/// <summary> /// Provides an entry point for custom authorization checks. /// </summary> /// <param name="httpContext">The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.</param> /// <returns> /// false if the user is an admin or editor AND the site is private (ispublicsite=false). Otherwise true is returned. /// </returns> /// <exception cref="T:System.ArgumentNullException">The <paramref name="httpContext"/> parameter is null.</exception> protected override bool AuthorizeCore(HttpContextBase httpContext) { if (AuthorizationProvider == null) { throw new SecurityException("The OptionalAuthorizationAttribute property has not been set for AdminRequiredAttribute. Has it been injected by the DI?", null); } if (!ApplicationSettings.Installed) { return(true); } // If the site is private then check for a login if (!ApplicationSettings.IsPublicSite) { IPrincipal principal = httpContext.User; AuthorizationProvider provider = new AuthorizationProvider(ApplicationSettings, UserService); return(provider.IsAdmin(principal) || provider.IsEditor(principal)); } else { return(true); } }
public void IsEditor_Should_Return_False_When_No_Identity_Name_Set() { // Arrange User adminUser = CreateAdminUser(); IdentityStub identity = new IdentityStub() { Name = "", IsAuthenticated = true }; PrincipalStub principal = new PrincipalStub() { Identity = identity }; AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService); // Act bool isAuthenticated = provider.IsEditor(principal); // Assert Assert.That(isAuthenticated, Is.False); }
public void IsEditor_Should_Return_True_For_Admin_User() { // Arrange User adminUser = CreateAdminUser(); IdentityStub identity = new IdentityStub() { Name = adminUser.Id.ToString(), IsAuthenticated = true }; PrincipalStub principal = new PrincipalStub() { Identity = identity }; AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService); // Act bool isAuthenticated = provider.IsEditor(principal); // Assert Assert.That(isAuthenticated, Is.True); }
public void IsEditor_Should_Return_False_When_Not_Authenticated() { // Arrange User editorUser = CreateEditorUser(); IdentityStub identity = new IdentityStub() { Name = editorUser.Id.ToString(), IsAuthenticated = false }; PrincipalStub principal = new PrincipalStub() { Identity = identity }; AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService); // Act bool isAuthenticated = provider.IsEditor(principal); // Assert Assert.That(isAuthenticated, Is.False); }
public void iseditor_should_return_true_for_editor_user() { // Arrange User editorUser = CreateEditorUser(); IdentityStub identity = new IdentityStub() { Name = editorUser.Id.ToString(), IsAuthenticated = true }; PrincipalStub principal = new PrincipalStub() { Identity = identity }; AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService); // Act bool isAuthenticated = provider.IsEditor(principal); // Assert Assert.That(isAuthenticated, Is.True); }