private static void SecuritySetUp()
{
using (PermissionProviderContext context = new PermissionProviderContext()) {
SecurityUser user = new SecurityUser()
{
Name = "John", Password = "******"
};
SecurityUser admin = new SecurityUser()
{
Name = "Admin", Password = "******"
};
SecurityRole roleForUser = new SecurityRole();
// "Address" member of contacts "Ezra" will be denied
roleForUser.AddMemberPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, "Address", (db, obj) => obj.Name == "Ezra");
// Contact "Kevin" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.Address == "California");
admin.AddRole(new SecurityRole());
user.AddRole(roleForUser);
context.Add(user);
context.Add(admin);
context.SaveChanges();
}
}
public void CreateUserAndRole()
{
using (TestDbContextWithUsers context = new TestDbContextWithUsers()) {
SecurityUser user = new SecurityUser();
SecurityRole role = new SecurityRole();
UserRole userRole = new UserRole {
Role = role, User = user
};
context.Add(userRole);
user.Name = "Admin";
user.Password = "******";
role.Name = "AdminRole";
role.AddMemberPermission <TestDbContextWithUsers, Company>(SecurityOperation.Read, OperationState.Deny, "Description", (s, t) => t.Description == "1");
Company cmopany = new Company()
{
CompanyName = "1", Description = "1"
};
context.Add(cmopany);
context.SaveChanges();
}
using (TestDbContextWithUsers context = new TestDbContextWithUsers()) {
var company = context.Company.First();
Assert.AreEqual("1", company.CompanyName);
Assert.AreEqual("1", company.Description);
}
using (TestDbContextWithUsers context = new TestDbContextWithUsers()) {
context.Logon("Admin", "1");
var company = context.Company.First();
Assert.AreEqual("1", company.CompanyName);
Assert.IsNull(company.Description);
}
}
private static void TaskSecuritySetUp(SecurityRole roleForUser)
{
// "Note" member of task "TopManagement", "Write" and "Draw" will be denied
roleForUser.AddMemberPermission <EFCoreDemoDbContext, DemoTask>(SecurityOperation.Read, OperationState.Deny, "Note", (db, obj) => obj.PercentCompleted < 50);
// Task "Hardcode" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, DemoTask>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.ContactTasks.Any(p => p.Contact.Name == "John"));
}
private static void ContactSecuritySetUp(SecurityRole roleForUser)
{
// "Address" member of contacts "Jack", "Barry" and "Mike" will be denied
roleForUser.AddMemberPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, "Address", (db, obj) => obj.Department != null && obj.Department.Office == "Texas");
// Contacts "Zack", "Marina", "Kate" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.Department != null && obj.Department.Title == "Sales");
// Contact "Ezra" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.ContactTasks.Any(p => p.Task.Description == "Draw"));
}
private static void DepartmentSecuritySetUp(SecurityRole roleForUser)
{
// Department "Sales" will be denied
roleForUser.AddMemberPermission <EFCoreDemoDbContext, Department>(SecurityOperation.Read, OperationState.Deny, "Office", (db, obj) => obj.Title == "Sales");
roleForUser.AddObjectPermission <EFCoreDemoDbContext, Department>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.Contacts.Any(c => c.Name == "Barry"));
}