public void CantPerformActionNotGranted()
{
var options = GetSecurityAccessProviderOptions();
var sec = new SecurityAccessProvider(options);
var id = GetIdentity();
var result = sec.CanPerformOperation("ControllerA", "Details", id);
result.Should().Be(false);
}
public void GlobalDeniedControllersShouldTakePrecenceOverExplicitGrants()
{
var options = GetSecurityAccessProviderOptions();
var sec = new SecurityAccessProvider(options);
var id = GetIdentity();
var result = sec.CanPerformOperation("ControllerB", "Details", id);
options.Value.SecurityRoles[0].AllowActions.IndexOf("ControllerB.Details").Should().BeGreaterOrEqualTo(0);
options.Value.GlobalAllowActions.IndexOf("ControllerB.Details").Should().BeGreaterOrEqualTo(0);
options.Value.GlobalDenyActions.IndexOf("ControllerB").Should().BeGreaterOrEqualTo(0);
result.Should().Be(false);
}
public void CantPerformActionDeniedInInGlobalListEvenIfGrantedToRole()
{
var options = GetSecurityAccessProviderOptions();
var sec = new SecurityAccessProvider(options);
var id = GetIdentity();
var result = sec.CanPerformOperation("ControllerA", "Delete", id);
options.Value.SecurityRoles[0].AllowActions.IndexOf("ControllerA.Delete").Should().BeGreaterOrEqualTo(0);
options.Value.GlobalAllowActions.IndexOf("ControllerA.Delete").Should().Be(-1);
options.Value.GlobalDenyActions.IndexOf("ControllerA.Delete").Should().BeGreaterOrEqualTo(0);
options.Value.GlobalDenyActions.IndexOf("ControllerA").Should().Be(-1);
result.Should().Be(false);
}
public void CantPerformUnconfiguredROles()
{
var options = GetSecurityAccessProviderOptions();
var sec = new SecurityAccessProvider(options);
var id = GetIdentity();
var result = sec.CanPerformOperation("ControllerA", "DoAThing", id);
options.Value.SecurityRoles[0].AllowActions.IndexOf("ControllerA.DoAThing").Should().Be(-1);
options.Value.GlobalAllowActions.IndexOf("ControllerA.DoAThing").Should().Be(-1);
options.Value.GlobalDenyActions.IndexOf("ControllerA.DoAThing").Should().Be(-1);
options.Value.GlobalDenyActions.IndexOf("ControllerA").Should().Be(-1);
result.Should().Be(false);
}
public void CanPerformActionAllowedInGlobalList()
{
var options = GetSecurityAccessProviderOptions();
var sec = new SecurityAccessProvider(options);
var id = GetIdentity();
var result = sec.CanPerformOperation("ControllerA", "List", id);
options.Value.SecurityRoles[0].AllowActions.IndexOf("ControllerA.List").Should().Be(-1);
options.Value.GlobalAllowActions.IndexOf("ControllerA.List").Should().BeGreaterOrEqualTo(0);
options.Value.GlobalDenyActions.IndexOf("ControllerA.List").Should().Be(-1);
options.Value.GlobalDenyActions.IndexOf("ControllerA").Should().Be(-1);
result.Should().Be(true);
}
protected JArray GetSecurityFilteredActions(string actions)
{
var actionsList = actions.Split(",");
JArray results = new JArray();
foreach (var item in actionsList)
{
if (_securityAccessProvider.CanPerformOperation(Name, item, User.Identity as ClaimsIdentity))
{
results.Add(item);
}
}
return(results);
}
public void GrantActionBasedOnWildcardControllerAliasedAction()
{
var options = GetSecurityAccessProviderOptions();
var sec = new SecurityAccessProvider(options);
var id = GetIdentity("WildcardAppliedRoleId");
sec.CanPerformOperation("UndefinedController", "ReaderAppliedAction1", id).Should().Be(true);
sec.CanPerformOperation("UndefinedController", "ReaderAppliedAction2", id).Should().Be(true);
sec.CanPerformOperation("UndefinedController", "WriterAppliedAction1", id).Should().Be(true);
sec.CanPerformOperation("UndefinedController", "WriterAppliedAction2", id).Should().Be(true);
sec.CanPerformOperation("UndefinedController", "Create", id).Should().Be(true);
sec.CanPerformOperation("UndefinedController", "UnknownAction", id).Should().Be(false);
}
public void GrantActionBasedOnInnerWildCardActionName()
{
var options = GetSecurityAccessProviderOptions();
var sec = new SecurityAccessProvider(options);
var id = GetIdentity();
//test the wildcard inclusion
sec.CanPerformOperation("ControllerA", "WildCardItem", id).Should().Be(true);
sec.CanPerformOperation("ControllerA", "WildCardItem*", id).Should().Be(true);
sec.CanPerformOperation("ControllerA", "WildCardItemRANDOMTEXT", id).Should().Be(true);
//varify that it's not caught up in a full-action wildcard assignmenent
sec.CanPerformOperation("ControllerA", "BoopWildCardItemRANDOMTEXT", id).Should().Be(false);
sec.CanPerformOperation("ControllerB", "WildCardItem*", id).Should().Be(false);
sec.CanPerformOperation("ControllerB", "WildCardItemRANDOMTEXT", id).Should().Be(false);
}
public void GrantActionBasedOnAliasedActions()
{
var options = GetSecurityAccessProviderOptions();
var sec = new SecurityAccessProvider(options);
var id = GetIdentity("AliasAppliedRoleId");
sec.CanPerformOperation("GlobalAppliedController", "ReaderAppliedAction1", id).Should().Be(true);
sec.CanPerformOperation("GlobalAppliedController", "ReaderAppliedAction2", id).Should().Be(true);
sec.CanPerformOperation("GlobalAppliedController", "WriterAppliedAction1", id).Should().Be(true);
sec.CanPerformOperation("GlobalAppliedController", "WriterAppliedAction2", id).Should().Be(true);
sec.CanPerformOperation("UserAppliedController", "ReaderAppliedAction1", id).Should().Be(true);
sec.CanPerformOperation("UserAppliedController", "ReaderAppliedAction2", id).Should().Be(true);
sec.CanPerformOperation("UserAppliedController", "WriterAppliedAction1", id).Should().Be(true);
sec.CanPerformOperation("UserAppliedController", "WriterAppliedAction2", id).Should().Be(true);
sec.CanPerformOperation("UserAppliedController", "UnknownAction", id).Should().Be(false);
sec.CanPerformOperation("OtherController", "ReaderAppliedAction1", id).Should().Be(false);
sec.CanPerformOperation("OtherController", "ReaderAppliedAction2", id).Should().Be(false);
}