public void Should_not_be_the_same_when_types_differ()
{
var instance1 = new RequireRolePolicy("Editor", "Writer");
var instance2 = new RequireAllRolesPolicy("Editor", "Writer");
Assert.That(instance1.GetHashCode(), Is.Not.EqualTo(instance2.GetHashCode()));
}
public PolicyResult Enforce(ISecurityContext context)
{
var innerPolicy = new RequireRolePolicy(UserRole.Administrator);
var result = innerPolicy.Enforce(context);
return(result.ViolationOccured ? PolicyResult.CreateFailureResult(this, result.Message) : PolicyResult.CreateSuccessResult(this));
}
protected override void Context()
{
// Arrange
_requireRolePolicy = new RequireRolePolicy("Administrator");
_denyAnonymousAccessPolicy = new DenyAnonymousAccessPolicy();
Policies = new List <ISecurityPolicy>
{
_denyAnonymousAccessPolicy
};
}
public override void SetUp()
{
base.SetUp();
// Arrange
_requireRolePolicy = new RequireRolePolicy("Administrator");
_denyAnonymousAccessPolicy = new DenyAnonymousAccessPolicy();
_policies = new List <ISecurityPolicy>
{
_denyAnonymousAccessPolicy
};
}
public void Should_not_be_the_same_when_roles_count_differ()
{
var instance1 = new RequireRolePolicy("Editor", "Writer");
var instance2 = new RequireRolePolicy("Writer");
Assert.That(instance1.GetHashCode(), Is.Not.EqualTo(instance2.GetHashCode()));
var instance3 = new RequireRolePolicy(UserRole.Owner, UserRole.Writer, UserRole.Publisher);
var instance4 = new RequireRolePolicy(UserRole.Owner);
Assert.That(instance3.GetHashCode(), Is.Not.EqualTo(instance4.GetHashCode()));
}
public void Should_be_the_same()
{
var instance1 = new RequireRolePolicy("Editor");
var instance2 = new RequireRolePolicy("Editor");
Assert.That(instance1.GetHashCode(), Is.EqualTo(instance2.GetHashCode()));
var instance3 = new RequireRolePolicy(UserRole.Writer);
var instance4 = new RequireRolePolicy(UserRole.Writer);
Assert.That(instance3.GetHashCode(), Is.EqualTo(instance4.GetHashCode()));
}
public void Should_not_be_successful_when_isAuthenticated_is_false()
{
// Arrange
var policy = new RequireRolePolicy(new object[1]);
const bool authenticated = false;
var context = TestDataFactory.CreateSecurityContext(authenticated);
// Act
var result = policy.Enforce(context);
// Assert
Assert.That(result.ViolationOccured, Is.True);
Assert.That(result.Message, Is.EqualTo("Anonymous access denied"));
}
public void Should_return_expected_roles()
{
// Arrange
var expectedRoles = new List <object> {
"Administrator", "Editor"
}.ToArray();
var policy = new RequireRolePolicy(expectedRoles);
// Act
var rolesRequired = policy.RolesRequired;
// Assert
Assert.That(rolesRequired, Is.EqualTo(expectedRoles));
}
public void Should_return_name_and_roles()
{
// Arrange
var roles = new List <object> {
"Writer", "Editor", "Administrator"
}.ToArray();
var policy = new RequireRolePolicy(roles);
// Act
var result = policy.ToString();
// Assert
Assert.That(result, Is.EqualTo("FluentSecurity.Policy.RequireRolePolicy (Writer or Editor or Administrator)"));
}
public void Should_not_be_successful_when_isAuthenticated_is_true_and_roles_are_null()
{
// Arrange
var policy = new RequireRolePolicy(new object[1]);
const bool authenticated = true;
IEnumerable <object> roles = null;
var context = TestDataFactory.CreateSecurityContext(authenticated, roles);
// Act
var result = policy.Enforce(context);
// Assert
Assert.That(result.ViolationOccured, Is.True);
Assert.That(result.Message, Is.EqualTo("Access denied"));
}
public void Should_not_be_equal_when_roles_count_differ()
{
var instance1 = new RequireRolePolicy("Editor", "Writer");
var instance2 = new RequireRolePolicy("Writer");
Assert.That(instance1.Equals(instance2), Is.False);
Assert.That(instance1 == instance2, Is.False);
Assert.That(instance1 != instance2, Is.True);
var instance3 = new RequireRolePolicy(UserRole.Owner, UserRole.Writer, UserRole.Publisher);
var instance4 = new RequireRolePolicy(UserRole.Owner);
Assert.That(instance3.Equals(instance4), Is.False);
Assert.That(instance3 == instance4, Is.False);
Assert.That(instance3 != instance4, Is.True);
}
public void Should_be_equal()
{
var instance1 = new RequireRolePolicy("Editor");
var instance2 = new RequireRolePolicy("Editor");
Assert.That(instance1.Equals(instance2), Is.True);
Assert.That(instance1 == instance2, Is.True);
Assert.That(instance1 != instance2, Is.False);
var instance3 = new RequireRolePolicy(UserRole.Writer);
var instance4 = new RequireRolePolicy(UserRole.Writer);
Assert.That(instance3.Equals(instance4), Is.True);
Assert.That(instance3 == instance4, Is.True);
Assert.That(instance3 != instance4, Is.False);
}
public void Should_not_be_successful_when_isAuthenticated_is_true_and_roles_does_not_match()
{
// Arrange
var policy = new RequireRolePolicy("Role1", "Role2");
const bool authenticated = true;
var roles = new List <object> {
"Role3", "Role4"
}.ToArray();
var context = TestDataFactory.CreateSecurityContext(authenticated, roles);
// Act
var result = policy.Enforce(context);
// Assert
Assert.That(result.ViolationOccured, Is.True);
Assert.That(result.Message, Is.EqualTo("Access requires one of the following roles: Role1 or Role2."));
}
public void Should_resolve_authentication_status_and_roles_exactly_once()
{
// Arrange
var roles = new object[1];
var policy = new RequireRolePolicy(roles);
var context = new Mock <ISecurityContext>();
context.Setup(x => x.CurrentUserIsAuthenticated()).Returns(true);
context.Setup(x => x.CurrentUserRoles()).Returns(roles);
// Act
var result = policy.Enforce(context.Object);
// Assert
Assert.That(result.ViolationOccured, Is.False);
context.Verify(x => x.CurrentUserIsAuthenticated(), Times.Exactly(1), "The authentication status should be resolved at most once.");
context.Verify(x => x.CurrentUserRoles(), Times.Exactly(1), "The roles should be resolved at most once.");
}
public void Should_be_successful_when_isAuthenticated_is_true_and_user_has_at_least_one_matching_role()
{
// Arrange
var requiredRoles = new List <object> {
UserRole.Writer,
UserRole.Publisher
};
var policy = new RequireRolePolicy(requiredRoles.ToArray());
const bool authenticated = true;
var roles = new List <object> {
UserRole.Writer
};
var context = TestDataFactory.CreateSecurityContext(authenticated, roles.ToArray());
// Act
var result = policy.Enforce(context);
// Assert
Assert.That(result.ViolationOccured, Is.False);
}
public void Should_not_be_equal_when_comparing_to_null()
{
var instance = new RequireRolePolicy("Editor");
Assert.That(instance.Equals(null), Is.False);
}