public AbstractRoleDefinition CreateAbstractRoleDefinition(string name, int value)
{
using (_transaction.EnterNonDiscardingScope())
{
return(AbstractRoleDefinition.NewObject(Guid.NewGuid(), name, value));
}
}
public void GetAccessTypes_WithMultipleMatchingAces()
{
AbstractRoleDefinition role1 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "QualityManager", 0);
AccessControlEntry ace1 = AccessControlEntry.NewObject();
ace1.SpecificAbstractRole = role1;
AccessTypeDefinition readAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Read", 0);
AccessTypeDefinition copyAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Copy", 1);
AccessTypeDefinition indexAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Index", 2);
AccessTypeDefinition moveAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Move", 3);
AccessTypeDefinition appendAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Append", 4);
AccessTypeDefinition renameAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Rename", 5);
AccessTypeDefinition writeAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Write", 6);
AccessTypeDefinition deleteAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Delete", 7);
AccessTypeDefinition findAccessType = _testHelper.CreateAccessTypeForAce(ace1, null, Guid.NewGuid(), "Find", 8);
AbstractRoleDefinition role2 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "SoftwareDeveloper", 1);
AccessControlEntry ace2 = AccessControlEntry.NewObject();
ace2.SpecificAbstractRole = role2;
_testHelper.AttachAccessType(ace2, readAccessType, true);
_testHelper.AttachAccessType(ace2, copyAccessType, false);
_testHelper.AttachAccessType(ace2, indexAccessType, null);
_testHelper.AttachAccessType(ace2, moveAccessType, true);
_testHelper.AttachAccessType(ace2, appendAccessType, false);
_testHelper.AttachAccessType(ace2, renameAccessType, null);
_testHelper.AttachAccessType(ace2, writeAccessType, true);
_testHelper.AttachAccessType(ace2, deleteAccessType, false);
_testHelper.AttachAccessType(ace2, findAccessType, null);
AccessControlList acl = _testHelper.CreateStatefulAcl(ace1, ace2);
SecurityToken token = _testHelper.CreateTokenWithAbstractRole(role1, role2);
AccessInformation accessInformation = acl.GetAccessTypes(token);
//read y y y
//copy y n n
//index y - y
//move n y n
//append n n n
//rename n - n
//write - y y
//delete - n n
//find - - -
Assert.That(
accessInformation.AllowedAccessTypes,
Is.EquivalentTo(new[] { readAccessType, indexAccessType, writeAccessType }));
Assert.That(
accessInformation.DeniedAccessTypes,
Is.EquivalentTo(new[] { copyAccessType, moveAccessType, appendAccessType, renameAccessType, deleteAccessType }));
}
public AbstractRoleDefinition CreateAdministratorAbstractRole(int index)
{
using (_transaction.EnterNonDiscardingScope())
{
AbstractRoleDefinition role = AbstractRoleDefinition.NewObject(
new Guid("00000004-0001-0000-0000-000000000000"),
"Administrator|Remotion.Security.UnitTests.TestDomain.SpecialAbstractRoles, Remotion.Security.UnitTests.TestDomain",
0);
role.Index = index;
return(role);
}
}
public AbstractRoleDefinition CreateSecretaryAbstractRole(int index)
{
using (_transaction.EnterNonDiscardingScope())
{
AbstractRoleDefinition role = AbstractRoleDefinition.NewObject(
new Guid("00000003-0002-0000-0000-000000000000"),
"Secretary|Remotion.Security.UnitTests.TestDomain.DomainAbstractRoles, Remotion.Security.UnitTests.TestDomain",
1);
role.Index = index;
return(role);
}
}
public void CreateAndCommitAdministratorAbstractRole(ClientTransaction transaction)
{
CreateEmptyDomain();
using (transaction.EnterNonDiscardingScope())
{
Guid metadataItemID = new Guid("00000004-0001-0000-0000-000000000000");
string abstractRoleName = "Administrator|Remotion.Security.UnitTests.TestDomain.SpecialAbstractRoles, Remotion.Security.UnitTests.TestDomain";
AbstractRoleDefinition administratorAbstractRole = AbstractRoleDefinition.NewObject(metadataItemID, abstractRoleName, 0);
ClientTransactionScope.CurrentTransaction.Commit();
}
}
public void Initialize_Values()
{
Tenant principalTenant = CreateTenant("principalTenant");
Principal principal = PrincipalTestHelper.Create(principalTenant, null, new Role[0]);
Tenant owningTenant = CreateTenant("owningTenant");
Group owningGroup = CreateGroup("owningGroup", null, owningTenant);
User owningUser = CreateUser("owningUser", CreateGroup("owningUserGroup", null, owningTenant), owningTenant);
AbstractRoleDefinition abstractRole1 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "role1", 0);
AbstractRoleDefinition abstractRole2 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "role2", 1);
SecurityToken token = SecurityToken.Create(
principal,
owningTenant,
owningGroup,
owningUser,
new[] { abstractRole1.GetHandle(), abstractRole2.GetHandle() });
Assert.That(token.Principal, Is.SameAs(principal));
Assert.That(token.OwningTenant, Is.EqualTo(owningTenant).Using(DomainObjectHandleComparer.Instance));
Assert.That(token.OwningGroup, Is.EqualTo(owningGroup).Using(DomainObjectHandleComparer.Instance));
Assert.That(token.OwningUser, Is.EqualTo(owningUser).Using(DomainObjectHandleComparer.Instance));
Assert.That(token.AbstractRoles, Is.EquivalentTo(new[] { abstractRole1, abstractRole2 }).Using(DomainObjectHandleComparer.Instance));
}
public void FindMatchingEntries_WithMultipleMatchingAces()
{
AccessControlEntry ace1 = AccessControlEntry.NewObject();
AccessTypeDefinition readAccessType = _testHelper.CreateReadAccessTypeAndAttachToAce(ace1, true);
AccessTypeDefinition writeAccessType = _testHelper.CreateWriteAccessTypeAndAttachToAce(ace1, null);
AccessTypeDefinition deleteAccessType = _testHelper.CreateDeleteAccessTypeAndAttachToAce(ace1, null);
AbstractRoleDefinition role2 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "SoftwareDeveloper", 1);
AccessControlEntry ace2 = AccessControlEntry.NewObject();
ace2.SpecificAbstractRole = role2;
_testHelper.AttachAccessType(ace2, readAccessType, null);
_testHelper.AttachAccessType(ace2, writeAccessType, true);
_testHelper.AttachAccessType(ace2, deleteAccessType, null);
AccessControlList acl = _testHelper.CreateStatefulAcl(ace1, ace2);
SecurityToken token = _testHelper.CreateTokenWithAbstractRole(role2);
AccessControlEntry[] entries = acl.FindMatchingEntries(token);
Assert.That(entries.Length, Is.EqualTo(2));
Assert.That(entries, Has.Member(ace2));
Assert.That(entries, Has.Member(ace1));
}
public void DomainObjectsAreSerializable()
{
CheckDomainObjectSerializability(delegate { return(AccessControlEntry.NewObject()); });
CheckDomainObjectSerializability(delegate { return(StatefulAccessControlList.NewObject()); });
CheckDomainObjectSerializability(delegate { return(Permission.NewObject()); });
CheckDomainObjectSerializability(delegate { return(StateCombination.NewObject()); });
CheckDomainObjectSerializability(delegate { return(StateUsage.NewObject()); });
CheckDomainObjectSerializability(delegate { return(AbstractRoleDefinition.NewObject()); });
CheckDomainObjectSerializability(delegate { return(AccessTypeDefinition.NewObject()); });
CheckDomainObjectSerializability(delegate { return(AccessTypeReference.NewObject()); });
CheckDomainObjectSerializability(delegate { return(Culture.NewObject("DE-DE")); });
CheckDomainObjectSerializability(delegate { return(LocalizedName.NewObject("foo", Culture.NewObject("DE-DE"), SecurableClassDefinition.NewObject())); });
CheckDomainObjectSerializability(delegate { return(SecurableClassDefinition.NewObject()); });
CheckDomainObjectSerializability(delegate { return(StateDefinition.NewObject()); });
CheckDomainObjectSerializability(delegate { return(StatePropertyDefinition.NewObject()); });
CheckDomainObjectSerializability(delegate { return(StatePropertyReference.NewObject()); });
CheckDomainObjectSerializability(delegate { return((Group)LifetimeService.NewObject(ClientTransaction.Current, typeof(Group), ParamList.Empty)); });
CheckDomainObjectSerializability(delegate { return((GroupType)LifetimeService.NewObject(ClientTransaction.Current, typeof(GroupType), ParamList.Empty)); });
CheckDomainObjectSerializability(delegate { return(GroupTypePosition.NewObject()); });
CheckDomainObjectSerializability(delegate { return((Position)LifetimeService.NewObject(ClientTransaction.Current, typeof(Position), ParamList.Empty)); });
CheckDomainObjectSerializability(delegate { return(Role.NewObject()); });
CheckDomainObjectSerializability(delegate { return((Tenant)LifetimeService.NewObject(ClientTransaction.Current, typeof(Tenant), ParamList.Empty)); });
CheckDomainObjectSerializability(delegate { return((User)LifetimeService.NewObject(ClientTransaction.Current, typeof(User), ParamList.Empty)); });
}
/// <summary>
/// Inits security manager database with users, groups, roles, group types, position, etc for 2 tenants.
/// Use to catch sideffect due to incorrect tenant domain seperation.
/// Caution: DB setup is performance critical. Avoid if possible.
/// </summary>
/// <returns>The tenant to use in the test.</returns>
public Tenant CreateAndCommitOrganizationalStructureWithTwoTenants(ClientTransaction transaction)
{
CreateEmptyDomain();
using (transaction.EnterNonDiscardingScope())
{
AbstractRoleDefinition qualityManagerRole = AbstractRoleDefinition.NewObject(
Guid.NewGuid(),
"QualityManager|Remotion.SecurityManager.UnitTests.TestDomain.ProjectRoles, Remotion.SecurityManager.UnitTests",
0);
qualityManagerRole.Index = 1;
AbstractRoleDefinition developerRole = AbstractRoleDefinition.NewObject(
Guid.NewGuid(),
"Developer|Remotion.SecurityManager.UnitTests.TestDomain.ProjectRoles, Remotion.SecurityManager.UnitTests",
1);
developerRole.Index = 0;
Position globalPosition = CreatePosition("Global");
globalPosition.Delegation = Delegation.Enabled;
globalPosition.UniqueIdentifier = "UID: Global";
Position officialPosition = CreatePosition("Official");
officialPosition.UniqueIdentifier = "UID: Official";
officialPosition.Delegation = Delegation.Enabled;
Position managerPosition = CreatePosition("Manager");
managerPosition.Delegation = Delegation.Disabled;
managerPosition.UniqueIdentifier = "UID: Manager";
GroupType groupType1 = CreateGroupType("groupType 1");
GroupType groupType2 = CreateGroupType("groupType 2");
GroupTypePosition groupType1_managerPosition = GroupTypePosition.NewObject();
groupType1_managerPosition.GroupType = groupType1;
groupType1_managerPosition.Position = managerPosition;
GroupTypePosition groupType1_officialPosition = GroupTypePosition.NewObject();
groupType1_officialPosition.GroupType = groupType1;
groupType1_officialPosition.Position = officialPosition;
GroupTypePosition groupType2_officialPosition = GroupTypePosition.NewObject();
groupType2_officialPosition.GroupType = groupType2;
groupType2_officialPosition.Position = officialPosition;
Tenant tenant1 = CreateTenant("TestTenant");
tenant1.UniqueIdentifier = "UID: testTenant";
Group rootGroup = CreateGroup("rootGroup", "RG", "UID: rootGroup", null, tenant1);
for (int i = 0; i < 2; i++)
{
Group parentGroup = CreateGroup(
string.Format("parentGroup{0}", i),
string.Format("PG{0}", i),
string.Format("UID: parentGroup{0}", i),
rootGroup,
tenant1);
parentGroup.GroupType = groupType1;
Group group = CreateGroup(
string.Format("group{0}", i),
string.Format("G{0}", i),
string.Format("UID: group{0}", i),
parentGroup,
tenant1);
group.GroupType = groupType2;
User user1 = CreateUser(string.Format("group{0}/user1", i), string.Empty, "user1", string.Empty, group, tenant1);
User user2 = CreateUser(string.Format("group{0}/user2", i), string.Empty, "user2", string.Empty, group, tenant1);
CreateRole(user1, parentGroup, managerPosition);
CreateRole(user2, parentGroup, officialPosition);
}
Group testRootGroup = CreateGroup("testRootGroup", null, "UID: testRootGroup", null, tenant1);
Group testParentOfOwningGroup = CreateGroup("testParentOfOwningGroup", null, "UID: testParentOfOwningGroup", testRootGroup, tenant1);
Group testOwningGroup = CreateGroup("testOwningGroup", null, "UID: testOwningGroup", testParentOfOwningGroup, tenant1);
Group testGroup = CreateGroup("testGroup", null, "UID: testGroup", null, tenant1);
User testUser = CreateUser("test.user", "test", "user", "Dipl.Ing.(FH)", testOwningGroup, tenant1);
Role officialRole = CreateRole(testUser, testGroup, officialPosition);
Role managerRole = CreateRole(testUser, testGroup, managerPosition);
CreateRole(testUser, testOwningGroup, managerPosition);
CreateRole(testUser, testRootGroup, officialPosition);
User substitutingUser = CreateUser("substituting.user", null, "substitute", null, testRootGroup, tenant1);
CreateRole(substitutingUser, testOwningGroup, managerPosition);
CreateRole(substitutingUser, testRootGroup, officialPosition);
Substitution enabledUserSubstitution = Substitution.NewObject();
enabledUserSubstitution.SubstitutingUser = substitutingUser;
enabledUserSubstitution.SubstitutedUser = testUser;
Substitution enabledRoleSubstitution = Substitution.NewObject();
enabledRoleSubstitution.SubstitutingUser = substitutingUser;
enabledRoleSubstitution.SubstitutedUser = testUser;
enabledRoleSubstitution.SubstitutedRole = officialRole;
Substitution disabledRoleSubstitution = Substitution.NewObject();
disabledRoleSubstitution.SubstitutingUser = substitutingUser;
disabledRoleSubstitution.SubstitutedUser = testUser;
disabledRoleSubstitution.SubstitutedRole = managerRole;
disabledRoleSubstitution.IsEnabled = false;
Tenant tenant2 = CreateTenant("Tenant 2");
Group groupTenant2 = CreateGroup("Group Tenant 2", "GT2", "UID: group Tenant 2", null, tenant2);
User userTenant2 = CreateUser("User.Tenant2", "User", "Tenant 2", string.Empty, groupTenant2, tenant2);
Substitution userTenant2Substitution = Substitution.NewObject();
userTenant2Substitution.SubstitutingUser = userTenant2;
userTenant2Substitution.SubstitutedUser = testUser;
ClientTransactionScope.CurrentTransaction.Commit();
return(tenant1);
}
}