrganisation(internalOrganisation).Build();
var purchaser2 = new PersonBuilder(this.DatabaseSession).WithLastName("purchaser2").WithUserName("purchaser2").Build();
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(purchaser2)
.WithEmployer(internalOrganisation)
.Build();
var usergroups = internalOrganisation.UserGroupsWhereParty;
var userGroup = usergroups.First;
userGroup.AddMember(purchaser2);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);
var order = new PurchaseOrderBuilder(this.DatabaseSession).WithTakenViaSupplier(supplier).Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));
}
public void GivenCustomerShipmentCreatedByOrderProcessor_WhenCurrentUserIsCustomerContact_ThenReadAccessIsGranted()
{
var customerContact = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact").WithLastName("customercontact").Build();
var employee = new PersonBuilder(this.DatabaseSession).WithUserName("employee").WithLastName("employee").Build();
var customer = new OrganisationBuilder(this.DatabaseSession).WithName("customer").Build();
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var shipToAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
new CustomerRelationshipBuilder(this.DatabaseSession)
.WithCustomer(customer)
.WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact).WithOrganisation(customer).WithFromDate(DateTime.UtcNow).Build();
new EmploymentBuilder(this.DatabaseSession)
.WithEmployee(employee)
.WithEmployer(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
var shipment = new CustomerShipmentBuilder(this.DatabaseSession)
.WithShipToParty(customer)
.WithShipToAddress(shipToAddress)
.WithShipmentMethod(new ShipmentMethods(this.DatabaseSession).Boat)
.Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanExecute(CustomerShipments.Meta.Cancel));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact", "Forms"), new string[0]);
acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
Assert.IsFalse(acl.CanExecute(CustomerShipments.Meta.Cancel));
}
public void GivenCustomerShipmentCreatedByOrderProcessor_WhenCurrentUserInSameOrderProcessorUserGroup_ThenAccessIsGranted()
{
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var orderProcessor2 = new PersonBuilder(this.DatabaseSession).WithLastName("orderProcessor2").WithUserName("orderProcessor2").Build();
var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
var shipToAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
var usergroups = internalOrganisation.UserGroupsWhereParty;
var orderProcessorUserGroup = usergroups.First;
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(orderProcessor2)
.WithEmployer(internalOrganisation)
.Build();
orderProcessorUserGroup.AddMember(orderProcessor2);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").Build();
var shipment = new CustomerShipmentBuilder(this.DatabaseSession)
.WithShipToParty(customer)
.WithShipToAddress(shipToAddress)
.WithShipmentMethod(new ShipmentMethods(this.DatabaseSession).Boat)
.Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanExecute(CustomerShipments.Meta.Cancel));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor2", "Forms"), new string[0]);
acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
Assert.IsTrue(acl.CanExecute(CustomerShipments.Meta.Cancel));
}
public void GivenSalesInvoice_WhenBillToCustomerChangesValue_ThenAccessPreviousCustomerIsDenied()
{
var customer = new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer");
var customer2 = new OrganisationBuilder(this.DatabaseSession).WithName("customer2").Build();
var customerContact = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact").WithLastName("customercontact").Build();
var customerContact2 = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact2").WithLastName("customercontact2").Build();
var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
.WithAddress1("Haverwerf 15")
.WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
.WithLocality("Mechelen")
.WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
.Build())
.Build();
new CustomerRelationshipBuilder(this.DatabaseSession)
.WithCustomer(customer2)
.WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow.Date)
.Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact).WithOrganisation(customer).WithFromDate(DateTime.UtcNow).Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact2).WithOrganisation(customer2).WithFromDate(DateTime.UtcNow).Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
.WithBillToCustomer(customer)
.WithBillToContactMechanism(contactMechanism)
.WithBilledFromInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact", "Forms"), new string[0]);
var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanWrite(SalesInvoices.Meta.InvoiceDate));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceDate));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceNumber));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.TotalExVat));
Assert.IsFalse(acl.CanExecute(SalesInvoices.Meta.Send));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
invoice.BillToCustomer = customer2;
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact", "Forms"), new string[0]);
acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanWrite(SalesInvoices.Meta.InvoiceDate));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceDate));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceNumber));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.TotalExVat));
Assert.IsFalse(acl.CanExecute(SalesInvoices.Meta.Send));
}
public void GivenSalesInvoiceCreatedBySalesRep_WhenCurrentUserInSameSalesRepUserGroup_ThenAccessIsGranted()
{
var customer = new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer");
var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
.WithAddress1("Haverwerf 15")
.WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
.WithLocality("Mechelen")
.WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
.Build())
.Build();
var salesRep2 = new PersonBuilder(this.DatabaseSession).WithUserName("salesRep2").WithLastName("salesRep2").Build();
new EmploymentBuilder(this.DatabaseSession)
.WithEmployee(salesRep2)
.WithEmployer(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
new SalesRepRelationshipBuilder(this.DatabaseSession)
.WithSalesRepresentative(salesRep2)
.WithCustomer(customer)
.WithFromDate(DateTime.UtcNow)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
.WithBilledFromInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithBillToCustomer(customer)
.WithBillToContactMechanism(contactMechanism)
.Build();
new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation).Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesInvoices.Meta.Send));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep2", "Forms"), new string[0]);
acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesInvoices.Meta.Send));
}
public void GivenSalesInvoiceCreatedBySalesRep_WhenCurrentUserInAnotherSalesRepUserGroup_ThenAccessIsDenied()
{
var salesRep2 = new PersonBuilder(this.DatabaseSession).WithUserName("salesRep2").WithLastName("salesRep2").Build();
var customer2 = new OrganisationBuilder(this.DatabaseSession).WithName("customer").Build();
var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
.WithAddress1("Haverwerf 15")
.WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
.WithLocality("Mechelen")
.WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
.Build())
.Build();
var belgium = new Countries(this.DatabaseSession).CountryByIsoCode["BE"];
var euro = belgium.Currency;
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var mechelenAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
var billToMechelen = new PartyContactMechanismBuilder(this.DatabaseSession)
.WithContactMechanism(mechelenAddress)
.WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).BillingAddress)
.WithUseAsDefault(true)
.Build();
var bank = new BankBuilder(this.DatabaseSession).WithCountry(belgium).WithName("ING België").WithBic("BBRUBEBB").Build();
var ownBankAccount = new OwnBankAccountBuilder(this.DatabaseSession)
.WithDescription("BE23 3300 6167 6391")
.WithBankAccount(new BankAccountBuilder(this.DatabaseSession).WithBank(bank).WithCurrency(euro).WithIban("BE23 3300 6167 6391").WithNameOnAccount("Koen").Build())
.Build();
var internalOrganisation2 = new InternalOrganisationBuilder(this.DatabaseSession)
.WithName("internalOrganisation2")
.WithLocale(new Locales(this.DatabaseSession).EnglishGreatBritain)
.WithEmployeeRole(new Roles(this.DatabaseSession).Administrator)
.WithEmployeeRole(new Roles(this.DatabaseSession).Sales)
.WithDefaultPaymentMethod(ownBankAccount)
.WithPreferredCurrency(euro)
.WithPartyContactMechanism(billToMechelen)
.Build();
var facility = new WarehouseBuilder(this.DatabaseSession).WithName("facility").WithOwner(internalOrganisation2).Build();
internalOrganisation2.DefaultFacility = facility;
new StoreBuilder(this.DatabaseSession)
.WithName("store")
.WithDefaultFacility(facility)
.WithOwner(internalOrganisation2)
.WithDefaultShipmentMethod(new ShipmentMethods(this.DatabaseSession).Ground)
.WithDefaultCarrier(new Carriers(this.DatabaseSession).Fedex)
.WithCreditLimit(500)
.WithPaymentGracePeriod(10)
.Build();
new EmploymentBuilder(this.DatabaseSession).WithEmployee(salesRep2).WithEmployer(internalOrganisation2).WithFromDate(DateTime.UtcNow).Build();
new CustomerRelationshipBuilder(this.DatabaseSession)
.WithCustomer(customer2)
.WithInternalOrganisation(internalOrganisation2)
.WithFromDate(DateTime.UtcNow)
.Build();
new SalesRepRelationshipBuilder(this.DatabaseSession)
.WithSalesRepresentative(salesRep2)
.WithCustomer(customer2)
.WithInternalOrganisation(internalOrganisation2)
.WithFromDate(DateTime.UtcNow)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep2", "Forms"), new string[0]);
var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
.WithBilledFromInternalOrganisation(internalOrganisation2)
.WithBillToCustomer(customer2)
.WithBillToContactMechanism(contactMechanism)
.Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.Comment));
Assert.IsTrue(acl.CanExecute(SalesInvoices.Meta.Send));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
}
public void GivenPurchaseOrderCreatedByProcurementLevel1Role_WhenCurrentUserInAdministratorRole_ThenAccessIsGranted()
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);
var order = new PurchaseOrderBuilder(this.DatabaseSession).Build();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("administrator", "Forms"), new string[0]);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));
}
public void GivenPurchaseOrderCreatedByProcurementLevel1Role_WhenCurrentUserInAnotherProcurementLevel1RoleUserGroup_ThenAccessIsDenied()
{
var belgium = new Countries(this.DatabaseSession).CountryByIsoCode["BE"];
var euro = belgium.Currency;
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var mechelenAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
var billToMechelen = new PartyContactMechanismBuilder(this.DatabaseSession)
.WithContactMechanism(mechelenAddress)
.WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).BillingAddress)
.WithUseAsDefault(true)
.Build();
var bank = new BankBuilder(this.DatabaseSession).WithCountry(belgium).WithName("ING België").WithBic("BBRUBEBB").Build();
var ownBankAccount = new OwnBankAccountBuilder(this.DatabaseSession)
.WithDescription("BE23 3300 6167 6391")
.WithBankAccount(new BankAccountBuilder(this.DatabaseSession).WithBank(bank).WithCurrency(euro).WithIban("BE23 3300 6167 6391").WithNameOnAccount("Koen").Build())
.Build();
var purchaser2 = new PersonBuilder(this.DatabaseSession).WithLastName("purchaser2").WithUserName("purchaser2").Build();
var internalOrganisation = new InternalOrganisationBuilder(this.DatabaseSession)
.WithName("new internalOrganisation")
.WithLocale(Singleton.Instance(this.DatabaseSession).DefaultLocale)
.WithEmployeeRole(new Roles(this.DatabaseSession).Administrator)
.WithDefaultPaymentMethod(ownBankAccount)
.WithPreferredCurrency(euro)
.WithPartyContactMechanism(billToMechelen)
.Build();
var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
new SupplierRelationshipBuilder(this.DatabaseSession).WithSupplier(supplier).WithInternalOrganisation(internalOrganisation).Build();
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(purchaser2)
.WithEmployer(internalOrganisation)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);
var order = new PurchaseOrderBuilder(this.DatabaseSession).WithTakenViaSupplier(supplier).WithShipToBuyer(internalOrganisation).Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.Comment));
Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
}
public void GivenPickListCreatedByOrderProcessor_WhenCurrentUserInAnotherOrderProcessorUserGroup_ThenAccessIsDenied()
{
var belgium = new Countries(this.DatabaseSession).CountryByIsoCode["BE"];
var euro = belgium.Currency;
var bank = new BankBuilder(this.DatabaseSession).WithCountry(belgium).WithName("ING België").WithBic("BBRUBEBB").Build();
var ownBankAccount = new OwnBankAccountBuilder(this.DatabaseSession)
.WithDescription("own account")
.WithBankAccount(new BankAccountBuilder(this.DatabaseSession).WithBank(bank).WithCurrency(euro).WithIban("BE23 3300 6167 6391").WithNameOnAccount("Koen").Build())
.Build();
var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
var address1 = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();
var billingAddress = new PartyContactMechanismBuilder(this.DatabaseSession)
.WithContactMechanism(address1)
.WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).BillingAddress)
.WithUseAsDefault(true)
.Build();
var orderProcessor2 = new PersonBuilder(this.DatabaseSession).WithLastName("orderProcessor2").WithUserName("orderProcessor2").Build();
var internalOrganisation = new InternalOrganisationBuilder(this.DatabaseSession)
.WithName("employer2")
.WithLocale(new Locales(this.DatabaseSession).EnglishGreatBritain)
.WithEmployeeRole(new Roles(this.DatabaseSession).Administrator)
.WithEmployeeRole(new Roles(this.DatabaseSession).Operations)
.WithDefaultPaymentMethod(ownBankAccount)
.WithPreferredCurrency(euro)
.WithPartyContactMechanism(billingAddress)
.Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
var usergroups = internalOrganisation.UserGroupsWhereParty;
usergroups.Filter.AddEquals(UserGroups.Meta.Parent, new Roles(this.DatabaseSession).Operations.UserGroupWhereRole);
var orderProcessorUserGroup = usergroups.First;
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(orderProcessor2)
.WithEmployer(internalOrganisation)
.Build();
orderProcessorUserGroup.AddMember(orderProcessor2);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
var pickList = new PickListBuilder(this.DatabaseSession).Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanRead(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanExecute(PickLists.Meta.Cancel));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor2", "Forms"), new string[0]);
acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
}
public void GivenPurchaseOrder_WhenTakenViaSupplierChangesValue_ThenAccessPreviousSupplierIsDenied()
{
var supplierContact = new PersonBuilder(this.DatabaseSession).WithUserName("suppliercontact").WithLastName("suppliercontact").Build();
var supplierContact2 = new PersonBuilder(this.DatabaseSession).WithUserName("suppliercontact2").WithLastName("suppliercontact2").Build();
var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
var supplier2 = new OrganisationBuilder(this.DatabaseSession).WithName("supplier2").Build();
new SupplierRelationshipBuilder(this.DatabaseSession)
.WithSupplier(supplier)
.WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
new SupplierRelationshipBuilder(this.DatabaseSession)
.WithSupplier(supplier2)
.WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
.WithFromDate(DateTime.UtcNow)
.Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(supplierContact).WithOrganisation(supplier).WithFromDate(DateTime.UtcNow).Build();
new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(supplierContact2).WithOrganisation(supplier2).WithFromDate(DateTime.UtcNow).Build();
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);
var order = new PurchaseOrderBuilder(this.DatabaseSession)
.WithTakenViaSupplier(supplier)
.Build();
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact", "Forms"), new string[0]);
var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanWrite(PurchaseOrders.Meta.OrderDate));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderDate));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderNumber));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.TotalExVat));
Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Confirm));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
order.TakenViaSupplier = supplier2;
this.DatabaseSession.Derive(true);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.HasReadOperation);
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact2", "Forms"), new string[0]);
acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsFalse(acl.CanWrite(PurchaseOrders.Meta.OrderDate));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderDate));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderNumber));
Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.TotalExVat));
Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Confirm));
}
public void GivenPickListCreatedByOrderProcessor_WhenCurrentUserInSameOrderProcessorUserGroup_ThenAccessIsGranted()
{
var orderProcessor2 = new PersonBuilder(this.DatabaseSession).WithLastName("orderProcessor2").WithUserName("orderProcessor2").Build();
var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
var usergroups = internalOrganisation.UserGroupsWhereParty;
usergroups.Filter.AddEquals(UserGroups.Meta.Parent, new Roles(this.DatabaseSession).Operations.UserGroupWhereRole);
var orderProcessorUserGroup = usergroups.First;
new EmploymentBuilder(this.DatabaseSession)
.WithFromDate(DateTime.UtcNow)
.WithEmployee(orderProcessor2)
.WithEmployer(internalOrganisation)
.Build();
orderProcessorUserGroup.AddMember(orderProcessor2);
this.DatabaseSession.Derive(true);
this.DatabaseSession.Commit();
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
var pickList = new PickListBuilder(this.DatabaseSession).Build();
this.DatabaseSession.Derive(true);
var acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanRead(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanExecute(PickLists.Meta.Cancel));
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor2", "Forms"), new string[0]);
acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());
Assert.IsTrue(acl.CanWrite(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanRead(PickLists.Meta.Picker));
Assert.IsTrue(acl.CanExecute(PickLists.Meta.Cancel));
}
