public void TestConstructor_UnknownResourceType()
{
var granteePrincipalId = 1;
var grantorPrincipalId = 2;
var permissionId = 3;
var foreignResourceId = 4;
var resourceType = "abc";
var grantedPermission = new GrantedPermission(granteePrincipalId, permissionId, foreignResourceId, resourceType, grantorPrincipalId);
}
public void TestToString()
{
var granteePrincipalId = 1;
var grantorPrincipalId = 2;
var permissionId = 3;
var foreignResourceId = 4;
var resourceType = ResourceType.Program;
var grantedPermission = new GrantedPermission(granteePrincipalId, permissionId, foreignResourceId, resourceType.Value, grantorPrincipalId);
Assert.IsNotNull(grantedPermission.ToString());
}
public void TestGetResourceType()
{
var granteePrincipalId = 1;
var grantorPrincipalId = 2;
var permissionId = 3;
var foreignResourceId = 4;
var resourceType = ResourceType.Program;
var grantedPermission = new GrantedPermission(granteePrincipalId, permissionId, foreignResourceId, resourceType.Value, grantorPrincipalId);
Assert.AreEqual(resourceType, grantedPermission.GetResourceType());
}
private void UpdateIsAllowed(GrantedPermission grantedPermission, List <PermissionAssignment> permissionAssignments)
{
if (permissionAssignments.Count > 1)
{
throw new NotSupportedException("There should not be more than one permission assignment to set is allowed true.");
}
permissionAssignments.ForEach(x => {
logger.Info("Setting IsAllowed [{0}] to permission with id [PermissionId: {1}, ResourceId: {2}, PrincipalId: {3}].",
grantedPermission.IsAllowed,
x.PermissionId,
x.ResourceId,
x.PrincipalId);
x.IsAllowed = grantedPermission.IsAllowed;
});
}
public async Task <GrantedPermission> GetGrantedPermission(int userId, IList <string> roles = null)
{
GrantedPermission grantedPermission = new GrantedPermission();
//grantedPermission.IsManagerOrDirector = await IsManagerOrDirector(userId, roles);
// Quotaion
grantedPermission.CanAccessQuotationsMenu = true;
grantedPermission.CreateQuotationMenu = true;
grantedPermission.RulesQuotationMenu = true;
grantedPermission.CustomerQuotaionMenu = true;
grantedPermission.MonthlyReportQuotaionMenu = true;
grantedPermission.SummarizeReportQuotaionMenu = true;
grantedPermission.ShippingCostQuotationMenu = true;
grantedPermission.CanViewQuotationService = true;
grantedPermission.CanViewQuotationCommerce = true;
// Contract
grantedPermission.ContractsMenu = true;
grantedPermission.CreateContractMenu = true;
grantedPermission.ContractTemplateMenu = true;
// Order
grantedPermission.OrdersMenu = true;
grantedPermission.CreateOrderMenu = true;
grantedPermission.BillMenu = true;
grantedPermission.OrderReportMenu = true;
// Library
grantedPermission.CanAccessLibraryMenu = true;
grantedPermission.CustomerLibraryMenu = true;
grantedPermission.DistrictLibraryMenu = true;
grantedPermission.OtherMenu = true;
// HRM
grantedPermission.CanAccessHRMMenu = true;
// User
grantedPermission.CanAccessUserMenu = true;
// Asset
grantedPermission.CanAccessAssetMenu = true;
// System
grantedPermission.CanAccessSystemMenu = true;
// Structure
grantedPermission.CanAccessStructureMenu = true;
// Inventory
grantedPermission.CanAccessInventoryMenu = true;
// Purchase
grantedPermission.CanAccessPurchaseMenu = true;
// Service
grantedPermission.CanAccessServiceMenu = true;
return(grantedPermission);
}
public async Task TestGrantPermission_PermissionIsNotAResourcePermission()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList());
resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList());
Assert.AreEqual(0, context.PermissionAssignments.Count());
var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <NotSupportedException>()
.WithMessage(String.Format("The requested permission with id [{0}] is not a valid permission for the resource.", permission.PermissionId));
Func <Task> f = async() =>
{
await service.GrantPermissionsAsync(grantedPermission);
};
f.ShouldThrow <NotSupportedException>()
.WithMessage(String.Format("The requested permission with id [{0}] is not a valid permission for the resource.", permission.PermissionId));
}
/// <summary>
/// 获取角色权限
/// </summary>
/// <param name="Id"></param>
/// <returns></returns>
public async Task <List <GrantedPermission> > GetGrantedPermission(int Id)
{
List <GrantedPermission> list = new List <GrantedPermission>();
var role = await _roleManager.GetRoleByIdAsync(Id);
var grantedPermissions = (await _roleManager.GetGrantedPermissionsAsync(role));
foreach (var item in grantedPermissions)
{
GrantedPermission grantedpermission = new GrantedPermission();
grantedpermission = ObjectMapper.Map <GrantedPermission>(item);
grantedpermission.Children = item.Children.Count;
list.Add(grantedpermission);
}
return(list);
//return ObjectMapper.Map<List<GrantedPermission>>(grantedPermissions);
}
public void TestConstructor()
{
var granteePrincipalId = 1;
var grantorPrincipalId = 2;
var permissionId = 3;
var foreignResourceId = 4;
var resourceType = ResourceType.Program.Value;
var grantedPermission = new GrantedPermission(granteePrincipalId, permissionId, foreignResourceId, resourceType, grantorPrincipalId);
Assert.IsNotNull(grantedPermission.Audit);
Assert.IsTrue(grantedPermission.IsAllowed);
Assert.AreEqual(granteePrincipalId, grantedPermission.GranteePrincipalId);
Assert.AreEqual(grantorPrincipalId, grantedPermission.Audit.UserId);
Assert.AreEqual(permissionId, grantedPermission.PermissionId);
Assert.AreEqual(foreignResourceId, grantedPermission.ForeignResourceId);
Assert.AreEqual(resourceType, grantedPermission.ResourceTypeAsString);
DateTimeOffset.Now.Should().BeCloseTo(grantedPermission.Audit.Date, 2000);
}
public void TestGrantPermission_ResourceDoesNotExist()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
ForeignResourceCache foreignResourceCache = null;
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, 0, resourceType.Value, grantor.PrincipalId);
//invoking async
Func <Task> grantAction = async() =>
{
await service.GrantPermissionsAsync(grantedPermission);
};
service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.",
grantedPermission.ForeignResourceId,
grantedPermission.ResourceTypeAsString));
grantAction.ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.",
grantedPermission.ForeignResourceId,
grantedPermission.ResourceTypeAsString));
}
public void TestGrantPermission_GrantorDoesNotExist()
{
var grantee = new Principal
{
PrincipalId = 1,
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, 0);
//invoking async
Func <Task> grantAction = async() =>
{
await service.GrantPermissionsAsync(grantedPermission);
};
service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The user with id [{0}] granting the permission could not be found.", grantedPermission.Audit.UserId));
grantAction.ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The user with id [{0}] granting the permission could not be found.", grantedPermission.Audit.UserId));
}
private PermissionAssignment DoInsertPermissionAssignment(
Principal grantee,
Principal grantor,
int resourceId,
GrantedPermission grantedPermission)
{
Contract.Requires(grantedPermission != null, "The granted permission must not be null.");
Contract.Requires(grantee != null, "The grantee must not be null.");
Contract.Requires(grantor != null, "The grantor must not be null.");
logger.Info("Inserting permission assignment for granted permission [{0}].", grantedPermission);
var permissionAssignment = new PermissionAssignment
{
AssignedBy = grantedPermission.Audit.UserId,
AssignedOn = grantedPermission.Audit.Date,
IsAllowed = grantedPermission.IsAllowed,
PermissionId = grantedPermission.PermissionId,
PrincipalId = grantedPermission.GranteePrincipalId,
ResourceId = resourceId
};
Context.PermissionAssignments.Add(permissionAssignment);
return(permissionAssignment);
}
private async Task HandleAsync(GrantedPermission grantedPermission)
{
logger.Info("Handling granted permission [{0}].", grantedPermission);
var resource = await resourceService.GetResourceByForeignResourceIdAsync(grantedPermission.ForeignResourceId, grantedPermission.GetResourceType().Id);
throwIfForeignResourceNotFoundByGrantedPermission(grantedPermission, resource);
var grantee = await CreateGetPrincipalByIdQuery(grantedPermission.GranteePrincipalId).FirstOrDefaultAsync();
throwIfGranteeNotFound(grantedPermission, grantee);
var userAccount = await Context.UserAccounts.FindAsync(grantedPermission.GranteePrincipalId);
UpdatePermissionsRevisedOn(userAccount);
var camPermission = await CreateGetPermissionByIdQuery(grantedPermission.PermissionId).FirstOrDefaultAsync();
throwIfPermissionNotFound(grantedPermission, camPermission);
var grantor = await CreateGetPrincipalByIdQuery(grantedPermission.Audit.UserId).FirstOrDefaultAsync();
throwIfGrantorNotFound(grantedPermission, grantor);
var existingPermissions = await CreateGetPermissionAssignmentQuery(grantee.PrincipalId, camPermission.PermissionId, resource.ResourceId).ToListAsync();
if (existingPermissions.Count == 0)
{
var availablePermissions = await resourceService.GetResourcePermissionsAsync(grantedPermission.ResourceTypeAsString, grantedPermission.ForeignResourceId);
throwIfRequestedPermissionIsNotAvailable(grantedPermission.PermissionId, availablePermissions);
DoInsertPermissionAssignment(grantee, grantor, resource.ResourceId, grantedPermission);
}
else
{
UpdateIsAllowed(grantedPermission, existingPermissions);
}
}
public void TestGrantPermission_PermissionDoesNotExist()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Resources.Add(resource);
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var grantedPermission = new GrantedPermission(grantee.PrincipalId, 0, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
//invoking async
Func <Task> grantAction = async() =>
{
await service.GrantPermissionsAsync(grantedPermission);
};
service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The permission with id [{0}] was not found.", grantedPermission.PermissionId));
grantAction.ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The permission with id [{0}] was not found.", grantedPermission.PermissionId));
}
public async Task <IActionResult> SignIn([FromBody] SignInModelRq signInModelRq)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var result = await _authService.SignInAsync(signInModelRq.UserName, signInModelRq.Password, true);
if (result.Succeeded)
{
GrantedPermission grantedPermission = await _permissionService.GetGrantedPermission(result.UserIdentity.Id, result.Roles.ToList());
List <Claim> additionClaims = new List <Claim>();
//additionClaims.Add(new Claim("permission", JsonConvert.SerializeObject(grantedPermission)));
UserModel infoUser = await _userService.GetUserById(result.UserIdentity.Id);
additionClaims.Add(new Claim("userInfo", JsonConvert.SerializeObject(infoUser)));
var token = _jwtTokenService.GenerateToken(result.UserIdentity, result.Roles, additionClaims);
return(Ok(token));
}
if (result.IsLockedOut)
{
return(BadRequest($"User account locked out, max failed access attemps are {_identityOptions.Value.Lockout.MaxFailedAccessAttempts}"));
}
else if (result.IsNotAllowed)
{
return(BadRequest("User account is not allowed, make sure your account have been verified"));
}
else if (result.RequiresTwoFactor)
{
return(BadRequest("Two Factor Login is required"));
}
return(BadRequest("User Name or Password does not match"));
}
public async Task TestGrantPermission_GranteeIsAUserAccount()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var user = new UserAccount
{
Principal = grantee,
PrincipalId = grantee.PrincipalId
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
context.SetupActions.Add(() =>
{
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
context.UserAccounts.Add(user);
Assert.AreEqual(0, context.PermissionAssignments.Count());
});
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList(permission));
resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList(permission));
Action tester = () =>
{
Assert.AreEqual(1, context.PermissionAssignments.Count());
DateTimeOffset.Now.Should().BeCloseTo(context.UserAccounts.First().PermissionsRevisedOn.Value, 2000);
};
context.Revert();
var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
service.GrantPermission(grantedPermission);
tester();
context.Revert();
context.PermissionAssignments = new PermissionAssignmentTestDbSet();
await service.GrantPermissionsAsync(grantedPermission);
tester();
}
public async Task TestGrantPermission_PermissionIsAlreadyGrantedButNotAllowed()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
var permissionAssignment = new PermissionAssignment
{
PrincipalId = grantee.PrincipalId,
PermissionId = permission.PermissionId,
ResourceId = resource.ResourceId,
IsAllowed = false
};
context.SetupActions.Add(() =>
{
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
context.PermissionAssignments.Add(permissionAssignment);
permissionAssignment.IsAllowed = false;
Assert.AreEqual(1, context.PermissionAssignments.Count());
});
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
Action tester = () =>
{
Assert.AreEqual(1, context.PermissionAssignments.Count());
Assert.IsTrue(context.PermissionAssignments.First().IsAllowed);
};
context.Revert();
var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
service.GrantPermission(grantedPermission);
context.Revert();
await service.GrantPermissionsAsync(grantedPermission);
tester();
}
/// <summary>
/// Grants a permission to a principal in the system. If the permission had been previously granted it is set active.
/// </summary>
/// <param name="grantedPermission">The permission granted to a principal by another principal.</param>
public Task GrantPermissionsAsync(GrantedPermission grantedPermission)
{
return(HandleAsync(grantedPermission));
}
/// <summary>
/// Grants a permission to a principal in the system. If the permission had been previously granted it is set active.
/// </summary>
/// <param name="grantedPermission">The permission granted to a principal by another principal.</param>
public void GrantPermission(GrantedPermission grantedPermission)
{
Handle(grantedPermission);
}
public void TestGrantPermission_MultiplePermissionsExist()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
var permissionAssignment1 = new PermissionAssignment
{
PrincipalId = grantee.PrincipalId,
PermissionId = permission.PermissionId,
ResourceId = resource.ResourceId,
IsAllowed = false
};
var permissionAssignment2 = new PermissionAssignment
{
PrincipalId = grantee.PrincipalId,
PermissionId = permission.PermissionId,
ResourceId = resource.ResourceId,
IsAllowed = false
};
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
context.PermissionAssignments.Add(permissionAssignment1);
context.PermissionAssignments.Add(permissionAssignment2);
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList(permission));
resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList(permission));
var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
Func <Task> grantAction = async() =>
{
await service.GrantPermissionsAsync(grantedPermission);
};
service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <NotSupportedException>()
.WithMessage("There should not be more than one permission assignment to set is allowed true.");
grantAction.ShouldThrow <NotSupportedException>()
.WithMessage("There should not be more than one permission assignment to set is allowed true.");
}
