private static ObjectCache SetupSimpleData() { DBHelper.ExecuteNonQuery("Test_DeleteAllData"); IAuthorizationManager manager = Afcas.GetAuthorizationManager(); ObjectCache.PushCurrent(new ObjectCache()); Principal G = Principal.CreatePrincipal("G", "G", PrincipalType.Group, ""); Principal G1 = Principal.CreatePrincipal("G1", "G1", PrincipalType.Group, ""); Principal G2 = Principal.CreatePrincipal("G2", "G2", PrincipalType.Group, ""); Principal U1 = Principal.CreatePrincipal("U1", "U1", PrincipalType.User, ""); Operation O = Operation.CreateOperation("O", "O"); Operation O1 = Operation.CreateOperation("O1", "O2"); Operation O2 = Operation.CreateOperation("O2", "O2"); Operation O3 = Operation.CreateOperation("O3", "O3"); manager.AddOrUpdate(G, ""); manager.AddOrUpdate(G1, ""); manager.AddOrUpdate(G2, ""); manager.AddOrUpdate(U1, ""); manager.AddOrUpdate(O); manager.AddOrUpdate(O1); manager.AddOrUpdate(O2); manager.AddOrUpdate(O3); ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource"); ResourceHandle R = resFac.GenerateResourceHandleByKey("R"); ResourceHandle R1 = resFac.GenerateResourceHandleByKey("R1"); ResourceHandle R2 = resFac.GenerateResourceHandleByKey("R2"); manager.AddAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(U1.Key, O.Key, R, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(U1.Key, O1.Key, R1, ResourceAccessPredicateType.Grant); manager.AddGroupMember(G, G1); manager.AddGroupMember(G, G2); manager.AddGroupMember(G, U1); manager.AddSubOperation(O, O1); manager.AddSubOperation(O, O2); manager.AddSubOperation(O, O3); manager.AddSubResource(R, R1); manager.AddSubResource(R, R2); return(ObjectCache.Current); }
public async Task WhenRemovingAccessPredicate_TracksChanges() { DBHelper.ExecuteNonQuery("Test_DeleteAllData"); IAuthorizationManager manager = Afcas.GetAuthorizationManager(); ObjectCache.PushCurrent(new ObjectCache()); Principal G = Principal.CreatePrincipal("G", "G", PrincipalType.Group, ""); Principal U1 = Principal.CreatePrincipal("U1", "U1", PrincipalType.User, ""); Operation O = Operation.CreateOperation("O", "O"); manager.AddOrUpdate(G, ""); manager.AddOrUpdate(U1, ""); manager.AddOrUpdate(O); manager.AddGroupMember(G, U1); ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource"); ResourceHandle R = resFac.GenerateResourceHandleByKey("R"); ResourceHandle R1 = resFac.GenerateResourceHandleByKey("R1"); ResourceHandle R21 = resFac.GenerateResourceHandleByKey("R2.1"); manager.AddSubResource(R, R1); manager.AddSubResource(R1, R21); manager.AddAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant); Assert.IsTrue(manager.IsAuthorized(U1.Key, O.Key, R)); Assert.IsTrue(manager.IsAuthorized(G.Key, O.Key, R)); var rows = GetAuthRows(); var lastChange = rows.Max(r => r.Modified); // Act await Task.Delay(250); manager.RemoveAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant); var rows2 = GetAuthRows().Where(r => r.PrincipalId == "U1" && r.ResourceId == R21.AfcasKey && r.Deleted == new DateTime(1753, 01, 01, 0, 0, 0, DateTimeKind.Utc)).ToList(); var deletedRows = GetDeletedAuthRows(lastChange).Where(r => r.PrincipalId == "U1" && r.ResourceId == R21.AfcasKey).ToList(); var dr = GetDeletedAuthRows(); // Assert Assert.AreEqual(0, rows2.Count, "should have lost permission"); Assert.AreEqual(1, deletedRows.Count); Assert.GreaterOrEqual(deletedRows[0].Deleted, lastChange, "deletion must have happened after last change!"); }
public async Task WhenSubResourceAdded_TracksChanges() { DBHelper.ExecuteNonQuery("Test_DeleteAllData"); IAuthorizationManager manager = Afcas.GetAuthorizationManager(); ObjectCache.PushCurrent(new ObjectCache()); Principal G = Principal.CreatePrincipal("G", "G", PrincipalType.Group, ""); Principal U1 = Principal.CreatePrincipal("U1", "U1", PrincipalType.User, ""); Operation O = Operation.CreateOperation("O", "O"); manager.AddOrUpdate(G, ""); manager.AddOrUpdate(U1, ""); manager.AddOrUpdate(O); manager.AddGroupMember(G, U1); ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource"); ResourceHandle R = resFac.GenerateResourceHandleByKey("R"); ResourceHandle R1 = resFac.GenerateResourceHandleByKey("R1"); ResourceHandle R21 = resFac.GenerateResourceHandleByKey("R2.1"); manager.AddAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant); Assert.IsTrue(manager.IsAuthorized(U1.Key, O.Key, R)); Assert.IsTrue(manager.IsAuthorized(G.Key, O.Key, R)); var rows = GetAuthRows(); var lastChange = rows.Max(r => r.Modified); // Act await Task.Delay(250); manager.AddSubResource(R, R1); manager.AddSubResource(R1, R21); var rows2 = GetAuthRows(lastChange).Where(r => r.PrincipalId == "U1" && r.ResourceId == R21.AfcasKey).ToList(); var max2 = rows2.Max(r => r.Modified); // Assert //Assert.IsTrue(manager.IsAuthorized(U1.Key, O.Key, R)); Assert.GreaterOrEqual(max2, lastChange, $"{lastChange} should be lower!"); }
private static ObjectCache SetupComplexData() { DBHelper.ExecuteNonQuery("Test_DeleteAllData"); ObjectCache.PushCurrent(new ObjectCache()); IAuthorizationManager manager = Afcas.GetAuthorizationManager(); Principal PA = Principal.CreatePrincipal("PA", "PA", PrincipalType.Group, ""); Principal PB = Principal.CreatePrincipal("PB", "PB", PrincipalType.Group, ""); Principal PC = Principal.CreatePrincipal("PC", "PC", PrincipalType.Group, ""); Principal PD = Principal.CreatePrincipal("PD", "PD", PrincipalType.Group, ""); Principal PE = Principal.CreatePrincipal("PE", "PE", PrincipalType.User, ""); Principal PF = Principal.CreatePrincipal("PF", "PF", PrincipalType.User, ""); Principal PG = Principal.CreatePrincipal("PG", "PG", PrincipalType.User, ""); Principal PH = Principal.CreatePrincipal("PH", "PH", PrincipalType.Group, ""); Principal PI = Principal.CreatePrincipal("PI", "PI", PrincipalType.Group, ""); Principal PJ = Principal.CreatePrincipal("PJ", "PJ", PrincipalType.User, ""); Principal PK = Principal.CreatePrincipal("PK", "PK", PrincipalType.User, ""); Principal PP = Principal.CreatePrincipal("PP", "PP", PrincipalType.Group, ""); Principal PQ = Principal.CreatePrincipal("PQ", "PQ", PrincipalType.Group, ""); Principal PR = Principal.CreatePrincipal("PR", "PR", PrincipalType.Group, ""); Principal PS = Principal.CreatePrincipal("PS", "PS", PrincipalType.User, ""); Principal PT = Principal.CreatePrincipal("PT", "PT", PrincipalType.User, ""); manager.AddOrUpdate(PA, ""); manager.AddOrUpdate(PB, ""); manager.AddOrUpdate(PC, ""); manager.AddOrUpdate(PD, ""); manager.AddOrUpdate(PE, ""); manager.AddOrUpdate(PF, ""); manager.AddOrUpdate(PG, ""); manager.AddOrUpdate(PH, ""); manager.AddOrUpdate(PI, ""); manager.AddOrUpdate(PJ, ""); manager.AddOrUpdate(PK, ""); manager.AddOrUpdate(PP, ""); manager.AddOrUpdate(PQ, ""); manager.AddOrUpdate(PR, ""); manager.AddOrUpdate(PS, ""); manager.AddOrUpdate(PT, ""); manager.AddGroupMember(PA, PB); manager.AddGroupMember(PA, PC); manager.AddGroupMember(PA, PD); manager.AddGroupMember(PB, PD); manager.AddGroupMember(PB, PE); manager.AddGroupMember(PC, PE); manager.AddGroupMember(PC, PH); manager.AddGroupMember(PC, PI); manager.AddGroupMember(PD, PF); manager.AddGroupMember(PD, PG); manager.AddGroupMember(PD, PH); manager.AddGroupMember(PH, PP); manager.AddGroupMember(PI, PJ); manager.AddGroupMember(PI, PK); manager.AddGroupMember(PP, PQ); manager.AddGroupMember(PP, PR); manager.AddGroupMember(PQ, PS); manager.AddGroupMember(PQ, PT); manager.AddGroupMember(PR, PT); Operation OA = Operation.CreateOperation("OA", "OA"); Operation OB = Operation.CreateOperation("OB", "OB"); Operation OC = Operation.CreateOperation("OC", "OC"); Operation OD = Operation.CreateOperation("OD", "OD"); Operation OE = Operation.CreateOperation("OE", "OE"); Operation OF = Operation.CreateOperation("OF", "OF"); Operation OG = Operation.CreateOperation("OG", "OG"); Operation OH = Operation.CreateOperation("OH", "OH"); manager.AddSubOperation(OA, OB); manager.AddSubOperation(OA, OC); manager.AddSubOperation(OA, OD); manager.AddSubOperation(OE, OF); manager.AddSubOperation(OE, OG); manager.AddSubOperation(OH, OA); manager.AddSubOperation(OH, OE); ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource"); ResourceHandle RA = resFac.GenerateResourceHandleByKey("RA"); ResourceHandle RB = resFac.GenerateResourceHandleByKey("RB"); ResourceHandle RC = resFac.GenerateResourceHandleByKey("RC"); ResourceHandle RD = resFac.GenerateResourceHandleByKey("RD"); ResourceHandle RE = resFac.GenerateResourceHandleByKey("RE"); ResourceHandle RF = resFac.GenerateResourceHandleByKey("RF"); ResourceHandle RG = resFac.GenerateResourceHandleByKey("RG"); ResourceHandle RH = resFac.GenerateResourceHandleByKey("RH"); ResourceHandle RI = resFac.GenerateResourceHandleByKey("RI"); ResourceHandle RJ = resFac.GenerateResourceHandleByKey("RJ"); ResourceHandle RK = resFac.GenerateResourceHandleByKey("RK"); ResourceHandle RL = resFac.GenerateResourceHandleByKey("RL"); manager.AddSubResource(RA, RB); manager.AddSubResource(RA, RC); manager.AddSubResource(RB, RD); manager.AddSubResource(RB, RE); manager.AddSubResource(RC, RE); manager.AddSubResource(RC, RF); manager.AddSubResource(RC, RG); manager.AddSubResource(RH, RI); manager.AddSubResource(RH, RJ); manager.AddSubResource(RH, RK); manager.AddSubResource(RL, RA); manager.AddSubResource(RL, RH); manager.AddAccessPredicate(PI.Key, OH.Key, RL, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(PD.Key, OA.Key, RA, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(PP.Key, OE.Key, RH, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(PA.Key, OG.Key, RL, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(PQ.Key, OB.Key, RL, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(PF.Key, OC.Key, RB, ResourceAccessPredicateType.Grant); return(ObjectCache.Current); }
public void TestLongPath() { DBHelper.ExecuteNonQuery("Test_DeleteAllData"); ObjectCache.PushCurrent(new ObjectCache()); IAuthorizationManager manager = Afcas.GetAuthorizationManager(); Principal PA = Principal.CreatePrincipal("PA", "PA", PrincipalType.Group, ""); Principal PB = Principal.CreatePrincipal("PB", "PB", PrincipalType.Group, ""); Principal PC = Principal.CreatePrincipal("PC", "PC", PrincipalType.Group, ""); Principal PD = Principal.CreatePrincipal("PD", "PD", PrincipalType.Group, ""); Principal PE = Principal.CreatePrincipal("PE", "PE", PrincipalType.User, ""); Principal PF = Principal.CreatePrincipal("PF", "PF", PrincipalType.User, ""); Principal PG = Principal.CreatePrincipal("PG", "PG", PrincipalType.User, ""); Principal PH = Principal.CreatePrincipal("PH", "PH", PrincipalType.Group, ""); Principal PI = Principal.CreatePrincipal("PI", "PI", PrincipalType.Group, ""); Principal PJ = Principal.CreatePrincipal("PJ", "PJ", PrincipalType.User, ""); Principal PK = Principal.CreatePrincipal("PK", "PK", PrincipalType.User, ""); Principal PP = Principal.CreatePrincipal("PP", "PP", PrincipalType.Group, ""); Principal PQ = Principal.CreatePrincipal("PQ", "PQ", PrincipalType.Group, ""); Principal PR = Principal.CreatePrincipal("PR", "PR", PrincipalType.Group, ""); Principal PS = Principal.CreatePrincipal("PS", "PS", PrincipalType.User, ""); Principal PT = Principal.CreatePrincipal("PT", "PT", PrincipalType.User, ""); manager.AddOrUpdate(PA, ""); manager.AddOrUpdate(PB, ""); manager.AddOrUpdate(PC, ""); manager.AddOrUpdate(PD, ""); manager.AddOrUpdate(PE, ""); manager.AddOrUpdate(PF, ""); manager.AddOrUpdate(PG, ""); manager.AddOrUpdate(PH, ""); manager.AddOrUpdate(PI, ""); manager.AddOrUpdate(PJ, ""); manager.AddOrUpdate(PK, ""); manager.AddOrUpdate(PP, ""); manager.AddOrUpdate(PQ, ""); manager.AddOrUpdate(PR, ""); manager.AddOrUpdate(PS, ""); manager.AddOrUpdate(PT, ""); manager.AddGroupMember(PA, PB); manager.AddGroupMember(PA, PC); manager.AddGroupMember(PA, PD); manager.AddGroupMember(PB, PD); manager.AddGroupMember(PB, PE); manager.AddGroupMember(PC, PE); manager.AddGroupMember(PC, PH); manager.AddGroupMember(PC, PI); manager.AddGroupMember(PD, PF); manager.AddGroupMember(PD, PG); manager.AddGroupMember(PD, PH); manager.AddGroupMember(PH, PP); manager.AddGroupMember(PI, PJ); manager.AddGroupMember(PI, PK); manager.AddGroupMember(PP, PQ); manager.AddGroupMember(PP, PR); manager.AddGroupMember(PQ, PS); manager.AddGroupMember(PQ, PT); manager.AddGroupMember(PR, PT); Operation OA = Operation.CreateOperation("OA", "OA"); Operation OB = Operation.CreateOperation("OB", "OB"); Operation OC = Operation.CreateOperation("OC", "OC"); Operation OD = Operation.CreateOperation("OD", "OD"); Operation OE = Operation.CreateOperation("OE", "OE"); Operation OF = Operation.CreateOperation("OF", "OF"); Operation OG = Operation.CreateOperation("OG", "OG"); Operation OH = Operation.CreateOperation("OH", "OH"); manager.AddSubOperation(OA, OB); manager.AddSubOperation(OA, OC); manager.AddSubOperation(OA, OD); manager.AddSubOperation(OE, OF); manager.AddSubOperation(OE, OG); manager.AddSubOperation(OH, OA); manager.AddSubOperation(OH, OE); ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource"); List <ResourceHandle> devices; using (Track("creating devices")) { devices = Enumerable.Range(0, 500000).Select(i => resFac.GenerateResourceHandleByKey($"device {i + 1}")).ToList(); } using (Track($"Creating long graph ")) for (int i = 1; i < devices.Count; i++) { var parent = devices[0]; var child = devices[i]; //using (Track($"setting {parent.Key} -> {child.Key}")) { manager.AddSubResource(parent, child); } } // six permissions per customer Console.WriteLine(" "); using (Track($"Adding permissions to customers ")) { var device = devices[0]; manager.AddAccessPredicate(PI.Key, OH.Key, device, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(PD.Key, OA.Key, device, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(PP.Key, OE.Key, device, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(PA.Key, OG.Key, device, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(PQ.Key, OB.Key, device, ResourceAccessPredicateType.Grant); manager.AddAccessPredicate(PF.Key, OC.Key, device, ResourceAccessPredicateType.Grant); } }