public void A_RulePolicy_can_be_properly_serialized_to_json()
{
var adminRoleRule = new ClaimRule {
ClaimType = "role", ClaimValue = "admin"
};
var powerUserRoleRule = new ClaimRule {
ClaimType = "role", ClaimValue = "power user"
};
var salesDepartmentRule = new ClaimRule {
ClaimType = "department", ClaimValue = "sales"
};
var nameDynauthorizerRule = new ClaimRule {
ClaimType = "name", ClaimValue = "Dynauthorizer"
};
var salesPowerUserRuleSet = new RuleSet(new[] { powerUserRoleRule, salesDepartmentRule }, RuleSetOperator.And);
var rootRuleSet = new RuleSet(new IRule[] { adminRoleRule, nameDynauthorizerRule, salesPowerUserRuleSet }, RuleSetOperator.Or);
var policy = new RulePolicy {
Name = "MyPolicy", RootRule = rootRuleSet
};
var jsonString = JsonConvert.SerializeObject(policy, Formatting.Indented);
var expectedString = @"{
""name"": ""MyPolicy"",
""rootRule"": {
""rules"": [
{
""claimType"": ""role"",
""claimValue"": ""admin""
},
{
""claimType"": ""name"",
""claimValue"": ""Dynauthorizer""
},
{
""rules"": [
{
""claimType"": ""role"",
""claimValue"": ""power user""
},
{
""claimType"": ""department"",
""claimValue"": ""sales""
}
],
""operator"": ""And""
}
],
""operator"": ""Or""
}
}";
Assert.Equal(expectedString, jsonString);
}
public void Rule_with_matching_principal_returns_true()
{
var rule = new ClaimRule {
ClaimType = "testclaim", ClaimValue = "testvalue"
};
var principal = new ClaimsPrincipalBuilder().WithClaim("testclaim", "testvalue").Build();
var isOk = rule.IsSatisfiedBy(principal);
Assert.True(isOk);
}
public void Rule_without_ClaimValue_only_checks_ClaimType()
{
var rule = new ClaimRule {
ClaimType = "testclaim", ClaimValue = null
};
var principal = new ClaimsPrincipalBuilder().WithClaim("testclaim", "whatever").Build();
var isOk = rule.IsSatisfiedBy(principal);
Assert.True(isOk);
}
public void Rule_without_matching_principal_returns_false()
{
var rule = new ClaimRule {
ClaimType = "testclaim", ClaimValue = "testvalue"
};
var principal = new ClaimsPrincipalBuilder().Build(); // empty, no claims
var isOk = rule.IsSatisfiedBy(principal);
Assert.False(isOk);
}
public void Both_claims_must_be_satisified_in_RuleSet_with_2_rules_and_operator_And()
{
var rule1 = new ClaimRule {
ClaimType = "testclaim1", ClaimValue = "testvalue1"
};
var rule2 = new ClaimRule {
ClaimType = "testclaim2", ClaimValue = "testvalue2"
};
var ruleSet = new RuleSet(new [] { rule1, rule2 }, RuleSetOperator.And);
var principalWithBothClaims = new ClaimsPrincipalBuilder().WithClaim("testclaim1", "testvalue1").WithClaim("testclaim2", "testvalue2").Build();
var principalWithOnlyOneClaim = new ClaimsPrincipalBuilder().WithClaim("testclaim1", "textvalue1").Build();
Assert.True(ruleSet.IsSatisfiedBy(principalWithBothClaims));
Assert.False(ruleSet.IsSatisfiedBy(principalWithOnlyOneClaim));
}
public void Composite_RuleSet_with_one_Rule_and_a_nested_RuleSet_and_operator_or_can_be_satisfied_with_a_principal_that_matches_the_Rule_but_also_with_a_principal_that_matches_the_nested_ruleset()
{
var adminRoleRule = new ClaimRule {
ClaimType = "role", ClaimValue = "admin"
};
var powerUserRoleRule = new ClaimRule {
ClaimType = "role", ClaimValue = "power users"
};
var salesDepartmentRule = new ClaimRule {
ClaimType = "department", ClaimValue = "sales"
};
var salesPowerUsersRuleSet = new RuleSet(new [] { powerUserRoleRule, salesDepartmentRule }, RuleSetOperator.And);
var compositeRuleSet = new RuleSet(new IRule[] { adminRoleRule, salesPowerUsersRuleSet }, RuleSetOperator.Or);
var adminPrincipal = new ClaimsPrincipalBuilder().WithClaim("role", "admin").Build();
var salesPowerUserPrincipal = new ClaimsPrincipalBuilder().WithClaim("role", "power users").WithClaim("department", "sales").Build();
var regularSalesUser = new ClaimsPrincipalBuilder().WithClaim("role", "users").WithClaim("department", "sales").Build();
Assert.True(compositeRuleSet.IsSatisfiedBy(adminPrincipal));
Assert.True(compositeRuleSet.IsSatisfiedBy(salesPowerUserPrincipal));
Assert.False(compositeRuleSet.IsSatisfiedBy(regularSalesUser));
}
