Example #1
0
        public void AuthorizingAgainstTheTypeGivesAuthorityForAllInstances()
        {
            UserPermission user = new UserPermission();
            Update updateAction = new Update();
            AddressModel address = new AddressModel();

            updateAction.AddSubject(typeof(AddressModel));
            user.AddAuthorization(updateAction);
            Assert.IsTrue(updateAction.AppliesTo(address));
            bool? canUpdate = user.Can(Actions.Update, address);
            Assert.IsTrue(canUpdate == true);
        }
Example #2
0
        public void CanAuthorizedAgainstAnInstance()
        {
            UserPermission user = new UserPermission();
            AddressModel address = new AddressModel();
            Update updateAction = new Update(address);
            user.AddAuthorization(updateAction);

            bool? canUpdate = user.Can(Actions.Update, address);
            Assert.IsTrue(canUpdate == true);

            AddressModel differentAddress = new AddressModel();
            canUpdate = user.Can(Actions.Update, differentAddress);
            Assert.IsTrue(canUpdate == false);
            canUpdate = user.Can(Actions.Update, typeof(AddressModel));
            Assert.IsTrue(canUpdate == false);
        }
Example #3
0
        public void UnauthorizedAgainstTheTypePreventsAuthorizationForAllInstances()
        {
            // If we are unauthorized against a type,
            // then even if we authorize against an instance
            // we are not authorized
            UserPermission user = new UserPermission();
            Update updateAction = new Update(typeof(AddressModel));
            AddressModel address = new AddressModel();

            user.AddUnauthorization(updateAction);
            Assert.IsTrue(updateAction.AppliesTo(address));
            bool? canUpdate = user.Can(Actions.Update, address);
            Assert.IsTrue(canUpdate == false);

            // now authorize against an instance

            Update authorizeInstanceUpdateAction = new Update();

            authorizeInstanceUpdateAction.AddSubject(address);
            user.AddAuthorization(authorizeInstanceUpdateAction);
            canUpdate = user.Can(Actions.Update, address);
            Assert.IsTrue(canUpdate == false);
        }