/// <summary> /// Applies each permission as an asp.net core policy that can then be authorized using <see cref="PermissionRequirement"/> /// </summary> /// <param name="services"></param> /// <param name="permissions"></param> public static void AddPermissionPolicies(this IServiceCollection services, IEnumerable <Permission> permissions) { var builder = new AuthorizationBuilder(permissions); services.AddAuthorization(options => { builder.Build(c => { // applies each permission as an asp.net core policy that can then be authorized foreach (var permission in c.Permissions) { var requirement = new PermissionRequirement(permission.Code); options.AddPolicy(permission.Code, policy => policy.Requirements.Add(requirement)); } }); }); }
public async Task HandleAsync_WithNonInternalUserOrOrganisationUser_ThrowsSecurityException() { // Arrange var authorizationBuilder = new AuthorizationBuilder() .DenyInternalOrOrganisationAccess(); var authorization = authorizationBuilder.Build(); var dataAccess = A.Dummy<IOrganisationDetailsDataAccess>(); var weeeEmailService = A.Dummy<IWeeeEmailService>(); var handler = new UpdateOrganisationContactDetailsHandler(authorization, dataAccess, weeeEmailService); var request = new UpdateOrganisationContactDetails(new OrganisationData { Id = Guid.NewGuid() }, false); // Act, Assert await Assert.ThrowsAsync<SecurityException>(() => handler.HandleAsync(request)); }
public async Task HandleAsync_WithNonInternalUserOrOrganisationUser_ThrowsSecurityException() { // Arrange var authorizationBuilder = new AuthorizationBuilder() .DenyInternalOrOrganisationAccess(); var authorization = authorizationBuilder.Build(); var dataAccess = A.Dummy <IOrganisationDetailsDataAccess>(); var weeeEmailService = A.Dummy <IWeeeEmailService>(); var handler = new UpdateSchemeContactDetailsHandler(authorization, dataAccess, weeeEmailService); var request = new UpdateSchemeContactDetails(new SchemeData() { Id = Guid.NewGuid() }, false); // Act, Assert await Assert.ThrowsAsync <SecurityException>(() => handler.HandleAsync(request)); }