public void GivenAnAuthenticationPopulatonWhenCreatingAnAccessListForGuestThenPermissionIsDenied() { this.Session.Derive(); this.Session.Commit(); var sessions = new ISession[] { this.Session }; foreach (var session in sessions) { session.Commit(); var guest = new AutomatedAgents(this.Session).Guest; var acls = new AccessControlLists(guest); foreach (Object aco in (IObject[])session.Extent(M.Organisation.ObjectType)) { // When var accessList = acls[aco]; // Then Assert.False(accessList.CanExecute(M.Organisation.JustDoIt)); } session.Rollback(); } }
private int CheckSecurity() { using (var session = this.databaseService.Database.CreateSession()) { var people = new People(session); var jane = people.FindBy(M.Person.FirstName, "jane"); var john = people.FindBy(M.Person.FirstName, "john"); var acls = new AccessControlLists(jane); var acl = acls[john]; var accessControl = acl.AccessControls.Single(); var effectivePermissions = accessControl.EffectivePermissions; var personPermissions = effectivePermissions.Where(v => v.ConcreteClass == M.Person.Class).ToArray(); var workspacePersonPermissions = personPermissions.Where(w => w.OperandType.Workspace).ToArray(); //var canRead = acl.CanRead(M.Person.Salutation); //var canWrite = acl.CanRead(M.Person.Salutation); } return(0); }
public void DelegateAccessReturnsTokens() { var administrator = new PersonBuilder(this.Session).WithUserName("administrator").Build(); var administrators = new UserGroups(this.Session).Administrators; administrators.AddMember(administrator); var accessClass = new AccessClassBuilder(this.Session).Build(); this.Session.Derive(); this.Session.Commit(); var defaultSecurityToken = new SecurityTokens(this.Session).DefaultSecurityToken; var dstAcs = defaultSecurityToken.AccessControls.Where(v => v.EffectiveUsers.Contains(administrator)); var dstAcs2 = defaultSecurityToken.AccessControls.Where(v => v.SubjectGroups.Contains(administrators)); var acs = new AccessControls(this.Session).Extent().Where(v => v.EffectiveUsers.Contains(administrator)); var acs2 = new AccessControls(this.Session).Extent().Where(v => v.SubjectGroups.Contains(administrators)); var acl = new AccessControlLists(administrator)[accessClass]; Assert.True(acl.CanRead(M.AccessClass.Property)); Assert.True(acl.CanWrite(M.AccessClass.Property)); Assert.True(acl.CanRead(M.AccessClass.Property)); Assert.True(acl.CanWrite(M.AccessClass.Property)); }
public async void WithResult() { await this.SignIn(this.Administrator); var data = new DataBuilder(this.Session).WithString("First").Build(); this.Session.Commit(); var uri = new Uri(@"allors/pull", UriKind.Relative); var extent = new Allors.Data.Extent(M.Data.ObjectType); var pullRequest = new PullRequest { P = new[] { new Pull { Extent = extent.Save(), Results = new[] { new Result { Name = "Datas" }, }, }, }, }; var response = await this.PostAsJsonAsync(uri, pullRequest); var pullResponse = await this.ReadAsAsync <PullResponse>(response); var namedCollection = pullResponse.NamedCollections["Datas"]; Assert.Single(namedCollection); var namedObject = namedCollection.First(); Assert.Equal(data.Id.ToString(), namedObject); var objects = pullResponse.Objects; Assert.Single(objects); var @object = objects[0]; var acls = new AccessControlLists(this.Administrator); var acl = acls[data]; Assert.Equal(3, @object.Length); Assert.Equal(data.Strategy.ObjectId.ToString(), @object[0]); Assert.Equal(data.Strategy.ObjectVersion.ToString(), @object[1]); Assert.Equal(this.PrintAccessControls(acl), @object[2]); }
public async void WithDeniedPermissions() { await this.SignIn(this.Administrator); var data = new DataBuilder(this.Session).WithString("First").Build(); var permission = new Permissions(this.Session).Extent().First(v => v.ConcreteClass == M.Data.Class); data.AddDeniedPermission(permission); this.Session.Commit(); var uri = new Uri("pull", UriKind.Relative); var extent = new Allors.Data.Extent(M.Data.ObjectType); var pullRequest = new PullRequest { p = new[] { new Pull { extent = extent.Save(), }, }, }; var response = await this.PostAsJsonAsync(uri, pullRequest); var pullResponse = await this.ReadAsAsync <PullResponse>(response); var namedCollection = pullResponse.namedCollections["Datas"]; Assert.Single(namedCollection); var namedObject = namedCollection.First(); Assert.Equal(data.Id.ToString(), namedObject); var objects = pullResponse.Objects; Assert.Single(objects); var @object = objects[0]; var acls = new AccessControlLists(this.Administrator); var acl = acls[data]; Assert.Equal(4, @object.Length); Assert.Equal(data.Strategy.ObjectId.ToString(), @object[0]); Assert.Equal(data.Strategy.ObjectVersion.ToString(), @object[1]); Assert.Equal(this.PrintAccessControls(acl), @object[2]); Assert.Equal(this.PrintDeniedPermissions(acl), @object[3]); }
public void GivenAnAccessListWhenRemovingUserFromACLThenUserHasNoAccessToThePermissionsInTheRole() { var permission = this.FindPermission(M.Organisation.Name, Operations.Read); var role = new RoleBuilder(this.Session).WithName("Role").WithPermission(permission).Build(); var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build(); var person2 = new PersonBuilder(this.Session).WithFirstName("Jane").WithLastName("Doe").Build(); new AccessControlBuilder(this.Session).WithSubject(person).WithRole(role).Build(); this.Session.Derive(); this.Session.Commit(); var sessions = new ISession[] { this.Session }; foreach (var session in sessions) { session.Commit(); var organisation = new OrganisationBuilder(session).WithName("Organisation").Build(); var token = new SecurityTokenBuilder(session).Build(); organisation.AddSecurityToken(token); var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First); token.AddAccessControl(accessControl); this.Session.Derive(); var acl = new AccessControlLists(person)[organisation]; accessControl.RemoveSubject(person); accessControl.AddSubject(person2); this.Session.Derive(); acl = new AccessControlLists(person)[organisation]; Assert.False(acl.CanRead(M.Organisation.Name)); session.Rollback(); } }
public void DeniedPermissions() { var readOrganisationName = this.FindPermission(M.Organisation.Name, Operations.Read); var databaseRole = new RoleBuilder(this.Session).WithName("Role").WithPermission(readOrganisationName).Build(); var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build(); new AccessControlBuilder(this.Session).WithRole(databaseRole).WithSubject(person).Build(); this.Session.Derive(); this.Session.Commit(); var sessions = new ISession[] { this.Session }; foreach (var session in sessions) { session.Commit(); var organisation = new OrganisationBuilder(session).WithName("Organisation").Build(); var token = new SecurityTokenBuilder(session).Build(); organisation.AddSecurityToken(token); var role = (Role)session.Instantiate(new Roles(this.Session).FindBy(M.Role.Name, "Role")); var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First); token.AddAccessControl(accessControl); Assert.False(this.Session.Derive(false).HasErrors); var acl = new AccessControlLists(person)[organisation]; Assert.True(acl.CanRead(M.Organisation.Name)); organisation.AddDeniedPermission(readOrganisationName); acl = new AccessControlLists(person)[organisation]; Assert.False(acl.CanRead(M.Organisation.Name)); session.Rollback(); } }
public void GivenAnotherUserGroupAndAnAccessControlledObjectWhenGettingTheAccessListThenUserHasAccessToThePermissionsInTheRole() { var readOrganisationName = this.FindPermission(M.Organisation.Name, Operations.Read); var databaseRole = new RoleBuilder(this.Session).WithName("Role").WithPermission(readOrganisationName).Build(); var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build(); new UserGroupBuilder(this.Session).WithName("Group").WithMember(person).Build(); var anotherUserGroup = new UserGroupBuilder(this.Session).WithName("AnotherGroup").Build(); this.Session.Derive(); this.Session.Commit(); new AccessControlBuilder(this.Session).WithSubjectGroup(anotherUserGroup).WithRole(databaseRole).Build(); this.Session.Commit(); var sessions = new ISession[] { this.Session }; foreach (var session in sessions) { session.Commit(); var organisation = new OrganisationBuilder(session).WithName("Organisation").Build(); var token = new SecurityTokenBuilder(session).Build(); organisation.AddSecurityToken(token); var role = (Role)session.Instantiate(new Roles(this.Session).FindBy(M.Role.Name, "Role")); var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First); token.AddAccessControl(accessControl); Assert.False(this.Session.Derive(false).HasErrors); var acl = new AccessControlLists(person)[organisation]; Assert.False(acl.CanRead(M.Organisation.Name)); session.Rollback(); } }
public void DelegateAccessReturnsNoTokens() { var administrator = new PersonBuilder(this.Session).WithUserName("administrator").Build(); new UserGroups(this.Session).Administrators.AddMember(administrator); var accessClass = new AccessClassBuilder(this.Session).WithBlock(true).Build(); accessClass.Block = true; this.Session.Derive(); this.Session.Commit(); // Use default security from Singleton var acl = new AccessControlLists(administrator)[accessClass]; Assert.True(acl.CanRead(M.AccessClass.Property)); Assert.True(acl.CanWrite(M.AccessClass.Property)); Assert.True(acl.CanRead(M.AccessClass.Property)); Assert.True(acl.CanWrite(M.AccessClass.Property)); }