public void Should_be_configured_correctly()
        {
            var expectations = new PolicyExpectations();

            expectations.For<HomeController>().Has<IgnorePolicy>();

            expectations.For<AccountController>().Has<DenyAuthenticatedAccessPolicy>();
            expectations.For<AccountController>(x => x.LogOut()).Has<DenyAnonymousAccessPolicy>().DoesNotHave<DenyAuthenticatedAccessPolicy>();

            expectations.For<ExampleController>(x => x.DenyAnonymousAccess()).Has<DenyAnonymousAccessPolicy>();
            expectations.For<ExampleController>(x => x.DenyAuthenticatedAccess()).Has<DenyAuthenticatedAccessPolicy>();
            expectations.For<ExampleController>(x => x.RequireAdministratorRole()).Has<RequireRolePolicy>(p =>
                p.RolesRequired.Contains(UserRole.Administrator) &&
                p.RolesRequired.Count() == 1
                );
            expectations.For<ExampleController>(x => x.RequirePublisherRole()).Has<RequireRolePolicy>(p =>
                p.RolesRequired.Contains(UserRole.Publisher) &&
                p.RolesRequired.Count() == 1
                );

            expectations.For<AdminController>().Has<AdministratorPolicy>();
            expectations.For<AdminController>(x => x.Delete()).Has<DelegatePolicy>(p => p.Name == "LocalOnlyPolicy");

            expectations.For<Areas.ExampleArea.Controllers.HomeController>(x => x.Index()).Has<DenyAnonymousAccessPolicy>();
            expectations.For<Areas.ExampleArea.Controllers.HomeController>(x => x.AdministratorsOnly()).Has(new RequireRolePolicy(UserRole.Administrator));
            expectations.For<Areas.ExampleArea.Controllers.HomeController>(x => x.PublishersOnly()).Has(new RequireRolePolicy(UserRole.Publisher));

            var results = expectations.VerifyAll(Bootstrapper.SetupFluentSecurity());

            Assert.That(results.Valid(), results.ErrorMessages());
        }
        public void Should_build_expectation_groups_and_verify_expectations()
        {
            // Arrange
            var configuration = FluentSecurityFactory.CreateSecurityConfiguration();
            var expectationGroups = new List<ExpectationGroup>();

            var builder = new Mock<IExpectationGroupBuilder>();
            var verifyer = new Mock<IExpectationVerifyer>();

            builder.Setup(x => x.Build(It.IsAny<IEnumerable<ExpectationExpression>>())).Returns(expectationGroups).AtMostOnce();
            verifyer.Setup(x => x.VerifyExpectationsOf(expectationGroups)).Returns(new List<ExpectationResult>()).AtMostOnce();

            var policyExpectations = new PolicyExpectations();
            policyExpectations.SetExpectationGroupBuilder(builder.Object);
            policyExpectations.ConstructExpectationVerifyerUsing((c, h) => verifyer.Object);
            policyExpectations.For<SampleController>();
            policyExpectations.For<AdminController>(x => x.Login());

            // Act
            policyExpectations.VerifyAll(configuration);

            // Assert
            builder.VerifyAll();
            verifyer.VerifyAll();
        }
Example #3
0
        public void Should_build_expectation_groups_and_verify_expectations()
        {
            // Arrange
            var configuration     = FluentSecurityFactory.CreateSecurityConfiguration();
            var expectationGroups = new List <ExpectationGroup>();

            var builder  = new Mock <IExpectationGroupBuilder>();
            var verifyer = new Mock <IExpectationVerifyer>();

            builder.Setup(x => x.Build(It.IsAny <IEnumerable <ExpectationExpression> >())).Returns(expectationGroups).AtMostOnce();
            verifyer.Setup(x => x.VerifyExpectationsOf(expectationGroups)).Returns(new List <ExpectationResult>()).AtMostOnce();

            var policyExpectations = new PolicyExpectations();

            policyExpectations.SetExpectationGroupBuilder(builder.Object);
            policyExpectations.ConstructExpectationVerifyerUsing((c, h) => verifyer.Object);
            policyExpectations.For <SampleController>();
            policyExpectations.For <AdminController>(x => x.Login());

            // Act
            policyExpectations.VerifyAll(configuration);

            // Assert
            builder.VerifyAll();
            verifyer.VerifyAll();
        }
Example #4
0
        public void Should_be_configured_correctly()
        {
            var expectations = new PolicyExpectations();

            expectations.For <HomeController>().Has <IgnorePolicy>();

            expectations.For <AccountController>().Has <DenyAuthenticatedAccessPolicy>();
            expectations.For <AccountController>(x => x.LogOut()).Has <DenyAnonymousAccessPolicy>().DoesNotHave <DenyAuthenticatedAccessPolicy>();

            expectations.For <ExampleController>(x => x.DenyAnonymousAccess()).Has <DenyAnonymousAccessPolicy>();
            expectations.For <ExampleController>(x => x.DenyAuthenticatedAccess()).Has <DenyAuthenticatedAccessPolicy>();
            expectations.For <ExampleController>(x => x.RequireAdministratorRole()).Has <RequireRolePolicy>(p =>
                                                                                                            p.RolesRequired.Contains(UserRole.Administrator) &&
                                                                                                            p.RolesRequired.Count() == 1
                                                                                                            );
            expectations.For <ExampleController>(x => x.RequirePublisherRole()).Has <RequireRolePolicy>(p =>
                                                                                                        p.RolesRequired.Contains(UserRole.Publisher) &&
                                                                                                        p.RolesRequired.Count() == 1
                                                                                                        );

            expectations.For <AdminController>().Has <AdministratorPolicy>();
            expectations.For <AdminController>(x => x.Delete()).Has <DelegatePolicy>(p => p.Name == "LocalOnlyPolicy");

            expectations.For <Areas.ExampleArea.Controllers.HomeController>(x => x.Index()).Has <DenyAnonymousAccessPolicy>();
            expectations.For <Areas.ExampleArea.Controllers.HomeController>(x => x.AdministratorsOnly()).Has(new RequireRolePolicy(UserRole.Administrator));
            expectations.For <Areas.ExampleArea.Controllers.HomeController>(x => x.PublishersOnly()).Has(new RequireRolePolicy(UserRole.Publisher));

            var results = expectations.VerifyAll(Bootstrapper.SetupFluentSecurity());

            Assert.That(results.Valid(), results.ErrorMessages());
        }
Example #5
0
        public void Should_throw_when_configuration_is_null()
        {
            // Arrange
            ISecurityConfiguration configuration = null;
            var policyExpectations = new PolicyExpectations();

            // Act & assert
            Assert.Throws <ArgumentNullException>(() => policyExpectations.VerifyAll(configuration));
        }
        public void Should_verify_expectations_for_aliased_action_using_convention_expectations()
        {
            SecurityConfigurator.Configure(configuration => configuration.For<SampleController>().DenyAnonymousAccess());
            var policyExpectations = new PolicyExpectations();

            policyExpectations.For<SampleController>().Has<DenyAnonymousAccessPolicy>();
            var results = policyExpectations.VerifyAll(SecurityConfiguration.Current);

            Assert.That(results.Valid(), results.ErrorMessages());
        }
        public void Should_verify_expectations_for_void_action_using_convention_expectations()
        {
            SecurityConfigurator.Configure(configuration => configuration.For <SampleController>().DenyAnonymousAccess());
            var policyExpectations = new PolicyExpectations();

            policyExpectations.For <SampleController>().Has <DenyAnonymousAccessPolicy>();
            var results = policyExpectations.VerifyAll(SecurityConfiguration.Current);

            Assert.That(results.Valid(), results.ErrorMessages());
        }
        public void Should_be_configured_base_actions()
        {
            // Arrange
            var _expectations = new PolicyExpectations();

            _expectations.For <HomeController>().Has <DenyAnonymousAccessPolicy>();
            _expectations.For <Areas.ExampleArea.Controllers.BaseController>().Has(new RequireRolePolicy(UserRole.Administrator));
            _expectations.For <Areas.ExampleArea.Controllers.RolesController>(p => p.Index()).Has(new RequireRolePolicy(UserRole.Administrator));
            _expectations.For <Areas.ExampleArea.Controllers.RolesController>().Has(new RequireRolePolicy(UserRole.Administrator));

            SecurityConfigurator.Configure(c => {
                c.ForAllControllersInAssembly(typeof(HomeController).Assembly).DenyAnonymousAccess();
                c.ForAllControllersInAssemblyThatInherit <Areas.ExampleArea.Controllers.BaseController>().RequireRole(UserRole.Administrator);
            });

            // Act
            var results = _expectations.VerifyAll(SecurityConfiguration.Current);

            // Assert
            Assert.That(results.Valid(), results.ErrorMessages());
        }
        public void Should_be_configured_correctly()
        {
            var expectations = new PolicyExpectations();

            expectations.For<AccountController>(x => x.LogInAsAdministrator()).Has<DenyAuthenticatedAccessPolicy>();
            expectations.For<AccountController>(x => x.LogInAsPublisher()).Has<DenyAuthenticatedAccessPolicy>();
            expectations.For<AccountController>(x => x.LogOut()).Has<DenyAnonymousAccessPolicy>();

            expectations.For<ExampleController>(x => x.DenyAnonymousAccess()).Has<DenyAnonymousAccessPolicy>();
            expectations.For<ExampleController>(x => x.DenyAuthenticatedAccess()).Has<DenyAuthenticatedAccessPolicy>();

            expectations.For<ExampleController>(x => x.RequireAdministratorRole()).Has(new RequireRolePolicy(UserRole.Administrator));
            expectations.For<ExampleController>(x => x.RequirePublisherRole()).Has(new RequireRolePolicy(UserRole.Publisher));

            expectations.For<AdminController>().Has<AdministratorPolicy>();
            expectations.For<AdminController>(x => x.Index()).Has<IgnorePolicy>().DoesNotHave<AdministratorPolicy>();

            var results = expectations.VerifyAll(Bootstrapper.SetupFluentSecurity());

            Assert.That(results.Valid(), results.ErrorMessages());
        }
        public void Should_throw_when_configuration_is_null()
        {
            // Arrange
            ISecurityConfiguration configuration = null;
            var policyExpectations = new PolicyExpectations();

            // Act & assert
            Assert.Throws<ArgumentNullException>(() => policyExpectations.VerifyAll(configuration));
        }