public void Serialization()
{
var securityProviderMock = MockRepository.GenerateStrictMock <ISecurityProvider>();
securityProviderMock
.Expect(_ => _.GetAccess(_context, new SecurityPrincipal("foo", null, null, null)))
.Return(new[] { AccessType.Get(GeneralAccessTypes.Read) })
.Repeat.Once();
bool hasAccess = _strategy.HasAccess(
securityProviderMock,
new SecurityPrincipal("foo", null, null, null),
new[] { AccessType.Get(GeneralAccessTypes.Read) });
Assert.That(hasAccess, Is.True);
var deserializedStrategy = Serializer.SerializeAndDeserialize(_strategy);
Assert.That(deserializedStrategy, Is.Not.SameAs(_strategy));
bool hasAccessAfterDeserialization = _strategy.HasAccess(
MockRepository.GenerateStrictMock <ISecurityProvider>(),
new SecurityPrincipal("foo", null, null, null),
new[] { AccessType.Get(GeneralAccessTypes.Read) });
Assert.That(hasAccessAfterDeserialization, Is.True);
}
public bool HasAccess(
ISecurityProvider securityProvider,
ISecurityPrincipal principal,
IReadOnlyList <AccessType> requiredAccessTypes)
{
ArgumentUtility.DebugCheckNotNull("securityProvider", securityProvider);
ArgumentUtility.DebugCheckNotNull("principal", principal);
ArgumentUtility.DebugCheckNotNullOrEmpty("requiredAccessTypes", requiredAccessTypes);
if (_isEvaluatingAccess)
{
throw new InvalidOperationException(
"Multiple reentrancies on InstanceBasedReEntrancyGuardedObjectSecurityStrategyDecorator.HasAccess(...) are not allowed as they can indicate a possible infinite recursion. "
+ "Use SecurityFreeSection.IsActive to guard the computation of the SecurityContext returned by ISecurityContextFactory.CreateSecurityContext().");
}
try
{
_isEvaluatingAccess = true;
return(_objectSecurityStrategy.HasAccess(securityProvider, principal, requiredAccessTypes));
}
finally
{
_isEvaluatingAccess = false;
}
}
public void ExpectObjectSecurityStrategyHasAccessWithMatchingScope(SecurableObject securableObject, ClientTransactionScope expectedScope)
{
IObjectSecurityStrategy objectSecurityStrategy = securableObject.GetSecurityStrategy();
Expect.Call(objectSecurityStrategy.HasAccess(null, null, null))
.IgnoreArguments()
.WhenCalled(mi => CheckScope(expectedScope))
.Return(true);
}
public void HasAccess_WithAccessGranted()
{
var strategy = new DomainObjectSecurityStrategyDecorator(_mockObjectSecurityStrategy, _stubContextFactory, RequiredSecurityForStates.None);
using (_mocks.Ordered())
{
Expect.Call(_stubContextFactory.IsInvalid).Return(false);
Expect.Call(_stubContextFactory.IsNew).Return(false);
Expect.Call(_stubContextFactory.IsDeleted).Return(false);
Expect.Call(_mockObjectSecurityStrategy.HasAccess(_stubSecurityProvider, _stubUser, _accessTypeResult)).Return(true);
}
_mocks.ReplayAll();
bool hasAccess = strategy.HasAccess(_stubSecurityProvider, _stubUser, _accessTypeResult);
_mocks.VerifyAll();
Assert.That(hasAccess, Is.EqualTo(true));
}
public void ExpectObjectSecurityStrategyHasAccess(Enum[] requiredAccessTypes, bool returnValue)
{
Expect
.Call(
_mockObjectSecurityStrategy.HasAccess(
Arg.Is(_mockSecurityProvider),
Arg.Is(_userStub),
Arg <IReadOnlyList <AccessType> > .List.Equal(ConvertAccessTypeEnums(requiredAccessTypes))))
.Return(returnValue);
}
private void ExpectObjectSecurityStrategyHasAccessForSecurableObject(Enum accessTypeEnum, bool returnValue)
{
Expect
.Call(
_mockObjectSecurityStrategy.HasAccess(
Arg.Is(_mockSecurityProvider),
Arg.Is(_stubUser),
Arg <IReadOnlyList <AccessType> > .List.Equal(new[] { AccessType.Get(accessTypeEnum) })))
.Return(returnValue);
}
// methods and properties
public void ExpectHasAccess(Enum[] accessTypeEnums, bool returnValue)
{
AccessType[] accessTypes = Array.ConvertAll <Enum, AccessType> (accessTypeEnums, AccessType.Get);
Expect.Call(
_mockObjectSecurityStrategy.HasAccess(
Arg.Is(_mockSecurityProvider),
Arg.Is(_stubUser),
Arg <IReadOnlyList <AccessType> > .List.Equal(accessTypes)))
.Return(returnValue);
}
public void ExpectObjectSecurityStrategyHasAccess(SecurableObject securableObject, Enum accessTypeEnum, HasAccessDelegate doDelegate)
{
IObjectSecurityStrategy objectSecurityStrategy = securableObject.GetSecurityStrategy();
Expect.Call(
objectSecurityStrategy.HasAccess(
Arg.Is(_mockSecurityProvider),
Arg.Is(_stubUser),
Arg <IReadOnlyList <AccessType> > .List.Equal(new[] { AccessType.Get(accessTypeEnum) })))
.WhenCalled(mi => CheckTransaction())
.Do(doDelegate);
}
public void HasAccess_WithAccessGranted_OnlyRequestsAccessTypesOnce_ReturnsTrue()
{
_securityProviderMock
.Expect(_ => _.GetAccess(_context, _principalStub))
.Return(new[] { AccessType.Get(GeneralAccessTypes.Read) })
.Repeat.Once();
bool hasAccessOnFirstCall = _strategy.HasAccess(
_securityProviderMock,
_principalStub,
new[] { AccessType.Get(GeneralAccessTypes.Read) });
Assert.That(hasAccessOnFirstCall, Is.True);
bool hasAccessOnSecondCall = _strategy.HasAccess(
_securityProviderMock,
_principalStub,
new[] { AccessType.Get(GeneralAccessTypes.Read) });
Assert.That(hasAccessOnSecondCall, Is.True);
_securityProviderMock.VerifyAllExpectations();
}
public bool HasAccess(ISecurityProvider securityService, ISecurityPrincipal principal, IReadOnlyList <AccessType> requiredAccessTypes)
{
if (_securityContextFactory.IsInvalid)
{
return(true);
}
bool isSecurityRequiredForNew = RequiredSecurityForStates.New == (RequiredSecurityForStates.New & _requiredSecurityForStates);
if (!isSecurityRequiredForNew && _securityContextFactory.IsNew)
{
return(true);
}
bool isSecurityRequiredForDeleted = RequiredSecurityForStates.Deleted == (RequiredSecurityForStates.Deleted & _requiredSecurityForStates);
if (!isSecurityRequiredForDeleted && _securityContextFactory.IsDeleted)
{
return(true);
}
return(_innerStrategy.HasAccess(securityService, principal, requiredAccessTypes));
}
