private static ObjectCache SetupSimpleData()
{
DBHelper.ExecuteNonQuery("Test_DeleteAllData");
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
ObjectCache.PushCurrent(new ObjectCache());
Principal G = Principal.CreatePrincipal("G", "G", PrincipalType.Group, "");
Principal G1 = Principal.CreatePrincipal("G1", "G1", PrincipalType.Group, "");
Principal G2 = Principal.CreatePrincipal("G2", "G2", PrincipalType.Group, "");
Principal U1 = Principal.CreatePrincipal("U1", "U1", PrincipalType.User, "");
Operation O = Operation.CreateOperation("O", "O");
Operation O1 = Operation.CreateOperation("O1", "O2");
Operation O2 = Operation.CreateOperation("O2", "O2");
Operation O3 = Operation.CreateOperation("O3", "O3");
manager.AddOrUpdate(G, "");
manager.AddOrUpdate(G1, "");
manager.AddOrUpdate(G2, "");
manager.AddOrUpdate(U1, "");
manager.AddOrUpdate(O);
manager.AddOrUpdate(O1);
manager.AddOrUpdate(O2);
manager.AddOrUpdate(O3);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
ResourceHandle R = resFac.GenerateResourceHandleByKey("R");
ResourceHandle R1 = resFac.GenerateResourceHandleByKey("R1");
ResourceHandle R2 = resFac.GenerateResourceHandleByKey("R2");
manager.AddAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(U1.Key, O.Key, R, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(U1.Key, O1.Key, R1, ResourceAccessPredicateType.Grant);
manager.AddGroupMember(G, G1);
manager.AddGroupMember(G, G2);
manager.AddGroupMember(G, U1);
manager.AddSubOperation(O, O1);
manager.AddSubOperation(O, O2);
manager.AddSubOperation(O, O3);
manager.AddSubResource(R, R1);
manager.AddSubResource(R, R2);
return(ObjectCache.Current);
}
public async Task WhenRemovingAccessPredicate_TracksChanges()
{
DBHelper.ExecuteNonQuery("Test_DeleteAllData");
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
ObjectCache.PushCurrent(new ObjectCache());
Principal G = Principal.CreatePrincipal("G", "G", PrincipalType.Group, "");
Principal U1 = Principal.CreatePrincipal("U1", "U1", PrincipalType.User, "");
Operation O = Operation.CreateOperation("O", "O");
manager.AddOrUpdate(G, "");
manager.AddOrUpdate(U1, "");
manager.AddOrUpdate(O);
manager.AddGroupMember(G, U1);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
ResourceHandle R = resFac.GenerateResourceHandleByKey("R");
ResourceHandle R1 = resFac.GenerateResourceHandleByKey("R1");
ResourceHandle R21 = resFac.GenerateResourceHandleByKey("R2.1");
manager.AddSubResource(R, R1);
manager.AddSubResource(R1, R21);
manager.AddAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant);
Assert.IsTrue(manager.IsAuthorized(U1.Key, O.Key, R));
Assert.IsTrue(manager.IsAuthorized(G.Key, O.Key, R));
var rows = GetAuthRows();
var lastChange = rows.Max(r => r.Modified);
// Act
await Task.Delay(250);
manager.RemoveAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant);
var rows2 = GetAuthRows().Where(r => r.PrincipalId == "U1" && r.ResourceId == R21.AfcasKey && r.Deleted == new DateTime(1753, 01, 01, 0, 0, 0, DateTimeKind.Utc)).ToList();
var deletedRows = GetDeletedAuthRows(lastChange).Where(r => r.PrincipalId == "U1" && r.ResourceId == R21.AfcasKey).ToList();
var dr = GetDeletedAuthRows();
// Assert
Assert.AreEqual(0, rows2.Count, "should have lost permission");
Assert.AreEqual(1, deletedRows.Count);
Assert.GreaterOrEqual(deletedRows[0].Deleted, lastChange, "deletion must have happened after last change!");
}
public async Task WhenSubResourceAdded_TracksChanges()
{
DBHelper.ExecuteNonQuery("Test_DeleteAllData");
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
ObjectCache.PushCurrent(new ObjectCache());
Principal G = Principal.CreatePrincipal("G", "G", PrincipalType.Group, "");
Principal U1 = Principal.CreatePrincipal("U1", "U1", PrincipalType.User, "");
Operation O = Operation.CreateOperation("O", "O");
manager.AddOrUpdate(G, "");
manager.AddOrUpdate(U1, "");
manager.AddOrUpdate(O);
manager.AddGroupMember(G, U1);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
ResourceHandle R = resFac.GenerateResourceHandleByKey("R");
ResourceHandle R1 = resFac.GenerateResourceHandleByKey("R1");
ResourceHandle R21 = resFac.GenerateResourceHandleByKey("R2.1");
manager.AddAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant);
Assert.IsTrue(manager.IsAuthorized(U1.Key, O.Key, R));
Assert.IsTrue(manager.IsAuthorized(G.Key, O.Key, R));
var rows = GetAuthRows();
var lastChange = rows.Max(r => r.Modified);
// Act
await Task.Delay(250);
manager.AddSubResource(R, R1);
manager.AddSubResource(R1, R21);
var rows2 = GetAuthRows(lastChange).Where(r => r.PrincipalId == "U1" && r.ResourceId == R21.AfcasKey).ToList();
var max2 = rows2.Max(r => r.Modified);
// Assert
//Assert.IsTrue(manager.IsAuthorized(U1.Key, O.Key, R));
Assert.GreaterOrEqual(max2, lastChange, $"{lastChange} should be lower!");
}
private static ObjectCache SetupComplexData()
{
DBHelper.ExecuteNonQuery("Test_DeleteAllData");
ObjectCache.PushCurrent(new ObjectCache());
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
Principal PA = Principal.CreatePrincipal("PA", "PA", PrincipalType.Group, "");
Principal PB = Principal.CreatePrincipal("PB", "PB", PrincipalType.Group, "");
Principal PC = Principal.CreatePrincipal("PC", "PC", PrincipalType.Group, "");
Principal PD = Principal.CreatePrincipal("PD", "PD", PrincipalType.Group, "");
Principal PE = Principal.CreatePrincipal("PE", "PE", PrincipalType.User, "");
Principal PF = Principal.CreatePrincipal("PF", "PF", PrincipalType.User, "");
Principal PG = Principal.CreatePrincipal("PG", "PG", PrincipalType.User, "");
Principal PH = Principal.CreatePrincipal("PH", "PH", PrincipalType.Group, "");
Principal PI = Principal.CreatePrincipal("PI", "PI", PrincipalType.Group, "");
Principal PJ = Principal.CreatePrincipal("PJ", "PJ", PrincipalType.User, "");
Principal PK = Principal.CreatePrincipal("PK", "PK", PrincipalType.User, "");
Principal PP = Principal.CreatePrincipal("PP", "PP", PrincipalType.Group, "");
Principal PQ = Principal.CreatePrincipal("PQ", "PQ", PrincipalType.Group, "");
Principal PR = Principal.CreatePrincipal("PR", "PR", PrincipalType.Group, "");
Principal PS = Principal.CreatePrincipal("PS", "PS", PrincipalType.User, "");
Principal PT = Principal.CreatePrincipal("PT", "PT", PrincipalType.User, "");
manager.AddOrUpdate(PA, "");
manager.AddOrUpdate(PB, "");
manager.AddOrUpdate(PC, "");
manager.AddOrUpdate(PD, "");
manager.AddOrUpdate(PE, "");
manager.AddOrUpdate(PF, "");
manager.AddOrUpdate(PG, "");
manager.AddOrUpdate(PH, "");
manager.AddOrUpdate(PI, "");
manager.AddOrUpdate(PJ, "");
manager.AddOrUpdate(PK, "");
manager.AddOrUpdate(PP, "");
manager.AddOrUpdate(PQ, "");
manager.AddOrUpdate(PR, "");
manager.AddOrUpdate(PS, "");
manager.AddOrUpdate(PT, "");
manager.AddGroupMember(PA, PB);
manager.AddGroupMember(PA, PC);
manager.AddGroupMember(PA, PD);
manager.AddGroupMember(PB, PD);
manager.AddGroupMember(PB, PE);
manager.AddGroupMember(PC, PE);
manager.AddGroupMember(PC, PH);
manager.AddGroupMember(PC, PI);
manager.AddGroupMember(PD, PF);
manager.AddGroupMember(PD, PG);
manager.AddGroupMember(PD, PH);
manager.AddGroupMember(PH, PP);
manager.AddGroupMember(PI, PJ);
manager.AddGroupMember(PI, PK);
manager.AddGroupMember(PP, PQ);
manager.AddGroupMember(PP, PR);
manager.AddGroupMember(PQ, PS);
manager.AddGroupMember(PQ, PT);
manager.AddGroupMember(PR, PT);
Operation OA = Operation.CreateOperation("OA", "OA");
Operation OB = Operation.CreateOperation("OB", "OB");
Operation OC = Operation.CreateOperation("OC", "OC");
Operation OD = Operation.CreateOperation("OD", "OD");
Operation OE = Operation.CreateOperation("OE", "OE");
Operation OF = Operation.CreateOperation("OF", "OF");
Operation OG = Operation.CreateOperation("OG", "OG");
Operation OH = Operation.CreateOperation("OH", "OH");
manager.AddSubOperation(OA, OB);
manager.AddSubOperation(OA, OC);
manager.AddSubOperation(OA, OD);
manager.AddSubOperation(OE, OF);
manager.AddSubOperation(OE, OG);
manager.AddSubOperation(OH, OA);
manager.AddSubOperation(OH, OE);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
ResourceHandle RA = resFac.GenerateResourceHandleByKey("RA");
ResourceHandle RB = resFac.GenerateResourceHandleByKey("RB");
ResourceHandle RC = resFac.GenerateResourceHandleByKey("RC");
ResourceHandle RD = resFac.GenerateResourceHandleByKey("RD");
ResourceHandle RE = resFac.GenerateResourceHandleByKey("RE");
ResourceHandle RF = resFac.GenerateResourceHandleByKey("RF");
ResourceHandle RG = resFac.GenerateResourceHandleByKey("RG");
ResourceHandle RH = resFac.GenerateResourceHandleByKey("RH");
ResourceHandle RI = resFac.GenerateResourceHandleByKey("RI");
ResourceHandle RJ = resFac.GenerateResourceHandleByKey("RJ");
ResourceHandle RK = resFac.GenerateResourceHandleByKey("RK");
ResourceHandle RL = resFac.GenerateResourceHandleByKey("RL");
manager.AddSubResource(RA, RB);
manager.AddSubResource(RA, RC);
manager.AddSubResource(RB, RD);
manager.AddSubResource(RB, RE);
manager.AddSubResource(RC, RE);
manager.AddSubResource(RC, RF);
manager.AddSubResource(RC, RG);
manager.AddSubResource(RH, RI);
manager.AddSubResource(RH, RJ);
manager.AddSubResource(RH, RK);
manager.AddSubResource(RL, RA);
manager.AddSubResource(RL, RH);
manager.AddAccessPredicate(PI.Key, OH.Key, RL, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PD.Key, OA.Key, RA, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PP.Key, OE.Key, RH, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PA.Key, OG.Key, RL, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PQ.Key, OB.Key, RL, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PF.Key, OC.Key, RB, ResourceAccessPredicateType.Grant);
return(ObjectCache.Current);
}
public void TestLongPath()
{
DBHelper.ExecuteNonQuery("Test_DeleteAllData");
ObjectCache.PushCurrent(new ObjectCache());
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
Principal PA = Principal.CreatePrincipal("PA", "PA", PrincipalType.Group, "");
Principal PB = Principal.CreatePrincipal("PB", "PB", PrincipalType.Group, "");
Principal PC = Principal.CreatePrincipal("PC", "PC", PrincipalType.Group, "");
Principal PD = Principal.CreatePrincipal("PD", "PD", PrincipalType.Group, "");
Principal PE = Principal.CreatePrincipal("PE", "PE", PrincipalType.User, "");
Principal PF = Principal.CreatePrincipal("PF", "PF", PrincipalType.User, "");
Principal PG = Principal.CreatePrincipal("PG", "PG", PrincipalType.User, "");
Principal PH = Principal.CreatePrincipal("PH", "PH", PrincipalType.Group, "");
Principal PI = Principal.CreatePrincipal("PI", "PI", PrincipalType.Group, "");
Principal PJ = Principal.CreatePrincipal("PJ", "PJ", PrincipalType.User, "");
Principal PK = Principal.CreatePrincipal("PK", "PK", PrincipalType.User, "");
Principal PP = Principal.CreatePrincipal("PP", "PP", PrincipalType.Group, "");
Principal PQ = Principal.CreatePrincipal("PQ", "PQ", PrincipalType.Group, "");
Principal PR = Principal.CreatePrincipal("PR", "PR", PrincipalType.Group, "");
Principal PS = Principal.CreatePrincipal("PS", "PS", PrincipalType.User, "");
Principal PT = Principal.CreatePrincipal("PT", "PT", PrincipalType.User, "");
manager.AddOrUpdate(PA, "");
manager.AddOrUpdate(PB, "");
manager.AddOrUpdate(PC, "");
manager.AddOrUpdate(PD, "");
manager.AddOrUpdate(PE, "");
manager.AddOrUpdate(PF, "");
manager.AddOrUpdate(PG, "");
manager.AddOrUpdate(PH, "");
manager.AddOrUpdate(PI, "");
manager.AddOrUpdate(PJ, "");
manager.AddOrUpdate(PK, "");
manager.AddOrUpdate(PP, "");
manager.AddOrUpdate(PQ, "");
manager.AddOrUpdate(PR, "");
manager.AddOrUpdate(PS, "");
manager.AddOrUpdate(PT, "");
manager.AddGroupMember(PA, PB);
manager.AddGroupMember(PA, PC);
manager.AddGroupMember(PA, PD);
manager.AddGroupMember(PB, PD);
manager.AddGroupMember(PB, PE);
manager.AddGroupMember(PC, PE);
manager.AddGroupMember(PC, PH);
manager.AddGroupMember(PC, PI);
manager.AddGroupMember(PD, PF);
manager.AddGroupMember(PD, PG);
manager.AddGroupMember(PD, PH);
manager.AddGroupMember(PH, PP);
manager.AddGroupMember(PI, PJ);
manager.AddGroupMember(PI, PK);
manager.AddGroupMember(PP, PQ);
manager.AddGroupMember(PP, PR);
manager.AddGroupMember(PQ, PS);
manager.AddGroupMember(PQ, PT);
manager.AddGroupMember(PR, PT);
Operation OA = Operation.CreateOperation("OA", "OA");
Operation OB = Operation.CreateOperation("OB", "OB");
Operation OC = Operation.CreateOperation("OC", "OC");
Operation OD = Operation.CreateOperation("OD", "OD");
Operation OE = Operation.CreateOperation("OE", "OE");
Operation OF = Operation.CreateOperation("OF", "OF");
Operation OG = Operation.CreateOperation("OG", "OG");
Operation OH = Operation.CreateOperation("OH", "OH");
manager.AddSubOperation(OA, OB);
manager.AddSubOperation(OA, OC);
manager.AddSubOperation(OA, OD);
manager.AddSubOperation(OE, OF);
manager.AddSubOperation(OE, OG);
manager.AddSubOperation(OH, OA);
manager.AddSubOperation(OH, OE);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
List <ResourceHandle> devices;
using (Track("creating devices"))
{
devices = Enumerable.Range(0, 500000).Select(i => resFac.GenerateResourceHandleByKey($"device {i + 1}")).ToList();
}
using (Track($"Creating long graph "))
for (int i = 1; i < devices.Count; i++)
{
var parent = devices[0];
var child = devices[i];
//using (Track($"setting {parent.Key} -> {child.Key}"))
{
manager.AddSubResource(parent, child);
}
}
// six permissions per customer
Console.WriteLine(" ");
using (Track($"Adding permissions to customers "))
{
var device = devices[0];
manager.AddAccessPredicate(PI.Key, OH.Key, device, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PD.Key, OA.Key, device, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PP.Key, OE.Key, device, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PA.Key, OG.Key, device, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PQ.Key, OB.Key, device, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PF.Key, OC.Key, device, ResourceAccessPredicateType.Grant);
}
}
