public void Can_add_a_system_role_permission()
{
var perms = new SystemRolePermissions();
perms.Grant(SystemPermission.Administrator);
Assert.IsTrue(perms.Has(SystemPermission.Administrator));
}
public void Can_retrieve_available_system_role_permissions()
{
var perms = new SystemRolePermissions();
perms.Grant(SystemPermission.ManageSupplierAccounts);
perms.Grant(SystemPermission.ViewFinancialDetails);
Assert.IsTrue(perms.Has(SystemPermission.ManageSupplierAccounts));
Assert.IsFalse(perms.Has(SystemPermission.CheckOutDocuments));
}
public void Administrator_system_role_permission_overrides_others()
{
var perms = new SystemRolePermissions();
perms.Grant(SystemPermission.Administrator);
Assert.IsTrue(perms.Has(SystemPermission.ManageSupplierAccounts));
Assert.IsTrue(perms.Has(SystemPermission.ManageDocuments));
Assert.IsTrue(perms.Has(SystemPermission.ManageCustomerAccounts));
Assert.IsTrue(perms.Has(SystemPermission.CheckOutDocuments));
Assert.IsTrue(perms.Has(SystemPermission.ManageParts));
Assert.IsTrue(perms.Has(SystemPermission.ViewFinancialDetails));
}
/// <summary>
/// Checks if the employee has the specified permission and throws a <see cref="SystemPermissionException"/> if they do not
/// </summary>
/// <param name="permission">The permission to check for</param>
/// <param name="employee">The employee to check</param>
/// <exception cref="SystemPermissionException">Throws exception if employee doesn't have the specified permission</exception>
/// <returns></returns>
public static async Task EnforceAsync(SystemPermission permission, Employee employee)
{
using (var context = new ngenDbContext())
{
var role = await context.SystemRoles.FirstAsync(r => r.Id == employee.SystemRoleId);
var perms = SystemRolePermissions.FromBytes(role.Permissions);
if (!perms.Has(permission))
{
throw new SystemPermissionException("You do not have permission to do this!", employee,
permission);
}
}
}
private static void CreateAdminAccount()
{
using (var db = new ngenDbContext())
{
var emp = db.Employees.SingleOrDefault(e => e.UserName == "mr_robot");
if (emp != null)
{
return;
}
var role = new SystemRole
{
Name = "BUILTIN_ADMIN",
Description = "Built in administrator account. Has complete control of the entire system!"
};
var perms = new SystemRolePermissions();
perms.Grant(SystemPermission.Administrator);
role.Permissions = perms.ToBytes();
var person = new Person
{
FirstName = "System",
LastName = "Administrator",
DateOfBirth = DateTime.Today
};
var employee = new Employee
{
UserName = "******",
Password = new BCryptPasswordProvider().HashPassword("correcthorsebatterystaple"),
IsActive = true,
SystemRole = role,
Person = person
};
db.SystemRoles.Add(role);
db.People.Add(person);
db.Employees.Add(employee);
db.SaveChanges();
Console.WriteLine();
Console.WriteLine("Admin account created");
}
}
private static void CreateGuestAccount()
{
using (var db = new ngenDbContext())
{
var emp = db.Employees.SingleOrDefault(e => e.UserName == "guest");
if (emp != null)
{
return;
}
var role = new SystemRole
{
Name = "GUESTS",
Description = "Built in guest account for test purposes. Has no permission to do anything at all!"
};
var perms = new SystemRolePermissions();
role.Permissions = perms.ToBytes();
var person = new Person
{
FirstName = "Guest",
LastName = "Account",
DateOfBirth = DateTime.Today
};
var employee = new Employee
{
UserName = "******",
Password = new BCryptPasswordProvider().HashPassword("password"),
IsActive = true,
SystemRole = role,
Person = person
};
db.SystemRoles.Add(role);
db.People.Add(person);
db.Employees.Add(employee);
db.SaveChanges();
Console.WriteLine();
Console.WriteLine("Guest account created");
}
}
