public void Test_IncludedRoles( ) { // Note: ExpectedResult is null when we expect no grant Definition type = null; // needs to be definition, otherwise gets filtered from the report. Role parentRole = null; Role childRole = null; List <IEntity> cleanup = new List <IEntity>( ); try { EntityType editableResource = UserResource.UserResource_Type; // Setup scenario type = Entity.Create <Definition>( ); type.Name = Guid.NewGuid().ToString( ); type.Inherits.Add(editableResource); type.Save( ); cleanup.Add(type); // Set up roles parentRole = Entity.Create <Role>( ); childRole = Entity.Create <Role>( ); parentRole.IncludesRoles.Add(childRole); parentRole.Save( ); cleanup.Add(parentRole); cleanup.Add(childRole); new AccessRuleFactory( ).AddAllowReadQuery(parentRole.As <Subject>( ), type.As <SecurableEntity>( ), TestQueries.Entities(type).ToReport( )); new AccessRuleFactory( ).AddAllowModifyQuery(childRole.As <Subject>( ), type.As <SecurableEntity>( ), TestQueries.Entities(type).ToReport( )); // Tests ITypeAccessReasonService service = Factory.Current.Resolve <ITypeAccessReasonService>( ); var reasons = service.GetTypeAccessReasons(childRole.Id, TypeAccessReasonSettings.Default); Assert.That(reasons.Where(reason => reason.SubjectId == WellKnownAliases.CurrentTenant.EveryoneRole).Count(), Is.GreaterThan(0)); // Sanity check for the type we explicitly grant accses AccessReason childReason = reasons.SingleOrDefault(r => r.SubjectId == childRole.Id); AccessReason parentReason = reasons.SingleOrDefault(r => r.SubjectId == parentRole.Id); Assert.That(childReason, Is.Not.Null, "child reason"); Assert.That(parentReason, Is.Not.Null, "parent reason"); Assert.That(childReason.TypeId, Is.EqualTo(type.Id), "child reason type"); Assert.That(parentReason.TypeId, Is.EqualTo(type.Id), "parent reason type"); } finally { Entity.Delete(cleanup.Select(e => new EntityRef(e))); } }
/// <summary> /// Convert access reason to web response contract. /// </summary> private TypeAccessReason FormatAccessReason(AccessReason reason) { // This could probably be better, but it'll largely come from cache long nameField = WellKnownAliases.CurrentTenant.Name; string subjectName = EntityRepository.Get(reason.SubjectId)?.GetField <string>(nameField); string typeName = EntityRepository.Get(reason.TypeId)?.GetField <string>(nameField); return(new TypeAccessReason { SubjectName = subjectName, TypeName = typeName, Permissions = reason.PermissionsText, Reason = reason.Description, Scope = reason.AccessRuleScope.ToString() }); }
public UserProfileDetailsViewModel([NotNull] User user, AccessReason reason) { if (user == null) { throw new ArgumentNullException(nameof(user)); } Email = user.Email; FullName = user.FullName; User = user; Reason = reason; Skype = user.Extra?.Skype; Telegram = user.Extra?.Telegram; Livejournal = user.Extra?.Livejournal; Vk = user.Extra?.Vk; PhoneNumber = user.Extra?.PhoneNumber ?? ""; AllrpgId = user.Allrpg?.Sid; }
public UserProfileDetailsViewModel(User user, AccessReason reason) { User = new UserLinkViewModel(user); Reason = reason; SocialNetworkAccess = (ContactsAccessTypeView)user.GetSocialNetworkAccess(); Avatar = AvatarIdentification.FromOptional(user.SelectedAvatarId); if (HasAccess) { Email = user.Email; FullName = user.FullName; Skype = user.Extra?.Skype; Telegram = user.Extra?.Telegram; Livejournal = user.Extra?.Livejournal; PhoneNumber = user.Extra?.PhoneNumber ?? ""; IsVerifiedUser = user.VerifiedProfileFlag; IsAdmin = user.Auth.IsAdmin; } if (HasAccess || user.Extra.SocialNetworksAccess == ContactsAccessType.Public) { Vk = user.Extra?.Vk; AllrpgId = user.Allrpg?.Sid; } }
public override int GetHashCode() { int hash = 1; if (ResourceName.Length != 0) { hash ^= ResourceName.GetHashCode(); } if (id_ != null) { hash ^= Id.GetHashCode(); } if (readOnly_ != null) { hash ^= ReadOnly.GetHashCode(); } if (name_ != null) { hash ^= Name.GetHashCode(); } if (description_ != null) { hash ^= Description.GetHashCode(); } if (MembershipStatus != 0) { hash ^= MembershipStatus.GetHashCode(); } if (integrationCode_ != null) { hash ^= IntegrationCode.GetHashCode(); } if (membershipLifeSpan_ != null) { hash ^= MembershipLifeSpan.GetHashCode(); } if (sizeForDisplay_ != null) { hash ^= SizeForDisplay.GetHashCode(); } if (SizeRangeForDisplay != 0) { hash ^= SizeRangeForDisplay.GetHashCode(); } if (sizeForSearch_ != null) { hash ^= SizeForSearch.GetHashCode(); } if (SizeRangeForSearch != 0) { hash ^= SizeRangeForSearch.GetHashCode(); } if (Type != 0) { hash ^= Type.GetHashCode(); } if (ClosingReason != 0) { hash ^= ClosingReason.GetHashCode(); } if (AccessReason != 0) { hash ^= AccessReason.GetHashCode(); } if (AccountUserListStatus != 0) { hash ^= AccountUserListStatus.GetHashCode(); } if (eligibleForSearch_ != null) { hash ^= EligibleForSearch.GetHashCode(); } if (eligibleForDisplay_ != null) { hash ^= EligibleForDisplay.GetHashCode(); } if (userListCase_ == UserListOneofCase.CrmBasedUserList) { hash ^= CrmBasedUserList.GetHashCode(); } if (userListCase_ == UserListOneofCase.SimilarUserList) { hash ^= SimilarUserList.GetHashCode(); } hash ^= (int)userListCase_; if (_unknownFields != null) { hash ^= _unknownFields.GetHashCode(); } return(hash); }
public void Test_Secured_By_Relationship_Chained( ) { // Note: ExpectedResult is null when we expect no grant Definition typeExplicitlyGranted = null; // needs to be definition, otherwise gets filtered from the report. Definition typeMiddle = null; Definition typeToBeChecked = null; Relationship rel = null; Relationship rel2 = null; Role role = null; List <IEntity> cleanup = new List <IEntity>( ); try { EntityType editableResource = UserResource.UserResource_Type; // Setup scenario typeExplicitlyGranted = Entity.Create <Definition>( ); typeExplicitlyGranted.Name = "ExplicitType"; typeExplicitlyGranted.Inherits.Add(editableResource); typeExplicitlyGranted.Save( ); cleanup.Add(typeExplicitlyGranted); typeMiddle = Entity.Create <Definition>( ); typeMiddle.Name = "MiddleType"; typeMiddle.Inherits.Add(editableResource); typeMiddle.Save( ); cleanup.Add(typeMiddle); typeToBeChecked = Entity.Create <Definition>( ); typeToBeChecked.Name = "CheckedType"; typeToBeChecked.Inherits.Add(editableResource); typeToBeChecked.Save( ); cleanup.Add(typeToBeChecked); // Set up relationship rel = Entity.Create <Relationship>( ); rel.Cardinality_Enum = CardinalityEnum_Enumeration.ManyToMany; rel.Name = "RelName1"; rel.ToName = "ToName1"; rel.FromName = "FromName1"; rel.FromType = typeExplicitlyGranted.Cast <EntityType>( ); rel.ToType = typeMiddle.Cast <EntityType>( ); rel.SecuresTo = true; rel.Save( ); cleanup.Add(rel); rel2 = Entity.Create <Relationship>( ); rel2.Cardinality_Enum = CardinalityEnum_Enumeration.ManyToMany; rel2.Name = "RelName2"; rel2.ToName = "ToName2"; rel2.FromName = "FromName2"; rel2.ToType = typeMiddle.Cast <EntityType>( ); rel2.FromType = typeToBeChecked.Cast <EntityType>( ); rel2.SecuresFrom = true; rel2.Save( ); cleanup.Add(rel2); // Set up role role = new Role { Name = "Role1" }; role.Save( ); cleanup.Add(role); new AccessRuleFactory( ).AddAllowReadQuery(role.As <Subject>( ), typeExplicitlyGranted.As <SecurableEntity>( ), TestQueries.Entities(typeExplicitlyGranted).ToReport( )); // Tests ITypeAccessReasonService service = Factory.Current.Resolve <ITypeAccessReasonService>( ); var reasons = service.GetTypeAccessReasons(role.Id, TypeAccessReasonSettings.Default); // Sanity check for the type we explicitly grant accses Assert.That(reasons.Where(r => r.TypeId == typeExplicitlyGranted.Id).Count( ), Is.EqualTo(1), "typeExplicitlyGranted"); AccessReason reason1 = reasons.Single(r => r.TypeId == typeExplicitlyGranted.Id); AccessReason reason2 = reasons.Single(r => r.TypeId == typeMiddle.Id); AccessReason reason3 = reasons.Single(r => r.TypeId == typeToBeChecked.Id); Assert.That(reason1.Description, Is.EqualTo("Access rule: 'Role1' accessing 'ExplicitType'"), "rule1 desc"); Assert.That(reason2.Description, Is.EqualTo("Secured via 'ExplicitType' object: 'ToName1' relationship"), "rule2 desc"); Assert.That(reason3.Description, Is.EqualTo("Secured via 'ExplicitType' object: 'ToName1' -> 'FromName2' relationships"), "rule3 desc"); } finally { Entity.Delete(cleanup.Select(e => new EntityRef(e))); } }
public string Test_Secured_By_Relationship(string settings) { // Note: ExpectedResult is null when we expect no grant Definition typeExplicitlyGranted = null; // needs to be definition, otherwise gets filtered from the report. Definition typeToBeChecked = null; Definition fromType = null; Definition toType = null; Relationship rel = null; Role role = null; List <IEntity> cleanup = new List <IEntity>( ); try { EntityType editableResource = UserResource.UserResource_Type; // Setup scenario typeExplicitlyGranted = Entity.Create <Definition>( ); typeExplicitlyGranted.Name = "ExplicitType"; typeExplicitlyGranted.Inherits.Add(editableResource); typeExplicitlyGranted.Save( ); cleanup.Add(typeExplicitlyGranted); typeToBeChecked = Entity.Create <Definition>( ); typeToBeChecked.Name = "CheckedType"; typeToBeChecked.Inherits.Add(editableResource); typeToBeChecked.Save( ); cleanup.Add(typeToBeChecked); // Set up relationship rel = Entity.Create <Relationship>( ); rel.Cardinality_Enum = CardinalityEnum_Enumeration.ManyToMany; rel.Name = "RelName"; rel.ToName = "ToName"; rel.FromName = "FromName"; cleanup.Add(rel); if (settings.Contains("fwd")) { fromType = typeExplicitlyGranted; toType = typeToBeChecked; } else if (settings.Contains("rev")) { fromType = typeToBeChecked; toType = typeExplicitlyGranted; } if (settings.Contains("fromAncestor") || settings.Contains("fromDerived")) { var oldFrom = fromType; fromType = new Definition( ); if (settings.Contains("fromAncestor")) { fromType.Name = "FromAncestor"; fromType.Inherits.Add(editableResource); fromType.DerivedTypes.Add(oldFrom.Cast <EntityType>( )); } else { fromType.Name = "FromDerived"; fromType.Inherits.Add(oldFrom.Cast <EntityType>( )); } fromType.Save( ); cleanup.Add(fromType); } if (settings.Contains("toAncestor") || settings.Contains("toDerived")) { var oldTo = toType; toType = new Definition( ); if (settings.Contains("toAncestor")) { toType.Name = "ToAncestor"; toType.Inherits.Add(editableResource); toType.DerivedTypes.Add(oldTo.Cast <EntityType>( )); } else { toType.Name = "ToDerived"; toType.Inherits.Add(oldTo.Cast <EntityType>( )); } toType.Save( ); cleanup.Add(toType); } rel.FromType = fromType.Cast <EntityType>( ); rel.ToType = toType.Cast <EntityType>( ); rel.SecuresTo = settings.Contains("securesTo"); rel.SecuresFrom = settings.Contains("securesFrom"); rel.Save( ); // Set up role role = new Role { Name = "Role1" }; role.Save( ); cleanup.Add(role); new AccessRuleFactory( ).AddAllowReadQuery(role.As <Subject>( ), typeExplicitlyGranted.As <SecurableEntity>( ), TestQueries.Entities(typeExplicitlyGranted).ToReport( )); // Tests ITypeAccessReasonService service = Factory.Current.Resolve <ITypeAccessReasonService>( ); var reasons = service.GetTypeAccessReasons(role.Id, TypeAccessReasonSettings.Default); // Sanity check for the type we explicitly grant accses Assert.That(reasons.Where(r => r.TypeId == typeExplicitlyGranted.Id).Count( ), Is.EqualTo(1), "typeExplicitlyGranted"); AccessReason reason1 = reasons.Single(r => r.TypeId == typeExplicitlyGranted.Id); Assert.That(reason1.AccessRuleScope, Is.EqualTo(AccessRuleScope.AllInstances), "rule1 scope"); Assert.That(reason1.PermissionsText, Is.EqualTo("Read"), "rule1 perms"); Assert.That(reason1.SubjectId, Is.EqualTo(role.Id), "rule1 subject"); Assert.That(reason1.Description, Is.EqualTo("Access rule: 'Role1' accessing 'ExplicitType'"), "rule1 desc"); AccessReason reason2 = reasons.FirstOrDefault(r => r.TypeId == typeToBeChecked.Id); if (reason2 != null) { Assert.That(reason2.AccessRuleScope, Is.EqualTo(AccessRuleScope.SecuredRelationship), "rule2 scope"); Assert.That(reason2.PermissionsText, Is.EqualTo("Read"), "rule2 perms"); Assert.That(reason2.SubjectId, Is.EqualTo(role.Id), "rule2 subject"); } return(reason2?.Description); // actual string being tested } finally { Entity.Delete(cleanup.Select(e => new EntityRef(e))); } }