public void Can_add_a_system_role_permission() { var perms = new SystemRolePermissions(); perms.Grant(SystemPermission.Administrator); Assert.IsTrue(perms.Has(SystemPermission.Administrator)); }
public void Can_retrieve_available_system_role_permissions() { var perms = new SystemRolePermissions(); perms.Grant(SystemPermission.ManageSupplierAccounts); perms.Grant(SystemPermission.ViewFinancialDetails); Assert.IsTrue(perms.Has(SystemPermission.ManageSupplierAccounts)); Assert.IsFalse(perms.Has(SystemPermission.CheckOutDocuments)); }
public void Administrator_system_role_permission_overrides_others() { var perms = new SystemRolePermissions(); perms.Grant(SystemPermission.Administrator); Assert.IsTrue(perms.Has(SystemPermission.ManageSupplierAccounts)); Assert.IsTrue(perms.Has(SystemPermission.ManageDocuments)); Assert.IsTrue(perms.Has(SystemPermission.ManageCustomerAccounts)); Assert.IsTrue(perms.Has(SystemPermission.CheckOutDocuments)); Assert.IsTrue(perms.Has(SystemPermission.ManageParts)); Assert.IsTrue(perms.Has(SystemPermission.ViewFinancialDetails)); }
/// <summary> /// Checks if the employee has the specified permission and throws a <see cref="SystemPermissionException"/> if they do not /// </summary> /// <param name="permission">The permission to check for</param> /// <param name="employee">The employee to check</param> /// <exception cref="SystemPermissionException">Throws exception if employee doesn't have the specified permission</exception> /// <returns></returns> public static async Task EnforceAsync(SystemPermission permission, Employee employee) { using (var context = new ngenDbContext()) { var role = await context.SystemRoles.FirstAsync(r => r.Id == employee.SystemRoleId); var perms = SystemRolePermissions.FromBytes(role.Permissions); if (!perms.Has(permission)) { throw new SystemPermissionException("You do not have permission to do this!", employee, permission); } } }
private static void CreateAdminAccount() { using (var db = new ngenDbContext()) { var emp = db.Employees.SingleOrDefault(e => e.UserName == "mr_robot"); if (emp != null) { return; } var role = new SystemRole { Name = "BUILTIN_ADMIN", Description = "Built in administrator account. Has complete control of the entire system!" }; var perms = new SystemRolePermissions(); perms.Grant(SystemPermission.Administrator); role.Permissions = perms.ToBytes(); var person = new Person { FirstName = "System", LastName = "Administrator", DateOfBirth = DateTime.Today }; var employee = new Employee { UserName = "******", Password = new BCryptPasswordProvider().HashPassword("correcthorsebatterystaple"), IsActive = true, SystemRole = role, Person = person }; db.SystemRoles.Add(role); db.People.Add(person); db.Employees.Add(employee); db.SaveChanges(); Console.WriteLine(); Console.WriteLine("Admin account created"); } }
private static void CreateGuestAccount() { using (var db = new ngenDbContext()) { var emp = db.Employees.SingleOrDefault(e => e.UserName == "guest"); if (emp != null) { return; } var role = new SystemRole { Name = "GUESTS", Description = "Built in guest account for test purposes. Has no permission to do anything at all!" }; var perms = new SystemRolePermissions(); role.Permissions = perms.ToBytes(); var person = new Person { FirstName = "Guest", LastName = "Account", DateOfBirth = DateTime.Today }; var employee = new Employee { UserName = "******", Password = new BCryptPasswordProvider().HashPassword("password"), IsActive = true, SystemRole = role, Person = person }; db.SystemRoles.Add(role); db.People.Add(person); db.Employees.Add(employee); db.SaveChanges(); Console.WriteLine(); Console.WriteLine("Guest account created"); } }