public void IsAdmin_Should_Return_False_For_Editor_User()
        {
            // Arrange
            User editorUser = CreateEditorUser();
            IdentityStub identity = new IdentityStub() { Name = editorUser.Id.ToString(), IsAuthenticated = true };
            PrincipalStub principal = new PrincipalStub() { Identity = identity };
            AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);

            // Act
            bool isAuthenticated = provider.IsAdmin(principal);

            // Assert
            Assert.That(isAuthenticated, Is.False);
        }
        public void IsAdmin_Should_Return_False_When_No_Identity_Name_Set()
        {
            // Arrange
            User adminUser = CreateAdminUser();
            IdentityStub identity = new IdentityStub() { Name = "", IsAuthenticated = true };
            PrincipalStub principal = new PrincipalStub() { Identity = identity };
            AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);

            // Act
            bool isAuthenticated = provider.IsAdmin(principal);

            // Assert
            Assert.That(isAuthenticated, Is.False);
        }
		public void IsViewer_Should_Return_True_When_Not_Authenticated()
		{
			// Arrange
			User editorUser = CreateEditorUser();
			IdentityStub identity = new IdentityStub() { IsAuthenticated = false };
			IPrincipal principal = new PrincipalStub() { Identity = identity };
			AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);

			// Act
			bool isAuthenticated = provider.IsViewer(principal);

			// Assert
			Assert.That(isAuthenticated, Is.True);
		}
		public void isadmin_should_return_true_for_admin_user()
		{
			// Arrange
			User adminUser = CreateAdminUser();
			IdentityStub identity = new IdentityStub() { Name = adminUser.Id.ToString(), IsAuthenticated = true };
			PrincipalStub principal = new PrincipalStub() { Identity = identity };
			AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);

			// Act
			bool isAuthenticated = provider.IsAdmin(principal);

			// Assert
			Assert.That(isAuthenticated, Is.True);
		}
        /// <summary>
        /// Provides an entry point for custom authorization checks.
        /// </summary>
        /// <param name="httpContext">The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.</param>
        /// <returns>
        /// false if the user is an admin or editor AND the site is private (ispublicsite=false). Otherwise true is returned.
        /// </returns>
        /// <exception cref="T:System.ArgumentNullException">The <paramref name="httpContext"/> parameter is null.</exception>
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (AuthorizationProvider == null)
                throw new SecurityException("The OptionalAuthorizationAttribute property has not been set for AdminRequiredAttribute.", null);

            if (!ApplicationSettings.Installed || ApplicationSettings.UpgradeRequired)
            {
                return true;
            }

            // If the site is private then check for a login
            if (!ApplicationSettings.IsPublicSite)
            {
                IPrincipal principal = httpContext.User;

                AuthorizationProvider provider = new AuthorizationProvider(ApplicationSettings, UserService);
                return provider.IsAdmin(principal) || provider.IsEditor(principal);
            }
            else
            {
                return true;
            }
        }
 public void Should_Throw_Argument_Null_Exception_For_Null_UserService()
 {
     // Arrange + Act + Assert
     AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, null);
 }
        public void IsEditor_Should_Return_True_When_No_Editor_Role_Set()
        {
            // Arrange
            _applicationSettings.EditorRoleName = "";

            User editorUser = CreateEditorUser();
            IdentityStub identity = new IdentityStub() { Name = editorUser.Id.ToString(), IsAuthenticated = true };
            PrincipalStub principal = new PrincipalStub() { Identity = identity };
            AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);

            // Act
            bool isAuthenticated = provider.IsEditor(principal);

            // Assert
            Assert.That(isAuthenticated, Is.True);
        }
		public void iseditor_should_return_false_when_user_is_not_admin_or_editor()
		{
			// Arrange
			User user = CreateEditorUser();
			user.IsEditor = false;

			IdentityStub identity = new IdentityStub() { Name = user.Id.ToString(), IsAuthenticated = true };
			PrincipalStub principal = new PrincipalStub() { Identity = identity };
			AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);

			// Act
			bool isAuthenticated = provider.IsEditor(principal);

			// Assert
			Assert.That(isAuthenticated, Is.False);
		}
		public void iseditor_should_return_false_when_no_identity_name_set()
		{
			// Arrange
			User adminUser = CreateAdminUser();
			IdentityStub identity = new IdentityStub() { Name = "", IsAuthenticated = true };
			PrincipalStub principal = new PrincipalStub() { Identity = identity };
			AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);

			// Act
			bool isAuthenticated = provider.IsEditor(principal);

			// Assert
			Assert.That(isAuthenticated, Is.False);
		}