public void SetUp()
{
SystemUser user = new SystemUser();
SystemProfile profile = new SystemProfile();
this._permission = new SystemPermission(user, profile);
}
public void testGrandBy_UnixPermissionRequired_Granted()
{
var user = new SystemUser();
var profile = new SystemProfile(true);
var permission = new SystemPermission(user, profile);
var admin = new SystemAdmin();
permission.grantBy(admin);
Assert.AreEqual(SystemPermission.REQUESTED, permission.State(), "requested");
Assert.AreEqual(false, permission.IsGranted(), "not granted");
permission.claimBy(admin);
Assert.AreEqual(SystemPermission.CLAIMED, permission.State(), "claimed");
Assert.AreEqual(false, permission.IsGranted(), "not granted");
permission.grantBy(admin);
Assert.AreEqual(SystemPermission.UNIX_REQUESTED, permission.State(), "Unix requested");
Assert.AreEqual(false, permission.IsGranted(), "not granted");
permission.claimBy(admin);
Assert.AreEqual(SystemPermission.UNIX_CLAIMED, permission.State(), "Unix Claimed");
Assert.AreEqual(false, permission.IsGranted(), "not granted");
permission.grantBy(admin);
Assert.AreEqual(SystemPermission.GRANTED, permission.State(), "granted");
Assert.AreEqual(true, permission.IsGranted(), "granted");
}
public async Task <IActionResult> OnPostSaveAsync()
{
if (!ModelState.IsValid)
{
return(ModelState.ToJsonResult());
}
var entity = await _db.Permissions
.Where(x => x.Id == this.Id)
.SingleOrDefaultAsync();
if (entity == null)
{
entity = new SystemPermission {
Id = this.Id ?? Guid.NewGuid(),
PermissionType = this.Data.PermissionType,
CreatedBy = this.User.Identity.Name,
CreatedDate = DateTime.Now,
};
_db.Add(entity);
}
entity.Name = this.Data.Name;
entity.Code = this.Data.Code;
entity.UpdatedBy = this.User.Identity.Name;
entity.UpdatedDate = DateTime.Now;
await _db.SaveChangesAsync();
return(new SuccessResult());
}
public void CreateSystemPermission_NoDuplicateGrantSystemPermissionWithContext_ValidationFailureEventIsRaised()
{
using (var serviceLocatorFixture = new ServiceLocatorFixture())
{
// Setup
SetupServiceLocatorFixture(serviceLocatorFixture);
// Register
var eventRaised = false;
DomainEvent.Register <RuleViolationEvent> (p => eventRaised = true);
var systemRoleRepositoryMock = new Mock <ISystemRoleRepository> ();
var systemRoleFactory = new SystemRoleFactory(systemRoleRepositoryMock.Object);
// Exercise
var systemRole = systemRoleFactory.CreateSystemRole("RoleName", "Role description.", SystemRoleType.Task);
var systemPermission1 = new SystemPermission("WellKnownName1", "Permission display name.", "Permission description.");
systemRole.GrantSystemPermission(systemPermission1);
var systemPermission2 = new SystemPermission("WellKnownName1", "Permission display name", "Permission description.");
systemRole.GrantSystemPermission(systemPermission2);
// Verify
Assert.IsTrue(eventRaised);
}
}
public void TestDefaultsToPermissionRequested()
{
// Arrange
SystemPermission systemPermission = new SystemPermission();
// Act
// Assert
Assert.AreEqual(SystemPermission.Requested, systemPermission.GetState());
Assert.AreEqual("REQUESTED", systemPermission.GetState());
}
public override void deniedBy(SystemAdmin admin, SystemPermission systemPermission)
{
if (!admin.Equals(admin))
{
return;
}
systemPermission.IsGranted = false;
systemPermission.IsUnixPermissionGranted = false;
systemPermission.State = PermissionState.DENIED;
systemPermission.notifyAdminOfPermissionRequest();
}
public override void DeniedBy(SystemAdmin admin, SystemPermission systemPermission)
{
if (!systemPermission.GetAdmin().Equals(admin))
{
return;
}
systemPermission.SetIsGranted(false);
systemPermission.SetIsUnixPermissionGranted(false);
systemPermission.SetState(PermissionState.DENIED);
systemPermission.NotifyUserOfPermissionRequestResult();
}
/// <summary>
/// Delete a permission
/// </summary>
/// <param name="permission">Permission</param>
public virtual void DeleteSystemPermission(SystemPermission permission)
{
if (permission == null)
throw new ArgumentNullException("permission");
using (var context = new SsepsIIEntities())
{
context.SystemPermissions.Attach(permission);
((IObjectContextAdapter)context).ObjectContext.ObjectStateManager.ChangeObjectState(permission, System.Data.EntityState.Modified);
context.SystemPermissions.Remove(permission);
context.SaveChanges();
}
ClearCache();
}
public void TestClaimedBy()
{
SystemUser user = new SystemUser();
SystemProfile profile = new SystemProfile();
SystemPermission permission = new SystemPermission(user, profile);
Assert.AreEqual(PermissionState.REQUESTED, permission.GetState());
SystemAdmin admin = new SystemAdmin();
permission.ClaimedBy(admin);
Assert.AreEqual(PermissionState.CLAIMED, permission.GetState());
Assert.AreEqual(false, permission.IsGranted());
}
/// <summary>
/// Checks if the employee has the specified permission and throws a <see cref="SystemPermissionException"/> if they do not
/// </summary>
/// <param name="permission">The permission to check for</param>
/// <param name="employee">The employee to check</param>
/// <exception cref="SystemPermissionException">Throws exception if employee doesn't have the specified permission</exception>
/// <returns></returns>
public static async Task EnforceAsync(SystemPermission permission, Employee employee)
{
using (var context = new ngenDbContext())
{
var role = await context.SystemRoles.FirstAsync(r => r.Id == employee.SystemRoleId);
var perms = SystemRolePermissions.FromBytes(role.Permissions);
if (!perms.Has(permission))
{
throw new SystemPermissionException("You do not have permission to do this!", employee,
permission);
}
}
}
public void testGrandBy_NoUnixPermissionRequired_NoClaimed_Denied()
{
var user = new SystemUser();
var profile = new SystemProfile(false);
var permission = new SystemPermission(user, profile);
var admin = new SystemAdmin();
permission.grantBy(admin);
Assert.AreEqual(SystemPermission.REQUESTED, permission.State(), "requested");
Assert.AreEqual(false, permission.IsGranted(), "not granted");
permission.deniedBy(admin);
Assert.AreEqual(SystemPermission.REQUESTED, permission.State(), "requested");
Assert.AreEqual(false, permission.IsGranted(), "not granted");
}
public void TestClaimedByWithUnixConcerned()
{
SystemUser user = new SystemUser();
SystemProfile profile = new SystemProfile();
profile.SetUnixPermissionRequired(true);
SystemPermission permission = new SystemPermission(user, profile);
Assert.AreEqual(PermissionState.UNIX_REQUESTED, permission.GetState());
SystemAdmin admin = new SystemAdmin();
permission.ClaimedBy(admin);
Assert.AreEqual(PermissionState.UNIX_CLAIMED, permission.GetState());
Assert.AreEqual(false, permission.IsGranted());
}
public override void GrantedBy(SystemAdmin admin, SystemPermission systemPermission)
{
if (!systemPermission.GetAdmin().Equals(admin))
{
return;
}
if (systemPermission.IsUnixPermissionDesiredButNotRequested())
{
systemPermission.SetState(PermissionState.UNIX_REQUESTED);
systemPermission.NotifyUnixAdminsOfPermissionRequest();
return;
}
systemPermission.SetState(PermissionState.GRANTED);
systemPermission.SetIsGranted(true);
systemPermission.NotifyUserOfPermissionRequestResult();
}
public override void grantBy(SystemAdmin admin, SystemPermission systemPermission)
{
if (!admin.Equals(admin))
{
return;
}
if (systemPermission.isUnixPermissionRequestedAndClaimed())
{
systemPermission.IsUnixPermissionGranted = true;
}
else if (systemPermission.isUnixPermissionDesiredButNotRequested())
{
systemPermission.State = PermissionState.UNIX_REQUESTED;
systemPermission.notifyAdminOfPermissionRequest();
return;
}
systemPermission.State = PermissionState.GRANTED;
systemPermission.IsGranted = true;
systemPermission.notifyAdminOfPermissionRequest();
}
public void CreateSystemPermission_CannotGrantSystemPermissionToTaskGroup_ValidationFailureEventIsRaised()
{
using (var serviceLocatorFixture = new ServiceLocatorFixture())
{
// Setup
SetupServiceLocatorFixture(serviceLocatorFixture);
// Register
var eventRaised = false;
DomainEvent.Register <RuleViolationEvent> (p => eventRaised = true);
var systemRoleRepositoryMock = new Mock <ISystemRoleRepository> ();
var systemRoleFactory = new SystemRoleFactory(systemRoleRepositoryMock.Object);
// Exercise
var systemRole = systemRoleFactory.CreateSystemRole("RoleName", "Role description.", SystemRoleType.TaskGroup);
var systemPermission = new SystemPermission("WellKnownName", "MyPermission", "My permission description.");
systemRole.GrantSystemPermission(systemPermission);
// Verify
Assert.IsTrue(eventRaised);
}
}
public abstract void deniedBy(SystemAdmin admin, SystemPermission systemPermission);
/// <summary>
/// Inserts a permission
/// </summary>
/// <param name="permission">Permission</param>
public virtual void InsertSystemPermission(SystemPermission permission)
{
if (permission == null)
throw new ArgumentNullException("permission");
using (var context = new SsepsIIEntities())
{
context.SystemPermissions.Add(permission);
context.SaveChanges();
}
ClearCache();
}
public async Task UpdateAsyncTest()
{
IServiceCollection services = new ServiceCollection();
services.AddAuthorizationExtension();
services.AddScoped <ISystemPermissionRoleStore <SystemPermissionRole> >(sp =>
new Mock <ISystemPermissionRoleStore <SystemPermissionRole> >().Object);
services.AddScoped <ISystemPermissionUserStore <SystemPermissionUser> >(sp =>
new Mock <ISystemPermissionUserStore <SystemPermissionUser> >().Object);
services.AddScoped <ISystemPermissionStore <SystemPermission> >(sp =>
{
var mockSystemPermissionStore = new Mock <ISystemPermissionStore <SystemPermission> >();
mockSystemPermissionStore.Setup(s => s.UpdateAsync(It.IsAny <SystemPermission>(), It.IsAny <CancellationToken>()))
.Returns((SystemPermission p, CancellationToken _) => Task.FromResult(p));
SystemPermission[] permissions = new SystemPermission[]
{
new SystemPermission()
{
Id = "permission0", Name = "permission0", AllowedAllRoles = true
},
new SystemPermission()
{
Id = "permission1", Name = "permission1", AllowedAnonymous = true
},
new SystemPermission()
{
Id = "permission2", Name = "permission2", DeniedAll = true
},
new SystemPermission()
{
Id = "permission3", Name = "permission3"
},
};
mockSystemPermissionStore.Setup(s => s.FindByIdAsync(It.IsIn("permission0", "permission1", "permission2", "permission3", "permission4"), It.IsAny <CancellationToken>()))
.Returns((string id, CancellationToken _) => Task.FromResult(permissions.FirstOrDefault(p => p.Id == id)));
return(mockSystemPermissionStore.Object);
});
var mockPermissionMonitor = new Mock <IPermissionMonitor>();
services.AddScoped <IPermissionMonitor>(sp =>
{
mockPermissionMonitor.Setup(p => p.OnPermissionChangedAsync(It.IsAny <string>()));
return(mockPermissionMonitor.Object);
});
IServiceProvider serviceProvider = services.BuildServiceProvider();
using IServiceScope serviceScope = serviceProvider.CreateScope();
ISystemPermissionService <SystemPermission> systemPermissionService =
serviceScope.ServiceProvider.GetRequiredService <ISystemPermissionService <SystemPermission> >();
CancellationTokenSource cancellationTokenSource = new CancellationTokenSource();
await systemPermissionService.UpdateAsync(new SystemPermission()
{
Id = "permission0", Name = "permission00", AllowedAllRoles = true
}, cancellationTokenSource.Token);
mockPermissionMonitor.Verify(p => p.OnPermissionChangedAsync("permission0"), Times.Never(), "未改动相关属性,触发调用了OnPermissionChangedAsync(\"permission0\")");
await systemPermissionService.UpdateAsync(new SystemPermission()
{
Id = "permission0", Name = "permission00", AllowedAllRoles = false
}, cancellationTokenSource.Token);
mockPermissionMonitor.Verify(p => p.OnPermissionChangedAsync("permission0"), Times.AtLeastOnce(), "改动相关属性AllowedAllRoles,未调用OnPermissionChangedAsync(\"permission0\")");
await systemPermissionService.UpdateAsync(new SystemPermission()
{
Id = "permission1", Name = "permission1", AllowedAnonymous = false
}, cancellationTokenSource.Token);
mockPermissionMonitor.Verify(p => p.OnPermissionChangedAsync("permission1"), Times.AtLeastOnce(), "改动相关属性AllowedAnonymous,未调用OnPermissionChangedAsync(\"permission1\")");
await systemPermissionService.UpdateAsync(new SystemPermission()
{
Id = "permission2", Name = "permission2", DeniedAll = false
}, cancellationTokenSource.Token);
mockPermissionMonitor.Verify(p => p.OnPermissionChangedAsync("permission2"), Times.AtLeastOnce(), "改动相关属性DeniedAll,未调用OnPermissionChangedAsync(\"permission2\")");
await systemPermissionService.UpdateAsync(new SystemPermission()
{
Id = "permission3", Name = "permission3", AllowedAllRoles = true, AllowedAnonymous = true, DeniedAll = true
}, cancellationTokenSource.Token);
mockPermissionMonitor.Verify(p => p.OnPermissionChangedAsync("permission3"), Times.AtLeastOnce(), "改动相关属性,未调用OnPermissionChangedAsync(\"permission3\")");
Task task = systemPermissionService.UpdateAsync(new SystemPermission()
{
Id = "permission4", Name = "permission3", AllowedAllRoles = true, AllowedAnonymous = true, DeniedAll = true
}, cancellationTokenSource.Token);
await ShouldThrowAsyncExtensions.ShouldThrowAsync <Exception>(task);
// cacheManager.Set()
//await systemPermissionRoleService.AddToRoleAsync(permissionId,roleId,CancellationToken.None);
}
/// <summary>
/// Install permissions
/// </summary>
/// <param name="permissionProvider">Permission provider</param>
public virtual void InstallPermissions(IPermissionProvider permissionProvider)
{
//NB Can we find a way to automatically delete permissions?
//install new permissions
var permissions = permissionProvider.GetPermissions();
foreach (var permission in permissions)
{
var permission1 = GetSystemPermissionBySystemName(permission.SystemName);
if (permission1 == null)
{
//new permission (install it)
permission1 = new SystemPermission
{
Name = permission.Name,
SystemName = permission.SystemName,
Category = permission.Category,
DateCreated = DateTime.UtcNow,
DateUpdated = DateTime.UtcNow
};
//save new permission
InsertSystemPermission(permission1);
//default customer role mappings
var defaultPermissions = permissionProvider.GetDefaultPermissions();
foreach (var defaultPermission in defaultPermissions)
{
var role = SystemUserService.GetSystemRoleBySystemName(defaultPermission.RoleSystemName);
if (role == null)
{
//new role (save it)
role = new SystemRole
{
Name = defaultPermission.RoleSystemName,
Active = true,
SystemName = defaultPermission.RoleSystemName,
DateCreated = DateTime.UtcNow,
DateModified = DateTime.UtcNow
};
SystemUserService.InsertRole(role);
}
role = SystemUserService.GetSystemRoleById(role.SystemRoleId, false);
var defaultMappingProvided = (from p in defaultPermission.SystemPermissions
where p.SystemName == permission1.SystemName
select p).Any();
var mappingExists = (from p in role.SystemRolePermissions.Select(rpr => rpr.SystemPermission)
where p.SystemName == permission1.SystemName
select p).Any();
if (defaultMappingProvided && !mappingExists)
{
InsertSystemRolePermission(new SystemRolePermission
{
DateCreated = DateTime.UtcNow,
SystemRoleId = role.SystemRoleId,
SystemPermissionId = permission1.SystemPermissionId
});
}
}
}
}
ClearCache();
}
/// <summary>
/// Authorize permission
/// </summary>
/// <param name="permission">Permission record</param>
/// <returns>true - authorized; otherwise, false</returns>
public virtual bool Authorize(SystemPermission permission, IUserContext userContext)
{
if (permission == null)
return false;
if (userContext.CurrentUser == null)
return false;
var customerRoles = userContext.CurrentUser.SystemUserRoles.Where(cr => cr.SystemRole.Active);
foreach (var role in customerRoles)
{
foreach (var permission1 in GetSystemRolePermissions(role.SystemRoleId))
{
if (permission1.SystemName.Equals(permission.SystemName, StringComparison.InvariantCultureIgnoreCase))
return true;
}
}
return false;
}
public virtual void DeniedBy(SystemAdmin admin, SystemPermission systemPermission)
{
}
public bool Has(SystemPermission permission)
{
// administrator permission overrides all others
return(_permissions.Has(SystemPermission.Administrator) || _permissions.Has(permission));
}
public override void ClaimedBy(SystemAdmin admin, SystemPermission systemPermission)
{
systemPermission.WillBeHandledBy(admin);
systemPermission.SetState(new PermissionClaimed());
}
public override void claimBy(SystemAdmin admin, SystemPermission systemPermission)
{
}
public SystemPermissionException(string message, Employee employee, SystemPermission permission) : base(message)
{
Employee = employee;
Permission = permission;
ThrownAt = DateTime.Now;
}
public virtual void GrantedBy(SystemAdmin admin, SystemPermission systemPermission)
{
}
public virtual void ClaimedBy(SystemAdmin admin, SystemPermission systemPermission)
{
}
public override void claimBy(SystemAdmin admin, SystemPermission systemPermission)
{
systemPermission.willBeHandleBy(admin);
systemPermission.State = PermissionState.CLAIMED;
}
public abstract void grantBy(SystemAdmin admin, SystemPermission systemPermission);
public override void ClaimedBy(SystemAdmin admin, SystemPermission systemPermission)
{
systemPermission.WillBeHandledBy(admin);
systemPermission.SetState(PermissionState.CLAIMED);
}
public override void deniedBy(SystemAdmin admin, SystemPermission systemPermission)
{
}
public void Grant(SystemPermission permission)
{
_permissions = _permissions.Add(permission);
}
public override void grantBy(SystemAdmin admin, SystemPermission systemPermission)
{
}
public void Deny(SystemPermission permission)
{
_permissions = _permissions.Remove(permission);
}
