public void It_should_authorize_operations_and_targets()
        {
            var target = new object();
            var authResult = new DefaultAuthorizationResult(new Mock<IUser>().Object, "Foo");
            var isAuthAttr = new IsAuthorizedAttribute("Foo", "theTarget");
            this.securityProviderMock.Setup(x => x.GetAuthorizationResult(It.IsAny<IContext>(), "Foo", It.IsAny<object>()))
                .Returns(authResult);

            authResult.SetResult(true);
            var filterContext = new ActionExecutingContext
            {
                ActionParameters = new Dictionary<string, object> { { "theTarget", target } }
            };
            isAuthAttr.OnActionExecuting(filterContext);
            this.securityProviderMock.Verify(x => x.GetAuthorizationResult(Context.Current, "Foo", target));
            filterContext.Result.Should().BeNull();

            authResult.SetResult(false);
            filterContext = new ActionExecutingContext
            {
                ActionParameters = new Dictionary<string, object> { { "theTarget", target } }
            };
            isAuthAttr.OnActionExecuting(filterContext);
            this.securityProviderMock.Verify(x => x.GetAuthorizationResult(Context.Current, "Foo", target));
            filterContext.Result.Should().BeOfType<HttpUnauthorizedResult>();

            authResult.SetResult(false);
            filterContext = new ActionExecutingContext
            {
                ActionParameters = new Dictionary<string, object>()
            };
            isAuthAttr.OnActionExecuting(filterContext);
            this.securityProviderMock.Verify(x => x.GetAuthorizationResult(Context.Current, "Foo", null));
            filterContext.Result.Should().BeOfType<HttpUnauthorizedResult>();
        }
 /// <summary>
 /// Gets the <see cref="AuthorizationResult"/> for the current context and current user.
 /// </summary>
 /// <param name="context">
 /// The context.
 /// </param>
 /// <param name="operation">
 /// The operation.
 /// </param>
 /// <param name="target">
 /// The target.
 /// </param>
 /// <param name="field">
 /// The field.
 /// </param>
 /// <returns>
 /// The <see cref="AuthorizationResult"/>.
 /// </returns>
 public AuthorizationResult GetAuthorizationResult(IContext context, string operation, object target, string field)
 {
     var result = new DefaultAuthorizationResult(this.GetCurrentUser(context), operation, target, field);
     result.SetResult(true);
     result.AddReason(Resources.UsingDefaultNoSecurityProvider);
     return result;
 }
        public void It_should_authorize_operations()
        {
            var authResult = new DefaultAuthorizationResult(new Mock<IUser>().Object, "Foo");
            var isAuthAttr = new IsAuthorizedAttribute("Foo");
            this.securityProviderMock.Setup(x => x.GetAuthorizationResult(It.IsAny<IContext>(), "Foo"))
                .Returns(authResult);

            authResult.SetResult(true);
            var filterContext = new ActionExecutingContext();
            isAuthAttr.OnActionExecuting(filterContext);
            this.securityProviderMock.Verify(x => x.GetAuthorizationResult(Context.Current, "Foo"));
            filterContext.Result.Should().BeNull();

            authResult.SetResult(false);
            filterContext = new ActionExecutingContext();
            isAuthAttr.OnActionExecuting(filterContext);
            this.securityProviderMock.Verify(x => x.GetAuthorizationResult(Context.Current, "Foo"));
            filterContext.Result.Should().BeOfType<HttpUnauthorizedResult>();
        }