public void TestConstructor_UnknownResourceType() { var granteePrincipalId = 1; var grantorPrincipalId = 2; var permissionId = 3; var foreignResourceId = 4; var resourceType = "abc"; var grantedPermission = new GrantedPermission(granteePrincipalId, permissionId, foreignResourceId, resourceType, grantorPrincipalId); }
public void TestToString() { var granteePrincipalId = 1; var grantorPrincipalId = 2; var permissionId = 3; var foreignResourceId = 4; var resourceType = ResourceType.Program; var grantedPermission = new GrantedPermission(granteePrincipalId, permissionId, foreignResourceId, resourceType.Value, grantorPrincipalId); Assert.IsNotNull(grantedPermission.ToString()); }
public void TestGetResourceType() { var granteePrincipalId = 1; var grantorPrincipalId = 2; var permissionId = 3; var foreignResourceId = 4; var resourceType = ResourceType.Program; var grantedPermission = new GrantedPermission(granteePrincipalId, permissionId, foreignResourceId, resourceType.Value, grantorPrincipalId); Assert.AreEqual(resourceType, grantedPermission.GetResourceType()); }
private void UpdateIsAllowed(GrantedPermission grantedPermission, List <PermissionAssignment> permissionAssignments) { if (permissionAssignments.Count > 1) { throw new NotSupportedException("There should not be more than one permission assignment to set is allowed true."); } permissionAssignments.ForEach(x => { logger.Info("Setting IsAllowed [{0}] to permission with id [PermissionId: {1}, ResourceId: {2}, PrincipalId: {3}].", grantedPermission.IsAllowed, x.PermissionId, x.ResourceId, x.PrincipalId); x.IsAllowed = grantedPermission.IsAllowed; }); }
public async Task <GrantedPermission> GetGrantedPermission(int userId, IList <string> roles = null) { GrantedPermission grantedPermission = new GrantedPermission(); //grantedPermission.IsManagerOrDirector = await IsManagerOrDirector(userId, roles); // Quotaion grantedPermission.CanAccessQuotationsMenu = true; grantedPermission.CreateQuotationMenu = true; grantedPermission.RulesQuotationMenu = true; grantedPermission.CustomerQuotaionMenu = true; grantedPermission.MonthlyReportQuotaionMenu = true; grantedPermission.SummarizeReportQuotaionMenu = true; grantedPermission.ShippingCostQuotationMenu = true; grantedPermission.CanViewQuotationService = true; grantedPermission.CanViewQuotationCommerce = true; // Contract grantedPermission.ContractsMenu = true; grantedPermission.CreateContractMenu = true; grantedPermission.ContractTemplateMenu = true; // Order grantedPermission.OrdersMenu = true; grantedPermission.CreateOrderMenu = true; grantedPermission.BillMenu = true; grantedPermission.OrderReportMenu = true; // Library grantedPermission.CanAccessLibraryMenu = true; grantedPermission.CustomerLibraryMenu = true; grantedPermission.DistrictLibraryMenu = true; grantedPermission.OtherMenu = true; // HRM grantedPermission.CanAccessHRMMenu = true; // User grantedPermission.CanAccessUserMenu = true; // Asset grantedPermission.CanAccessAssetMenu = true; // System grantedPermission.CanAccessSystemMenu = true; // Structure grantedPermission.CanAccessStructureMenu = true; // Inventory grantedPermission.CanAccessInventoryMenu = true; // Purchase grantedPermission.CanAccessPurchaseMenu = true; // Service grantedPermission.CanAccessServiceMenu = true; return(grantedPermission); }
public async Task TestGrantPermission_PermissionIsNotAResourcePermission() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); context.Principals.Add(grantor); context.Principals.Add(grantee); context.Permissions.Add(permission); context.Resources.Add(resource); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList()); resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList()); Assert.AreEqual(0, context.PermissionAssignments.Count()); var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId); service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <NotSupportedException>() .WithMessage(String.Format("The requested permission with id [{0}] is not a valid permission for the resource.", permission.PermissionId)); Func <Task> f = async() => { await service.GrantPermissionsAsync(grantedPermission); }; f.ShouldThrow <NotSupportedException>() .WithMessage(String.Format("The requested permission with id [{0}] is not a valid permission for the resource.", permission.PermissionId)); }
/// <summary> /// 获取角色权限 /// </summary> /// <param name="Id"></param> /// <returns></returns> public async Task <List <GrantedPermission> > GetGrantedPermission(int Id) { List <GrantedPermission> list = new List <GrantedPermission>(); var role = await _roleManager.GetRoleByIdAsync(Id); var grantedPermissions = (await _roleManager.GetGrantedPermissionsAsync(role)); foreach (var item in grantedPermissions) { GrantedPermission grantedpermission = new GrantedPermission(); grantedpermission = ObjectMapper.Map <GrantedPermission>(item); grantedpermission.Children = item.Children.Count; list.Add(grantedpermission); } return(list); //return ObjectMapper.Map<List<GrantedPermission>>(grantedPermissions); }
public void TestConstructor() { var granteePrincipalId = 1; var grantorPrincipalId = 2; var permissionId = 3; var foreignResourceId = 4; var resourceType = ResourceType.Program.Value; var grantedPermission = new GrantedPermission(granteePrincipalId, permissionId, foreignResourceId, resourceType, grantorPrincipalId); Assert.IsNotNull(grantedPermission.Audit); Assert.IsTrue(grantedPermission.IsAllowed); Assert.AreEqual(granteePrincipalId, grantedPermission.GranteePrincipalId); Assert.AreEqual(grantorPrincipalId, grantedPermission.Audit.UserId); Assert.AreEqual(permissionId, grantedPermission.PermissionId); Assert.AreEqual(foreignResourceId, grantedPermission.ForeignResourceId); Assert.AreEqual(resourceType, grantedPermission.ResourceTypeAsString); DateTimeOffset.Now.Should().BeCloseTo(grantedPermission.Audit.Date, 2000); }
public void TestGrantPermission_ResourceDoesNotExist() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; context.Principals.Add(grantor); context.Principals.Add(grantee); context.Permissions.Add(permission); ForeignResourceCache foreignResourceCache = null; resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, 0, resourceType.Value, grantor.PrincipalId); //invoking async Func <Task> grantAction = async() => { await service.GrantPermissionsAsync(grantedPermission); }; service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.", grantedPermission.ForeignResourceId, grantedPermission.ResourceTypeAsString)); grantAction.ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.", grantedPermission.ForeignResourceId, grantedPermission.ResourceTypeAsString)); }
public void TestGrantPermission_GrantorDoesNotExist() { var grantee = new Principal { PrincipalId = 1, }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); context.Principals.Add(grantee); context.Permissions.Add(permission); context.Resources.Add(resource); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, 0); //invoking async Func <Task> grantAction = async() => { await service.GrantPermissionsAsync(grantedPermission); }; service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The user with id [{0}] granting the permission could not be found.", grantedPermission.Audit.UserId)); grantAction.ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The user with id [{0}] granting the permission could not be found.", grantedPermission.Audit.UserId)); }
private PermissionAssignment DoInsertPermissionAssignment( Principal grantee, Principal grantor, int resourceId, GrantedPermission grantedPermission) { Contract.Requires(grantedPermission != null, "The granted permission must not be null."); Contract.Requires(grantee != null, "The grantee must not be null."); Contract.Requires(grantor != null, "The grantor must not be null."); logger.Info("Inserting permission assignment for granted permission [{0}].", grantedPermission); var permissionAssignment = new PermissionAssignment { AssignedBy = grantedPermission.Audit.UserId, AssignedOn = grantedPermission.Audit.Date, IsAllowed = grantedPermission.IsAllowed, PermissionId = grantedPermission.PermissionId, PrincipalId = grantedPermission.GranteePrincipalId, ResourceId = resourceId }; Context.PermissionAssignments.Add(permissionAssignment); return(permissionAssignment); }
private async Task HandleAsync(GrantedPermission grantedPermission) { logger.Info("Handling granted permission [{0}].", grantedPermission); var resource = await resourceService.GetResourceByForeignResourceIdAsync(grantedPermission.ForeignResourceId, grantedPermission.GetResourceType().Id); throwIfForeignResourceNotFoundByGrantedPermission(grantedPermission, resource); var grantee = await CreateGetPrincipalByIdQuery(grantedPermission.GranteePrincipalId).FirstOrDefaultAsync(); throwIfGranteeNotFound(grantedPermission, grantee); var userAccount = await Context.UserAccounts.FindAsync(grantedPermission.GranteePrincipalId); UpdatePermissionsRevisedOn(userAccount); var camPermission = await CreateGetPermissionByIdQuery(grantedPermission.PermissionId).FirstOrDefaultAsync(); throwIfPermissionNotFound(grantedPermission, camPermission); var grantor = await CreateGetPrincipalByIdQuery(grantedPermission.Audit.UserId).FirstOrDefaultAsync(); throwIfGrantorNotFound(grantedPermission, grantor); var existingPermissions = await CreateGetPermissionAssignmentQuery(grantee.PrincipalId, camPermission.PermissionId, resource.ResourceId).ToListAsync(); if (existingPermissions.Count == 0) { var availablePermissions = await resourceService.GetResourcePermissionsAsync(grantedPermission.ResourceTypeAsString, grantedPermission.ForeignResourceId); throwIfRequestedPermissionIsNotAvailable(grantedPermission.PermissionId, availablePermissions); DoInsertPermissionAssignment(grantee, grantor, resource.ResourceId, grantedPermission); } else { UpdateIsAllowed(grantedPermission, existingPermissions); } }
public void TestGrantPermission_PermissionDoesNotExist() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); context.Principals.Add(grantor); context.Principals.Add(grantee); context.Resources.Add(resource); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); var grantedPermission = new GrantedPermission(grantee.PrincipalId, 0, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId); //invoking async Func <Task> grantAction = async() => { await service.GrantPermissionsAsync(grantedPermission); }; service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The permission with id [{0}] was not found.", grantedPermission.PermissionId)); grantAction.ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The permission with id [{0}] was not found.", grantedPermission.PermissionId)); }
public async Task <IActionResult> SignIn([FromBody] SignInModelRq signInModelRq) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var result = await _authService.SignInAsync(signInModelRq.UserName, signInModelRq.Password, true); if (result.Succeeded) { GrantedPermission grantedPermission = await _permissionService.GetGrantedPermission(result.UserIdentity.Id, result.Roles.ToList()); List <Claim> additionClaims = new List <Claim>(); //additionClaims.Add(new Claim("permission", JsonConvert.SerializeObject(grantedPermission))); UserModel infoUser = await _userService.GetUserById(result.UserIdentity.Id); additionClaims.Add(new Claim("userInfo", JsonConvert.SerializeObject(infoUser))); var token = _jwtTokenService.GenerateToken(result.UserIdentity, result.Roles, additionClaims); return(Ok(token)); } if (result.IsLockedOut) { return(BadRequest($"User account locked out, max failed access attemps are {_identityOptions.Value.Lockout.MaxFailedAccessAttempts}")); } else if (result.IsNotAllowed) { return(BadRequest("User account is not allowed, make sure your account have been verified")); } else if (result.RequiresTwoFactor) { return(BadRequest("Two Factor Login is required")); } return(BadRequest("User Name or Password does not match")); }
public async Task TestGrantPermission_GranteeIsAUserAccount() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var user = new UserAccount { Principal = grantee, PrincipalId = grantee.PrincipalId }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); context.SetupActions.Add(() => { context.Principals.Add(grantor); context.Principals.Add(grantee); context.Permissions.Add(permission); context.Resources.Add(resource); context.UserAccounts.Add(user); Assert.AreEqual(0, context.PermissionAssignments.Count()); }); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList(permission)); resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList(permission)); Action tester = () => { Assert.AreEqual(1, context.PermissionAssignments.Count()); DateTimeOffset.Now.Should().BeCloseTo(context.UserAccounts.First().PermissionsRevisedOn.Value, 2000); }; context.Revert(); var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId); service.GrantPermission(grantedPermission); tester(); context.Revert(); context.PermissionAssignments = new PermissionAssignmentTestDbSet(); await service.GrantPermissionsAsync(grantedPermission); tester(); }
public async Task TestGrantPermission_PermissionIsAlreadyGrantedButNotAllowed() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); var permissionAssignment = new PermissionAssignment { PrincipalId = grantee.PrincipalId, PermissionId = permission.PermissionId, ResourceId = resource.ResourceId, IsAllowed = false }; context.SetupActions.Add(() => { context.Principals.Add(grantor); context.Principals.Add(grantee); context.Permissions.Add(permission); context.Resources.Add(resource); context.PermissionAssignments.Add(permissionAssignment); permissionAssignment.IsAllowed = false; Assert.AreEqual(1, context.PermissionAssignments.Count()); }); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); Action tester = () => { Assert.AreEqual(1, context.PermissionAssignments.Count()); Assert.IsTrue(context.PermissionAssignments.First().IsAllowed); }; context.Revert(); var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId); service.GrantPermission(grantedPermission); context.Revert(); await service.GrantPermissionsAsync(grantedPermission); tester(); }
/// <summary> /// Grants a permission to a principal in the system. If the permission had been previously granted it is set active. /// </summary> /// <param name="grantedPermission">The permission granted to a principal by another principal.</param> public Task GrantPermissionsAsync(GrantedPermission grantedPermission) { return(HandleAsync(grantedPermission)); }
/// <summary> /// Grants a permission to a principal in the system. If the permission had been previously granted it is set active. /// </summary> /// <param name="grantedPermission">The permission granted to a principal by another principal.</param> public void GrantPermission(GrantedPermission grantedPermission) { Handle(grantedPermission); }
public void TestGrantPermission_MultiplePermissionsExist() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); var permissionAssignment1 = new PermissionAssignment { PrincipalId = grantee.PrincipalId, PermissionId = permission.PermissionId, ResourceId = resource.ResourceId, IsAllowed = false }; var permissionAssignment2 = new PermissionAssignment { PrincipalId = grantee.PrincipalId, PermissionId = permission.PermissionId, ResourceId = resource.ResourceId, IsAllowed = false }; context.Principals.Add(grantor); context.Principals.Add(grantee); context.Permissions.Add(permission); context.Resources.Add(resource); context.PermissionAssignments.Add(permissionAssignment1); context.PermissionAssignments.Add(permissionAssignment2); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList(permission)); resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList(permission)); var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId); Func <Task> grantAction = async() => { await service.GrantPermissionsAsync(grantedPermission); }; service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <NotSupportedException>() .WithMessage("There should not be more than one permission assignment to set is allowed true."); grantAction.ShouldThrow <NotSupportedException>() .WithMessage("There should not be more than one permission assignment to set is allowed true."); }