public void Test_IncludedRoles( )
{
// Note: ExpectedResult is null when we expect no grant
Definition type = null; // needs to be definition, otherwise gets filtered from the report.
Role parentRole = null;
Role childRole = null;
List <IEntity> cleanup = new List <IEntity>( );
try
{
EntityType editableResource = UserResource.UserResource_Type;
// Setup scenario
type = Entity.Create <Definition>( );
type.Name = Guid.NewGuid().ToString( );
type.Inherits.Add(editableResource);
type.Save( );
cleanup.Add(type);
// Set up roles
parentRole = Entity.Create <Role>( );
childRole = Entity.Create <Role>( );
parentRole.IncludesRoles.Add(childRole);
parentRole.Save( );
cleanup.Add(parentRole);
cleanup.Add(childRole);
new AccessRuleFactory( ).AddAllowReadQuery(parentRole.As <Subject>( ), type.As <SecurableEntity>( ), TestQueries.Entities(type).ToReport( ));
new AccessRuleFactory( ).AddAllowModifyQuery(childRole.As <Subject>( ), type.As <SecurableEntity>( ), TestQueries.Entities(type).ToReport( ));
// Tests
ITypeAccessReasonService service = Factory.Current.Resolve <ITypeAccessReasonService>( );
var reasons = service.GetTypeAccessReasons(childRole.Id, TypeAccessReasonSettings.Default);
Assert.That(reasons.Where(reason => reason.SubjectId == WellKnownAliases.CurrentTenant.EveryoneRole).Count(), Is.GreaterThan(0));
// Sanity check for the type we explicitly grant accses
AccessReason childReason = reasons.SingleOrDefault(r => r.SubjectId == childRole.Id);
AccessReason parentReason = reasons.SingleOrDefault(r => r.SubjectId == parentRole.Id);
Assert.That(childReason, Is.Not.Null, "child reason");
Assert.That(parentReason, Is.Not.Null, "parent reason");
Assert.That(childReason.TypeId, Is.EqualTo(type.Id), "child reason type");
Assert.That(parentReason.TypeId, Is.EqualTo(type.Id), "parent reason type");
}
finally
{
Entity.Delete(cleanup.Select(e => new EntityRef(e)));
}
}
/// <summary>
/// Convert access reason to web response contract.
/// </summary>
private TypeAccessReason FormatAccessReason(AccessReason reason)
{
// This could probably be better, but it'll largely come from cache
long nameField = WellKnownAliases.CurrentTenant.Name;
string subjectName = EntityRepository.Get(reason.SubjectId)?.GetField <string>(nameField);
string typeName = EntityRepository.Get(reason.TypeId)?.GetField <string>(nameField);
return(new TypeAccessReason
{
SubjectName = subjectName,
TypeName = typeName,
Permissions = reason.PermissionsText,
Reason = reason.Description,
Scope = reason.AccessRuleScope.ToString()
});
}
public UserProfileDetailsViewModel([NotNull] User user, AccessReason reason)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
Email = user.Email;
FullName = user.FullName;
User = user;
Reason = reason;
Skype = user.Extra?.Skype;
Telegram = user.Extra?.Telegram;
Livejournal = user.Extra?.Livejournal;
Vk = user.Extra?.Vk;
PhoneNumber = user.Extra?.PhoneNumber ?? "";
AllrpgId = user.Allrpg?.Sid;
}
public UserProfileDetailsViewModel(User user, AccessReason reason)
{
User = new UserLinkViewModel(user);
Reason = reason;
SocialNetworkAccess = (ContactsAccessTypeView)user.GetSocialNetworkAccess();
Avatar = AvatarIdentification.FromOptional(user.SelectedAvatarId);
if (HasAccess)
{
Email = user.Email;
FullName = user.FullName;
Skype = user.Extra?.Skype;
Telegram = user.Extra?.Telegram;
Livejournal = user.Extra?.Livejournal;
PhoneNumber = user.Extra?.PhoneNumber ?? "";
IsVerifiedUser = user.VerifiedProfileFlag;
IsAdmin = user.Auth.IsAdmin;
}
if (HasAccess || user.Extra.SocialNetworksAccess == ContactsAccessType.Public)
{
Vk = user.Extra?.Vk;
AllrpgId = user.Allrpg?.Sid;
}
}
public override int GetHashCode()
{
int hash = 1;
if (ResourceName.Length != 0)
{
hash ^= ResourceName.GetHashCode();
}
if (id_ != null)
{
hash ^= Id.GetHashCode();
}
if (readOnly_ != null)
{
hash ^= ReadOnly.GetHashCode();
}
if (name_ != null)
{
hash ^= Name.GetHashCode();
}
if (description_ != null)
{
hash ^= Description.GetHashCode();
}
if (MembershipStatus != 0)
{
hash ^= MembershipStatus.GetHashCode();
}
if (integrationCode_ != null)
{
hash ^= IntegrationCode.GetHashCode();
}
if (membershipLifeSpan_ != null)
{
hash ^= MembershipLifeSpan.GetHashCode();
}
if (sizeForDisplay_ != null)
{
hash ^= SizeForDisplay.GetHashCode();
}
if (SizeRangeForDisplay != 0)
{
hash ^= SizeRangeForDisplay.GetHashCode();
}
if (sizeForSearch_ != null)
{
hash ^= SizeForSearch.GetHashCode();
}
if (SizeRangeForSearch != 0)
{
hash ^= SizeRangeForSearch.GetHashCode();
}
if (Type != 0)
{
hash ^= Type.GetHashCode();
}
if (ClosingReason != 0)
{
hash ^= ClosingReason.GetHashCode();
}
if (AccessReason != 0)
{
hash ^= AccessReason.GetHashCode();
}
if (AccountUserListStatus != 0)
{
hash ^= AccountUserListStatus.GetHashCode();
}
if (eligibleForSearch_ != null)
{
hash ^= EligibleForSearch.GetHashCode();
}
if (eligibleForDisplay_ != null)
{
hash ^= EligibleForDisplay.GetHashCode();
}
if (userListCase_ == UserListOneofCase.CrmBasedUserList)
{
hash ^= CrmBasedUserList.GetHashCode();
}
if (userListCase_ == UserListOneofCase.SimilarUserList)
{
hash ^= SimilarUserList.GetHashCode();
}
hash ^= (int)userListCase_;
if (_unknownFields != null)
{
hash ^= _unknownFields.GetHashCode();
}
return(hash);
}
public void Test_Secured_By_Relationship_Chained( )
{
// Note: ExpectedResult is null when we expect no grant
Definition typeExplicitlyGranted = null; // needs to be definition, otherwise gets filtered from the report.
Definition typeMiddle = null;
Definition typeToBeChecked = null;
Relationship rel = null;
Relationship rel2 = null;
Role role = null;
List <IEntity> cleanup = new List <IEntity>( );
try
{
EntityType editableResource = UserResource.UserResource_Type;
// Setup scenario
typeExplicitlyGranted = Entity.Create <Definition>( );
typeExplicitlyGranted.Name = "ExplicitType";
typeExplicitlyGranted.Inherits.Add(editableResource);
typeExplicitlyGranted.Save( );
cleanup.Add(typeExplicitlyGranted);
typeMiddle = Entity.Create <Definition>( );
typeMiddle.Name = "MiddleType";
typeMiddle.Inherits.Add(editableResource);
typeMiddle.Save( );
cleanup.Add(typeMiddle);
typeToBeChecked = Entity.Create <Definition>( );
typeToBeChecked.Name = "CheckedType";
typeToBeChecked.Inherits.Add(editableResource);
typeToBeChecked.Save( );
cleanup.Add(typeToBeChecked);
// Set up relationship
rel = Entity.Create <Relationship>( );
rel.Cardinality_Enum = CardinalityEnum_Enumeration.ManyToMany;
rel.Name = "RelName1";
rel.ToName = "ToName1";
rel.FromName = "FromName1";
rel.FromType = typeExplicitlyGranted.Cast <EntityType>( );
rel.ToType = typeMiddle.Cast <EntityType>( );
rel.SecuresTo = true;
rel.Save( );
cleanup.Add(rel);
rel2 = Entity.Create <Relationship>( );
rel2.Cardinality_Enum = CardinalityEnum_Enumeration.ManyToMany;
rel2.Name = "RelName2";
rel2.ToName = "ToName2";
rel2.FromName = "FromName2";
rel2.ToType = typeMiddle.Cast <EntityType>( );
rel2.FromType = typeToBeChecked.Cast <EntityType>( );
rel2.SecuresFrom = true;
rel2.Save( );
cleanup.Add(rel2);
// Set up role
role = new Role {
Name = "Role1"
};
role.Save( );
cleanup.Add(role);
new AccessRuleFactory( ).AddAllowReadQuery(role.As <Subject>( ), typeExplicitlyGranted.As <SecurableEntity>( ), TestQueries.Entities(typeExplicitlyGranted).ToReport( ));
// Tests
ITypeAccessReasonService service = Factory.Current.Resolve <ITypeAccessReasonService>( );
var reasons = service.GetTypeAccessReasons(role.Id, TypeAccessReasonSettings.Default);
// Sanity check for the type we explicitly grant accses
Assert.That(reasons.Where(r => r.TypeId == typeExplicitlyGranted.Id).Count( ), Is.EqualTo(1), "typeExplicitlyGranted");
AccessReason reason1 = reasons.Single(r => r.TypeId == typeExplicitlyGranted.Id);
AccessReason reason2 = reasons.Single(r => r.TypeId == typeMiddle.Id);
AccessReason reason3 = reasons.Single(r => r.TypeId == typeToBeChecked.Id);
Assert.That(reason1.Description, Is.EqualTo("Access rule: 'Role1' accessing 'ExplicitType'"), "rule1 desc");
Assert.That(reason2.Description, Is.EqualTo("Secured via 'ExplicitType' object: 'ToName1' relationship"), "rule2 desc");
Assert.That(reason3.Description, Is.EqualTo("Secured via 'ExplicitType' object: 'ToName1' -> 'FromName2' relationships"), "rule3 desc");
}
finally
{
Entity.Delete(cleanup.Select(e => new EntityRef(e)));
}
}
public string Test_Secured_By_Relationship(string settings)
{
// Note: ExpectedResult is null when we expect no grant
Definition typeExplicitlyGranted = null; // needs to be definition, otherwise gets filtered from the report.
Definition typeToBeChecked = null;
Definition fromType = null;
Definition toType = null;
Relationship rel = null;
Role role = null;
List <IEntity> cleanup = new List <IEntity>( );
try
{
EntityType editableResource = UserResource.UserResource_Type;
// Setup scenario
typeExplicitlyGranted = Entity.Create <Definition>( );
typeExplicitlyGranted.Name = "ExplicitType";
typeExplicitlyGranted.Inherits.Add(editableResource);
typeExplicitlyGranted.Save( );
cleanup.Add(typeExplicitlyGranted);
typeToBeChecked = Entity.Create <Definition>( );
typeToBeChecked.Name = "CheckedType";
typeToBeChecked.Inherits.Add(editableResource);
typeToBeChecked.Save( );
cleanup.Add(typeToBeChecked);
// Set up relationship
rel = Entity.Create <Relationship>( );
rel.Cardinality_Enum = CardinalityEnum_Enumeration.ManyToMany;
rel.Name = "RelName";
rel.ToName = "ToName";
rel.FromName = "FromName";
cleanup.Add(rel);
if (settings.Contains("fwd"))
{
fromType = typeExplicitlyGranted;
toType = typeToBeChecked;
}
else if (settings.Contains("rev"))
{
fromType = typeToBeChecked;
toType = typeExplicitlyGranted;
}
if (settings.Contains("fromAncestor") || settings.Contains("fromDerived"))
{
var oldFrom = fromType;
fromType = new Definition( );
if (settings.Contains("fromAncestor"))
{
fromType.Name = "FromAncestor";
fromType.Inherits.Add(editableResource);
fromType.DerivedTypes.Add(oldFrom.Cast <EntityType>( ));
}
else
{
fromType.Name = "FromDerived";
fromType.Inherits.Add(oldFrom.Cast <EntityType>( ));
}
fromType.Save( );
cleanup.Add(fromType);
}
if (settings.Contains("toAncestor") || settings.Contains("toDerived"))
{
var oldTo = toType;
toType = new Definition( );
if (settings.Contains("toAncestor"))
{
toType.Name = "ToAncestor";
toType.Inherits.Add(editableResource);
toType.DerivedTypes.Add(oldTo.Cast <EntityType>( ));
}
else
{
toType.Name = "ToDerived";
toType.Inherits.Add(oldTo.Cast <EntityType>( ));
}
toType.Save( );
cleanup.Add(toType);
}
rel.FromType = fromType.Cast <EntityType>( );
rel.ToType = toType.Cast <EntityType>( );
rel.SecuresTo = settings.Contains("securesTo");
rel.SecuresFrom = settings.Contains("securesFrom");
rel.Save( );
// Set up role
role = new Role {
Name = "Role1"
};
role.Save( );
cleanup.Add(role);
new AccessRuleFactory( ).AddAllowReadQuery(role.As <Subject>( ), typeExplicitlyGranted.As <SecurableEntity>( ), TestQueries.Entities(typeExplicitlyGranted).ToReport( ));
// Tests
ITypeAccessReasonService service = Factory.Current.Resolve <ITypeAccessReasonService>( );
var reasons = service.GetTypeAccessReasons(role.Id, TypeAccessReasonSettings.Default);
// Sanity check for the type we explicitly grant accses
Assert.That(reasons.Where(r => r.TypeId == typeExplicitlyGranted.Id).Count( ), Is.EqualTo(1), "typeExplicitlyGranted");
AccessReason reason1 = reasons.Single(r => r.TypeId == typeExplicitlyGranted.Id);
Assert.That(reason1.AccessRuleScope, Is.EqualTo(AccessRuleScope.AllInstances), "rule1 scope");
Assert.That(reason1.PermissionsText, Is.EqualTo("Read"), "rule1 perms");
Assert.That(reason1.SubjectId, Is.EqualTo(role.Id), "rule1 subject");
Assert.That(reason1.Description, Is.EqualTo("Access rule: 'Role1' accessing 'ExplicitType'"), "rule1 desc");
AccessReason reason2 = reasons.FirstOrDefault(r => r.TypeId == typeToBeChecked.Id);
if (reason2 != null)
{
Assert.That(reason2.AccessRuleScope, Is.EqualTo(AccessRuleScope.SecuredRelationship), "rule2 scope");
Assert.That(reason2.PermissionsText, Is.EqualTo("Read"), "rule2 perms");
Assert.That(reason2.SubjectId, Is.EqualTo(role.Id), "rule2 subject");
}
return(reason2?.Description); // actual string being tested
}
finally
{
Entity.Delete(cleanup.Select(e => new EntityRef(e)));
}
}
