public void HandleAuthorizationRequest_WithNoAllowedRolesProvided_GivesSuccess(IEnumerable <string> userRoles) { var allowedRoles = Enumerable.Empty <string>(); var sut = new RoleAuthorizationRequirement(allowedRoles); var userStub = new Mock <User>(() => new User(String.Empty, userRoles)); var result = sut.HandleAuthorizationRequest(userStub.Object); result.Success.Should().BeTrue("because no allowed roles have been defined"); }
public void HandleAuthorizationRequest_ForAuthorizedUser_GivesSuccess() { var allowedRoles = new[] { "Developer" }; var userStub = new Mock <User>(() => new User(String.Empty, allowedRoles)); var sut = new RoleAuthorizationRequirement(allowedRoles); var result = sut.HandleAuthorizationRequest(userStub.Object); result.Success.Should().BeTrue("because the user has required role"); }
/// <summary> /// Policy configuration delegate passed into <see cref="PolicyServiceCollectionExtensions.AddAuthorization"/>. /// The default implementation adds a series of authorization policies for Cofoundry roles and permissions. /// </summary> /// <param name="options"></param> protected virtual void ConfigurePolicies(AuthorizationOptions options) { foreach (var userArea in _userAreaDefinitionRepository.GetAll()) { var policyName = AuthorizationPolicyNames.UserArea(userArea.UserAreaCode); var authRequirement = new UserAreaAuthorizationRequirement(userArea.UserAreaCode); options.AddPolicy(policyName, p => p.AddRequirements(authRequirement)); } foreach (var role in _roleDefinitionRepository.GetAll()) { var policyName = AuthorizationPolicyNames.Role(role.UserAreaCode, role.RoleCode); var authRequirement = new RoleAuthorizationRequirement(role.UserAreaCode, role.RoleCode); options.AddPolicy(policyName, p => p.AddRequirements(authRequirement)); } foreach (var permission in _permissionRepository.GetAll()) { var policyName = AuthorizationPolicyNames.Permission(permission); var authRequirement = new PermissionAuthorizationRequirement(permission); options.AddPolicy(policyName, p => p.AddRequirements(authRequirement)); } }
/// <summary> /// Initializes a new instance of the <see cref="RequiresRoleFilterAttribute"/> class. /// </summary> /// <param name="logger">The logger.</param> /// <param name="requirement">The requirement.</param> /// <param name="principalProvider">The principal provider.</param> public RequiresRoleFilterAttribute(ILogger <RequiresRoleAttribute> logger, RoleAuthorizationRequirement requirement, ICustomPrincipalProvider principalProvider) { this.logger = logger ?? throw new ArgumentNullException(nameof(logger)); this.requirement = requirement ?? throw new ArgumentNullException(nameof(requirement)); this.principalProvider = principalProvider ?? throw new ArgumentNullException(nameof(principalProvider)); }