public void AccessNewApplication()
{
ApplicationEntitlementProvider wrappedProvider = new ApplicationEntitlementProvider(new MockSecurityService());
FormPreviewApplicationEntitlementProvider provider = new FormPreviewApplicationEntitlementProvider(wrappedProvider)
{
ImpersonatedSession = new ImpersonatedSession(new Dictionary<string, string>
{
{ "role-2", "role-2" }
})
};
Application application = new Application
{
FormId = "form-1",
OrganisationId = "org-1",
WorkflowState = "New"
};
User user = new User
{
Id = "user-1",
Roles = new Dictionary<string, string>
{ { "role-1", "role-1" } }
};
user.Organisations.Add("org-1", "Organisation One");
AccessLevel applicationAccess = provider.GetApplicationAccess(new SecureSession(user), application, this.roleList, 1);
Assert.AreEqual(AccessLevel.Write, applicationAccess);
}
public void AdministratorDefaultToWriteAccess()
{
Application application = new Application
{
FormId = "form-1",
OrganisationId = "org-1",
WorkflowState = "New"
};
User user = new User
{
Id = "administrator-1",
Roles = new Dictionary<string, string> { { "role-1", "role-1" }, { "Administrators", "Administrators" } }
};
user.Organisations.Add("org-1", "Organisation One");
var controlsList = new ControlList
{
new TextControl { Id = 1 }
};
AccessLevel applicationAccess = this.provider.GetApplicationAccess(new SecureSession(user), application, this.roleList, 1);
List<ControlAccess> controlsAccess = this.provider.GetControlsAccess(new SecureSession(user), application, controlsList, this.roleList, 1);
Assert.AreEqual(AccessLevel.Write, applicationAccess);
Assert.AreEqual(AccessLevel.Write, controlsAccess[0].AccessLevel);
}
public void EmptyPageAccess()
{
Application app = new Application { FormId = "form-1", WorkflowState = "New", OrganisationId = "org-1" };
User user = new User
{
Id = "user-1",
Organisations = new Dictionary<string, string> { { "org-1", "org-1" } },
Roles = new Dictionary<string, string> { { "role-2", "role-2" } }
};
PageList pages = new PageList
{
new UserPage
{
PageId = 1
},
new UserPage
{
PageId = 2
},
new ReceiptPage
{
PageId = 3
}
};
List<PageAccess> pagesAccess = this.provider.GetPagesAccess(new SecureSession(user), app, pages, this.roleList, 1);
Assert.AreEqual(3, pagesAccess.Count);
Assert.AreEqual(AccessLevel.Write, pagesAccess[0].AccessLevel);
Assert.AreEqual(AccessLevel.Write, pagesAccess[1].AccessLevel);
Assert.AreEqual(AccessLevel.Write, pagesAccess[2].AccessLevel);
}
public void ServiceAccountDefaultToWriteAccess()
{
Application application = new Application
{
FormId = "form-1",
OrganisationId = "org-1",
WorkflowState = "New"
};
User user = new User
{
Id = "event-handler",
AccountType = AccountType.Service,
Roles = new Dictionary<string, string> { { "Administrators", "Administrators" } }
};
var applicationAccess = this.provider.GetApplicationAccess(new SecureSession(user), application, this.roleList, 1);
Assert.AreEqual(AccessLevel.Write, applicationAccess);
}
public void SelectHighest()
{
Application application = new Application
{
FormId = "form-1",
OrganisationId = "org-1",
WorkflowState = "New"
};
User user = new User
{
Id = "user-1",
Roles = new Dictionary<string, string> { { "role-1", "role-1" }, { "role-3", "role-3" } }
};
user.Organisations.Add("org-1", "Organisation One");
MetadataControlList metadataControls = new MetadataControlList() { MetadataControls = new List<string> { "application-status" } };
List<MetadataControlAccess> metadataControlsAccess = this.provider.GetMetadataControlsAccess(new SecureSession(user), application, metadataControls, this.roleList, 1);
Assert.AreEqual(AccessLevel.Read, metadataControlsAccess[0].AccessLevel);
}
public void User()
{
var user = new User
{
Id = "user-1",
Roles = new Dictionary<string, string> { { "role-1", "role-1" } }
};
user.Organisations.Add("org-1", "Organisation One");
var authorisedForms = this.provider.GetAuthorisedForms(new SecureSession(user), this.roleList);
Assert.AreEqual(3, authorisedForms.Count(f => f.ExplicitWorkflowStates.Count > 0));
}
public void Administrator()
{
var user = new User
{
Id = "administrator-1",
Roles = new Dictionary<string, string> { { "Administrators", "Administrators" } }
};
user.Organisations.Add("org-1", "Organisation One");
UserFormAccessList authorisedForms = this.provider.GetAuthorisedForms(new SecureSession(user), this.roleList);
Assert.AreEqual(5, authorisedForms.Count);
}
/// <summary>
/// Update the session user with impersonated entitlements.
/// </summary>
/// <param name="session">The session to update.</param>
private void ImpersonateEntitlements(SecureSession session)
{
User impersonatedUser = new User
{
Roles = this.ImpersonatedSession.Roles,
Organisations = session.AuthenticatedUser.Organisations,
OrganisationsDisabled = session.AuthenticatedUser.OrganisationsDisabled
};
session.AuthenticatedUser = impersonatedUser;
}
public void OriginatorOrgEntitled()
{
Application application = new Application
{
CreatedBy = new AuthenticatedApplicationUser { Id = "user-1" },
FormId = "form-5",
OrganisationId = "org-1",
WorkflowState = "New"
};
User user = new User
{
Id = "user-1"
};
user.Organisations.Add("org-1", "Organisation One");
AccessLevel applicationAccess = this.provider.GetApplicationAccess(new SecureSession(user), application, this.roleList, 1);
Assert.AreEqual(AccessLevel.Write, applicationAccess);
}
public void NotOrgEntitled()
{
Application application = new Application
{
CreatedBy = new AuthenticatedApplicationUser { Id = "user-1" },
FormId = "form-2",
OrganisationId = "org-1",
WorkflowState = "New"
};
User user = new User { Id = "user-2" };
user.Roles.Add("role-2", "role-2");
user.Organisations.Add("org-2", "Organisation Two");
AccessLevel applicationAccess = this.provider.GetApplicationAccess(new SecureSession(user), application, this.roleList, 1);
Assert.AreEqual(AccessLevel.NoAccess, applicationAccess);
}
public void EmptyControlEntitlements()
{
Application application = new Application
{
FormId = "form-2",
OrganisationId = "org-1",
WorkflowState = "New"
};
User user = new User
{
Id = "user-1",
Roles = new Dictionary<string, string> { { "role-1", "role-1" }, { "role-2", "role-2" } }
};
user.Organisations.Add("org-1", "Organisation One");
var controlsList = new ControlList() { new TextControl() { Id = 1 } };
var controlsAccess = this.provider.GetControlsAccess(new SecureSession(user), application, controlsList, this.roleList, 1);
Assert.AreEqual(AccessLevel.Write, controlsAccess[0].AccessLevel);
}
public void DraftByViewAllDraftsUser()
{
Application application = new Application
{
AssignedTo = "user-1",
CreatedBy = new AuthenticatedApplicationUser { Id = "user-1" },
Draft = true,
FormId = "form-2",
OrganisationId = "org-1",
WorkflowState = "New"
};
User user = new User { Id = "ViewAllDrafts" };
user.Roles.Add("role-2", "role-2");
user.Organisations.Add("org-1", "Organisation One");
AccessLevel applicationAccess = this.provider.GetApplicationAccess(new SecureSession(user), application, this.roleList, 1);
Assert.AreEqual(AccessLevel.Write, applicationAccess);
}
/// <summary>
/// Initializes a new instance of the <see cref="ServiceAccountCreatedEventArgs"/> class.
/// </summary>
/// <param name="user">The user that was created.</param>
/// <param name="password">The user password.</param>
public ServiceAccountCreatedEventArgs(User user, string password)
{
this.User = user;
this.Password = password;
}
public void SelectHighest()
{
Application app = new Application { FormId = "form-1", WorkflowState = "New" };
User user = new User
{
Id = "user-1",
Roles = new Dictionary<string, string> { { "role-1", "role-1" }, { "role-3", "role-3" } }
};
PageList pages = new PageList
{
new UserPage
{
PageId = 1
},
new UserPage
{
PageId = 2
},
new ReceiptPage
{
PageId = 3
}
};
List<PageAccess> pagesAccess = this.provider.GetPagesAccess(new SecureSession(user), app, pages, this.roleList, 0);
Assert.AreEqual(3, pagesAccess.Count);
Assert.AreEqual(AccessLevel.Read, pagesAccess[0].AccessLevel);
Assert.AreEqual(AccessLevel.Read, pagesAccess[1].AccessLevel);
Assert.AreEqual(AccessLevel.Read, pagesAccess[2].AccessLevel);
}
public void SelectHighestEntitlement()
{
Application application = new Application
{
FormId = "form-1",
OrganisationId = "org-1",
WorkflowState = "New"
};
User user = new User
{
Id = "user-1",
Roles = new Dictionary<string, string> { { "role-1", "role-1" }, { "role-3", "role-3" } }
};
user.Organisations.Add("org-1", "Organisation One");
ControlList controlList = new ControlList { new CalculationControl { Id = 3 } };
List<ControlAccess> controlsAccess = this.provider.GetControlsAccess(new SecureSession(user), application, controlList, this.roleList, 1);
Assert.AreEqual(AccessLevel.Read, controlsAccess.First(c => c.Id == 3).AccessLevel);
}
public void AssigneeOrgEntitled()
{
Application application = new Application
{
AssignedTo = "user-1",
FormId = "form-4",
OrganisationId = "org-1",
WorkflowState = "New"
};
User user = new User { Id = "user-1" };
user.Organisations.Add("org-1", "Organisation One");
AccessLevel applicationAccess = this.provider.GetApplicationAccess(new SecureSession(user), application, this.roleList, 1);
Assert.AreEqual(AccessLevel.Write, applicationAccess);
}
/// <summary>
/// Initializes the Administrator account if it doesn't already exist.
/// </summary>
private void InitAdministratorAccount()
{
MongoCollection<BsonDocument> collection = this.Database.GetCollection(iApplyDb.UserAccess._COLLECTION_NAME);
string username = Constants.Adminstrator_Username;
IMongoQuery query = Query.And(
Query.EQ(iApplyDb.UserAccess.USERNAME, new BsonRegularExpression(username, "i")));
if (collection.Count(query) > 0)
{
this.installLogger.LogLine(Messages.DB_AdministratorAccountFound);
return;
}
if (string.IsNullOrEmpty(this.installConfiguration.AdminEmail))
{
this.installConfiguration.AdminEmail = this.ReadInput("Administrator Email");
}
if (string.IsNullOrEmpty(this.installConfiguration.AdminPassword))
{
this.installConfiguration.AdminPassword = this.ReadPassword("Administrator Password");
}
this.installLogger.Log(Messages.DB_CreateAdministratorAccount);
string salt = CryptoHelper.GenerateSalt();
User user = new User
{
AccountStatus = AccountStatus.Active,
AccountType = AccountType.System,
DisplayName = username,
EmailAddress = this.installConfiguration.AdminEmail,
Organisations = new Dictionary<string, string>(),
PasswordHash = CryptoHelper.HashPassword(this.installConfiguration.AdminPassword, salt),
PasswordSalt = salt,
PasswordTryCount = 0,
Roles = new Dictionary<string, string>(),
Username = username
};
user.Organisations.Add(this.installVariables.OrgId, this.installVariables.BaseOrganisation.Name);
KeyValuePair<string, string> adminRole = this.installVariables.Roles.First(kvp => kvp.Value == SecurityConstants.AdministratorRoleName);
user.Roles.Add(adminRole.Key, adminRole.Value);
BsonDocument userDoc = BsonConverter.ConvertToBsonViaJson(user, new JsonSerializerSettings { ContractResolver = new DiscretionalContractResolver(true) });
collection.Save(userDoc);
this.installLogger.LogSuccess(Messages.MAIN_StepComplete);
}