Exemple #1
0
        public void Should_be_able_to_get_attribute()
        {
            _builder.Setup(b => b.Build(It.IsAny <Type>())).Returns(typeof(DummyAuthorizeAttribute).GetConstructor(Type.EmptyTypes));

            IAuthorizeAttribute attribute = _cache.GetAttribute(typeof(AuthorizeAttribute));

            Assert.NotNull(attribute);
        }
Exemple #2
0
        public void Should_be_able_to_build_derived_attribute_for_the_provided_type()
        {
            ConstructorInfo ctor = new AuthorizeAttributeBuilder().Build(typeof(AuthorizeAttribute));

            IAuthorizeAttribute attribute = ctor.Invoke(new object[0]) as IAuthorizeAttribute;

            Assert.NotNull(attribute);
        }
Exemple #3
0
        public bool IsAccessibleToUser(RequestContext requestContext, string controllerName, string actionName, RouteValueDictionary routeValues)
        {
            Guard.IsNotNull(requestContext, "requestContext");
            Guard.IsNotNullOrEmpty(controllerName, "controllerName");
            Guard.IsNotNullOrEmpty(actionName, "actionName");

            List <AuthorizeAttribute> authorizeAttributes = authorizeAttributeCache.GetAuthorizeAttributes(requestContext, controllerName, actionName, routeValues).ToList();

#if MVC3
            authorizeAttributes.AddRange(GlobalFilters.Filters.Select(f => f.Instance).OfType <AuthorizeAttribute>());
#endif
            bool allowed = true;

            foreach (AuthorizeAttribute authorizeAttribute in authorizeAttributes)
            {
                if (authorizeAttribute != null)
                {
                    try
                    {
                        Type currentAuthorizationAttributeType = authorizeAttribute.GetType();
                        bool isDefaultAttribute = (currentAuthorizationAttributeType == defaultAuthorizeAttributeType);

                        IAuthorizeAttribute subclassedAttribute = isDefaultAttribute ?
                                                                  new InternalAuthorizeAttribute() : // No need to use Reflection.Emit if it is the asp.net mvc built-in attribute
                                                                  authorizeAttribute is IAuthorizeAttribute ?
                                                                  authorizeAttribute as IAuthorizeAttribute :
                                                                  reflectedAuthorizeAttributeCache.GetAttribute(currentAuthorizationAttributeType);

                        subclassedAttribute.Order = authorizeAttribute.Order;
                        subclassedAttribute.Roles = authorizeAttribute.Roles;
                        subclassedAttribute.Users = authorizeAttribute.Users;

                        if (!isDefaultAttribute)
                        {
                            // Copy the remaining properties (if there is any)
                            objectCopier.Copy(authorizeAttribute, subclassedAttribute, "Order", "Roles", "Users" /* Excluded properties */);
                        }


                        allowed = subclassedAttribute.IsAuthorized(requestContext.HttpContext);
                    }
                    catch
                    {
                        // do not allow on exception
                        allowed = false;
                    }

                    if (!allowed)
                    {
                        break;
                    }
                }
            }

            return(allowed);
        }
Exemple #4
0
 public static void Authorize(this IAuthorizationHelper authorizationHelper, IAuthorizeAttribute authorizeAttribute)
 {
     authorizationHelper.Authorize(new[] { authorizeAttribute });
 }
Exemple #5
0
 public static async Task AuthorizeAsync(this IAuthorizationHelper authorizationHelper, IAuthorizeAttribute authorizeAttribute)
 {
     await authorizationHelper.AuthorizeAsync(new[] { authorizeAttribute });
 }