public void MatchingPermissionReturnsRight()
        {
            RolePermission assertion = new RolePermission("testrole", SecurityRight.Inherit, SecurityRight.Inherit, SecurityRight.Allow, SecurityRight.Inherit, new UserName("johndoe"));
            SecurityRight  result    = assertion.CheckPermission(null, SecurityPermission.ForceAbortBuild);

            Assert.AreEqual(SecurityRight.Allow, result);
        }
        public void DifferentPermissionReturnsInherited()
        {
            RolePermission assertion = new RolePermission("testrole", SecurityRight.Inherit, SecurityRight.Inherit, SecurityRight.Allow, SecurityRight.Inherit, new UserName("johndoe"));
            SecurityRight  result    = assertion.CheckPermission(null, SecurityPermission.SendMessage);

            Assert.AreEqual(SecurityRight.Inherit, result);
        }
 /// <summary>
 /// Checks whether the user can perform the specified action.
 /// </summary>
 /// <param name="userName">The name of the user that is being checked.</param>
 /// <param name="permission">The permission to check.</param>
 /// <param name="defaultRight">The default right to use.</param>
 /// <param name="manager"></param>
 /// <returns>True if the permission is valid, false otherwise.</returns>
 public virtual bool CheckPermission(ISecurityManager manager,
     string userName,
     SecurityPermission permission,
     SecurityRight defaultRight)
 {
     return manager.CheckServerPermission(userName, permission);
 }
Exemple #4
0
        /// <summary>
        /// Checks whether the user can perform the specified action.
        /// </summary>
        /// <param name="userName">The name of the user that is being checked.</param>
        /// <param name="permission">The permission to check.</param>
        /// <param name="defaultRight">The default right to use.</param>
        /// <param name="manager"></param>
        /// <returns>True if the permission is valid, false otherwise.</returns>
        public virtual bool CheckPermission(ISecurityManager manager,
                                            string userName,
                                            SecurityPermission permission,
                                            SecurityRight defaultRight)
        {
            SecurityRight currentRight = SecurityRight.Inherit;

            // Iterate through the assertions stopping when we hit the first non-inherited permission
            foreach (IPermission assertion in permissions)
            {
                if (assertion.CheckUser(manager, userName))
                {
                    currentRight = assertion.CheckPermission(manager, permission);
                }
                if (currentRight != SecurityRight.Inherit)
                {
                    break;
                }
            }

            // If we don't have a result, then use the default right
            if (currentRight == SecurityRight.Inherit)
            {
                currentRight = this.defaultRight;
            }
            if (currentRight == SecurityRight.Inherit)
            {
                currentRight = defaultRight;
            }
            return(currentRight == SecurityRight.Allow);
        }
Exemple #5
0
 /// <summary>
 /// Checks whether the user can perform the specified action.
 /// </summary>
 /// <param name="userName">The name of the user that is being checked.</param>
 /// <param name="permission">The permission to check.</param>
 /// <param name="defaultRight">The default right to use.</param>
 /// <param name="manager"></param>
 /// <returns>True if the permission is valid, false otherwise.</returns>
 public virtual bool CheckPermission(ISecurityManager manager,
                                     string userName,
                                     SecurityPermission permission,
                                     SecurityRight defaultRight)
 {
     return(manager.CheckServerPermission(userName, permission));
 }
 /// <summary>
 /// Checks whether the user can perform the specified action.
 /// </summary>
 /// <param name="userName">The name of the user that is being checked.</param>
 /// <param name="permission">The permission to check.</param>
 /// <param name="defaultRight">The default right to use.</param>
 /// <param name="manager"></param>
 /// <returns>True if the permission is valid, false otherwise.</returns>
 public virtual bool CheckPermission(ISecurityManager manager, 
     string userName, 
     SecurityPermission permission,
     SecurityRight defaultRight)
 {
     return true;
 }
Exemple #7
0
 /// <summary>
 /// Checks whether the user can perform the specified action.
 /// </summary>
 /// <param name="userName">The name of the user that is being checked.</param>
 /// <param name="permission">The permission to check.</param>
 /// <param name="defaultRight">The default right to use.</param>
 /// <param name="manager"></param>
 /// <returns>True if the permission is valid, false otherwise.</returns>
 public virtual bool CheckPermission(ISecurityManager manager,
                                     string userName,
                                     SecurityPermission permission,
                                     SecurityRight defaultRight)
 {
     return(true);
 }
 /// <summary>
 /// Start a fully load instance.
 /// </summary>
 /// <param name="userName">The name of the user.</param>
 /// <param name="defaultRight">The default right.</param>
 /// <param name="sendMessage">Their send message right.</param>
 /// <param name="forceBuild">Their force build right.</param>
 /// <param name="startProject">Their start project right.</param>
 public UserPermission(string userName, SecurityRight defaultRight, SecurityRight sendMessage, SecurityRight forceBuild, SecurityRight startProject)
 {
     this.userName = userName;
     base.DefaultRight = defaultRight;
     base.SendMessageRight = sendMessage;
     base.ForceBuildRight = forceBuild;
     base.StartProjectRight = startProject;
 }
 /// <summary>
 /// Start a fully load instance.
 /// </summary>
 /// <param name="userName">The name of the user.</param>
 /// <param name="defaultRight">The default right.</param>
 /// <param name="sendMessage">Their send message right.</param>
 /// <param name="forceBuild">Their force build right.</param>
 /// <param name="startProject">Their start project right.</param>
 public UserPermission(string userName, SecurityRight defaultRight, SecurityRight sendMessage, SecurityRight forceBuild, SecurityRight startProject)
 {
     this.userName          = userName;
     base.DefaultRight      = defaultRight;
     base.SendMessageRight  = sendMessage;
     base.ForceBuildRight   = forceBuild;
     base.StartProjectRight = startProject;
 }
 /// <summary>
 /// Start a fully load instance.
 /// </summary>
 /// <param name="roleName">The name of the role.</param>
 /// <param name="defaultRight">The default right.</param>
 /// <param name="sendMessage">Their send message right.</param>
 /// <param name="forceBuild">Their force build right.</param>
 /// <param name="startProject">Their start project right.</param>
 /// <param name="users">The users in this role.</param>
 public RolePermission(string roleName, SecurityRight defaultRight, SecurityRight sendMessage, SecurityRight forceBuild, SecurityRight startProject, params UserName[] users)
 {
     this.roleName = roleName;
     base.DefaultRight = defaultRight;
     base.SendMessageRight = sendMessage;
     base.ForceBuildRight = forceBuild;
     base.StartProjectRight = startProject;
     this.users = users;
 }
 /// <summary>
 /// Start a fully load instance.
 /// </summary>
 /// <param name="roleName">The name of the role.</param>
 /// <param name="defaultRight">The default right.</param>
 /// <param name="sendMessage">Their send message right.</param>
 /// <param name="forceBuild">Their force build right.</param>
 /// <param name="startProject">Their start project right.</param>
 /// <param name="users">The users in this role.</param>
 public RolePermission(string roleName, SecurityRight defaultRight, SecurityRight sendMessage, SecurityRight forceBuild, SecurityRight startProject, params UserName[] users)
 {
     this.roleName          = roleName;
     base.DefaultRight      = defaultRight;
     base.SendMessageRight  = sendMessage;
     base.ForceBuildRight   = forceBuild;
     base.StartProjectRight = startProject;
     this.users             = users;
 }
Exemple #12
0
        public void CorrectPermissionsReturnedForceBuild()
        {
            UserPermission assertion = new UserPermission("johnDoe",
                                                          SecurityRight.Deny,
                                                          SecurityRight.Deny,
                                                          SecurityRight.Allow,
                                                          SecurityRight.Deny);
            SecurityRight right = assertion.CheckPermission(null, SecurityPermission.ForceAbortBuild);

            Assert.AreEqual(SecurityRight.Allow, right);
        }
Exemple #13
0
        public void CorrectPermissionsReturnedStartProject()
        {
            UserPermission assertion = new UserPermission("johnDoe",
                                                          SecurityRight.Deny,
                                                          SecurityRight.Deny,
                                                          SecurityRight.Deny,
                                                          SecurityRight.Allow);
            SecurityRight right = assertion.CheckPermission(null, SecurityPermission.StartStopProject);

            Assert.AreEqual(SecurityRight.Allow, right);
        }
Exemple #14
0
        public void CorrectPermissionsReturnedSendMessage()
        {
            UserPermission assertion = new UserPermission("johnDoe",
                                                          SecurityRight.Deny,
                                                          SecurityRight.Allow,
                                                          SecurityRight.Deny,
                                                          SecurityRight.Deny);
            SecurityRight right = assertion.CheckPermission(null, SecurityPermission.SendMessage);

            Assert.AreEqual(SecurityRight.Allow, right);
        }
 /// <summary>
 /// Logs a security event.
 /// </summary>
 /// <param name="projectName">The name of the project.</param>
 /// <param name="userName">The name of the user.</param>
 /// <param name="eventType">The type of event.</param>
 /// <param name="eventRight">The right of the event.</param>
 /// <param name="message">Any security message.</param>
 public virtual void LogEvent(string projectName, string userName, SecurityEvent eventType, SecurityRight eventRight, string message)
 {
     if ((eventRight == SecurityRight.Allow) && this.logSuccessfulEvents)
     {
         DoLogEvent(projectName, userName, eventType, eventRight, message);
     }
     else if ((eventRight == SecurityRight.Deny) && this.logFailureEvents)
     {
         DoLogEvent(projectName, userName, eventType, eventRight, message);
     }
     else if (eventRight == SecurityRight.Inherit)
     {
         DoLogEvent(projectName, userName, eventType, eventRight, message);
     }
 }
Exemple #16
0
        public void LogEventSendsEventToLogger()
        {
            string        projectName = "Test Project";
            string        userName    = "******";
            SecurityEvent eventType   = SecurityEvent.ForceBuild;
            SecurityRight eventRight  = SecurityRight.Allow;
            string        message     = "A message";

            IAuditLogger logger = mocks.Create <IAuditLogger>(MockBehavior.Strict).Object;

            Mock.Get(logger).Setup(_logger => _logger.LogEvent(projectName, userName, eventType, eventRight, message)).Verifiable();

            manager.AuditLoggers = new IAuditLogger[] {
                logger
            };
            manager.Initialise();
            manager.LogEvent(projectName, userName, eventType, eventRight, message);
        }
Exemple #17
0
        public void CheckPermissionWithValidReference()
        {
            SecurityPermission permission    = SecurityPermission.ForceAbortBuild;
            string             goodReference = "doesExist";
            IPermission        goodAssertion = mocks.Create <IPermission>(MockBehavior.Strict).Object;
            ISecurityManager   manager       = mocks.Create <ISecurityManager>(MockBehavior.Strict).Object;

            Mock.Get(manager).Setup(_manager => _manager.RetrievePermission(goodReference)).Returns(goodAssertion).Verifiable();
            Mock.Get(goodAssertion).Setup(_goodAssertion => _goodAssertion.CheckPermission(manager, permission)).Returns(SecurityRight.Allow).Verifiable();

            UserPermission assertion = new UserPermission();

            assertion.RefId = goodReference;
            SecurityRight result = assertion.CheckPermission(manager, permission);

            Assert.AreEqual(SecurityRight.Allow, result);
            mocks.VerifyAll();
        }
Exemple #18
0
        public void CheckPermissionWithValidReference()
        {
            SecurityPermission permission    = SecurityPermission.ForceAbortBuild;
            string             goodReference = "doesExist";
            IPermission        goodAssertion = mocks.StrictMock <IPermission>();
            ISecurityManager   manager       = mocks.StrictMock <ISecurityManager>();

            Expect.Call(manager.RetrievePermission(goodReference)).Return(goodAssertion);
            Expect.Call(goodAssertion.CheckPermission(manager, permission)).Return(SecurityRight.Allow);

            mocks.ReplayAll();
            UserPermission assertion = new UserPermission();

            assertion.RefId = goodReference;
            SecurityRight result = assertion.CheckPermission(manager, permission);

            Assert.AreEqual(SecurityRight.Allow, result);
            mocks.VerifyAll();
        }
        public void LogEventSendsEventToLogger()
        {
            string        projectName = "Test Project";
            string        userName    = "******";
            SecurityEvent eventType   = SecurityEvent.ForceBuild;
            SecurityRight eventRight  = SecurityRight.Allow;
            string        message     = "A message";

            IAuditLogger logger = mocks.CreateMock <IAuditLogger>();

            Expect.Call(delegate { logger.LogEvent(projectName, userName, eventType, eventRight, message); });

            mocks.ReplayAll();
            manager.AuditLoggers = new IAuditLogger[] {
                logger
            };
            manager.Initialise();
            manager.LogEvent(projectName, userName, eventType, eventRight, message);
        }
        /// <summary>
        /// Performs the actual logging of a security event
        /// </summary>
        /// <param name="projectName">The name of the project.</param>
        /// <param name="userName">The name of the user.</param>
        /// <param name="eventType">The type of event.</param>
        /// <param name="eventRight">The right of the event.</param>
        /// <param name="message">Any security message.</param>
        protected override void DoLogEvent(string projectName, string userName, SecurityEvent eventType, SecurityRight eventRight, string message)
        {
            // Generate the log entry
            XmlDocument auditXml = new XmlDocument();
            XmlElement xmlRoot = auditXml.CreateElement("event");
            auditXml.AppendChild(xmlRoot);
            AddXmlElement(auditXml, xmlRoot, "dateTime", DateTime.Now.ToString("o", CultureInfo.CurrentCulture));
            if (!string.IsNullOrEmpty(projectName)) AddXmlElement(auditXml, xmlRoot, "project", projectName);
            if (!string.IsNullOrEmpty(userName)) AddXmlElement(auditXml, xmlRoot, "user", userName);
            AddXmlElement(auditXml, xmlRoot, "type", eventType.ToString());
            if (eventRight != SecurityRight.Inherit) AddXmlElement(auditXml, xmlRoot, "outcome", eventRight.ToString());
            if (!string.IsNullOrEmpty(message)) AddXmlElement(auditXml, xmlRoot, "message", message);

            // Write the entry
			string auditLog = executionEnvironment.EnsurePathIsRooted(this.auditFile);
            lock (this)
            {
                File.AppendAllText(auditLog, auditXml.OuterXml.Replace(Environment.NewLine, " ") + Environment.NewLine);
            }
        }
        /// <summary>
        /// Checks whether the user can perform the specified action at the server level.
        /// </summary>
        /// <param name="userName">The name of the user that is being checked.</param>
        /// <param name="permission">The permission to check.</param>
        /// <returns>True if the permission is valid, false otherwise.</returns>
        public override bool CheckServerPermission(string userName, SecurityPermission permission)
        {
            SecurityRight currentRight = SecurityRight.Inherit;

            // Iterate through the permissions stopping when we hit the first non-inherited permission
            foreach (IPermission permissionToCheck in permissions)
            {
                if (permissionToCheck.CheckUser(this, userName))
                {
                    currentRight = permissionToCheck.CheckPermission(this, permission);
                }
                if (currentRight != SecurityRight.Inherit)
                {
                    break;
                }
            }

            // If we don't have a result, then use the default right
            if (currentRight == SecurityRight.Inherit)
            {
                currentRight = GetDefaultRight(permission);
            }
            return(currentRight == SecurityRight.Allow);
        }
 /// <summary>
 /// Starts a new filter with the security right.
 /// </summary>
 /// <param name="securityRight"></param>
 public SecurityRightAuditFilter(SecurityRight securityRight)
     : this(securityRight, null)
 {
 }
 /// <summary>
 /// Starts a new filter with the security right and inner filter.
 /// </summary>
 /// <param name="securityRight"></param>
 /// <param name="innerFilter"></param>
 public SecurityRightAuditFilter(SecurityRight securityRight, AuditFilterBase innerFilter)
     : base(innerFilter)
 {
     this.right = securityRight;
 }
 /// <summary>
 /// Filters by security right.
 /// </summary>
 /// <param name="right"></param>
 /// <returns></returns>
 public virtual AuditFilterBase ByRight(SecurityRight right)
 {
     return(new SecurityRightAuditFilter(right, this));
 }
 /// <summary>
 /// Start a fully load instance.
 /// </summary>
 /// <param name="defaultRight">The default right.</param>
 /// <param name="assertions">The assertions.</param>
 public DefaultProjectAuthorisation(SecurityRight defaultRight, params IPermission[] assertions)
 {
     this.defaultRight = defaultRight;
     this.permissions = assertions;
 }
Exemple #26
0
 /// <summary>
 /// Start a fully load instance.
 /// </summary>
 /// <param name="defaultRight">The default right.</param>
 /// <param name="assertions">The assertions.</param>
 public DefaultProjectAuthorisation(SecurityRight defaultRight, params IPermission[] assertions)
 {
     this.defaultRight = defaultRight;
     this.permissions  = assertions;
 }
Exemple #27
0
 /// <summary>
 /// Filters by security right.
 /// </summary>
 /// <param name="right"></param>
 /// <returns></returns>
 public static AuditFilterBase ByRight(SecurityRight right)
 {
     return(new SecurityRightAuditFilter(right));
 }
 /// <summary>
 /// Logs a security event.
 /// </summary>
 /// <param name="projectName">The name of the project.</param>
 /// <param name="userName">The name of the user.</param>
 /// <param name="eventType">The type of event.</param>
 /// <param name="eventRight">The right of the event.</param>
 /// <param name="message">Any security message.</param>
 public virtual void LogEvent(string projectName, string userName, SecurityEvent eventType, SecurityRight eventRight, string message)
 {
     if ((eventRight == SecurityRight.Allow) && this.logSuccessfulEvents)
     {
         DoLogEvent(projectName, userName, eventType, eventRight, message);
     }
     else if ((eventRight == SecurityRight.Deny) && this.logFailureEvents)
     {
         DoLogEvent(projectName, userName, eventType, eventRight, message);
     }
     else if (eventRight == SecurityRight.Inherit)
     {
         DoLogEvent(projectName, userName, eventType, eventRight, message);
     }
 }
 /// <summary>
 /// Sends a security event to the audit loggers.
 /// </summary>
 /// <param name="projectName">The name of the project.</param>
 /// <param name="userName">The name of the user.</param>
 /// <param name="eventType">The type of event.</param>
 /// <param name="eventRight">The right of the event.</param>
 /// <param name="message">Any security message.</param>
 public virtual void LogEvent(string projectName, string userName, SecurityEvent eventType, SecurityRight eventRight, string message)
 {
     if (loggers != null)
     {
         foreach (IAuditLogger logger in loggers)
         {
             logger.LogEvent(projectName, userName, eventType, eventRight, message);
         }
     }
 }
 /// <summary>
 /// Filters by security right.
 /// </summary>
 /// <param name="right"></param>
 /// <returns></returns>
 public static AuditFilterBase ByRight(SecurityRight right)
 {
     return new SecurityRightAuditFilter(right);
 }
 /// <summary>
 /// Sends a security event to the audit loggers.
 /// </summary>
 /// <param name="projectName">The name of the project.</param>
 /// <param name="userName">The name of the user.</param>
 /// <param name="eventType">The type of event.</param>
 /// <param name="eventRight">The right of the event.</param>
 /// <param name="message">Any security message.</param>
 public void LogEvent(string projectName, string userName, SecurityEvent eventType, SecurityRight eventRight, string message)
 {
     // Do nothing
 }
        /// <summary>
        /// Performs the actual logging of a security event
        /// </summary>
        /// <param name="projectName">The name of the project.</param>
        /// <param name="userName">The name of the user.</param>
        /// <param name="eventType">The type of event.</param>
        /// <param name="eventRight">The right of the event.</param>
        /// <param name="message">Any security message.</param>
        protected override void DoLogEvent(string projectName, string userName, SecurityEvent eventType, SecurityRight eventRight, string message)
        {
            // Generate the log entry
            XmlDocument auditXml = new XmlDocument();
            XmlElement  xmlRoot  = auditXml.CreateElement("event");

            auditXml.AppendChild(xmlRoot);
            AddXmlElement(auditXml, xmlRoot, "dateTime", DateTime.Now.ToString("o", CultureInfo.CurrentCulture));
            if (!string.IsNullOrEmpty(projectName))
            {
                AddXmlElement(auditXml, xmlRoot, "project", projectName);
            }
            if (!string.IsNullOrEmpty(userName))
            {
                AddXmlElement(auditXml, xmlRoot, "user", userName);
            }
            AddXmlElement(auditXml, xmlRoot, "type", eventType.ToString());
            if (eventRight != SecurityRight.Inherit)
            {
                AddXmlElement(auditXml, xmlRoot, "outcome", eventRight.ToString());
            }
            if (!string.IsNullOrEmpty(message))
            {
                AddXmlElement(auditXml, xmlRoot, "message", message);
            }

            // Write the entry
            string auditLog = executionEnvironment.EnsurePathIsRooted(this.auditFile);

            lock (this)
            {
                File.AppendAllText(auditLog, auditXml.OuterXml.Replace(Environment.NewLine, " ") + Environment.NewLine);
            }
        }
 /// <summary>
 /// Starts a new filter with the security right.
 /// </summary>
 /// <param name="securityRight"></param>
 public SecurityRightAuditFilter(SecurityRight securityRight)
     : this(securityRight, null) { }
 /// <summary>
 /// Performs the actual logging of a security event
 /// </summary>
 /// <param name="projectName">The name of the project.</param>
 /// <param name="userName">The name of the user.</param>
 /// <param name="eventType">The type of event.</param>
 /// <param name="eventRight">The right of the event.</param>
 /// <param name="message">Any security message.</param>
 protected abstract void DoLogEvent(string projectName, string userName, SecurityEvent eventType, SecurityRight eventRight, string message);
 /// <summary>
 /// Starts a new filter with the security right and inner filter.
 /// </summary>
 /// <param name="securityRight"></param>
 /// <param name="innerFilter"></param>
 public SecurityRightAuditFilter(SecurityRight securityRight, AuditFilterBase innerFilter)
     : base(innerFilter)
 {
     this.right = securityRight;
 }
        /// <summary>
        /// Checks whether the user can perform the specified action.
        /// </summary>
        /// <param name="userName">The name of the user that is being checked.</param>
        /// <param name="permission">The permission to check.</param>
        /// <param name="defaultRight">The default right to use.</param>
        /// <param name="manager"></param>
        /// <returns>True if the permission is valid, false otherwise.</returns>
        public virtual bool CheckPermission(ISecurityManager manager, 
            string userName,
            SecurityPermission permission,
            SecurityRight defaultRight)
        {
            SecurityRight currentRight = SecurityRight.Inherit;

            // Iterate through the assertions stopping when we hit the first non-inherited permission
            foreach (IPermission assertion in permissions)
            {
                if (assertion.CheckUser(manager, userName)) currentRight = assertion.CheckPermission(manager, permission);
                if (currentRight != SecurityRight.Inherit) break;
            }

            // If we don't have a result, then use the default right
            if (currentRight == SecurityRight.Inherit) currentRight = this.defaultRight;
            if (currentRight == SecurityRight.Inherit) currentRight = defaultRight;
            return (currentRight == SecurityRight.Allow);
        }
 /// <summary>
 /// Filters by security right.
 /// </summary>
 /// <param name="right"></param>
 /// <returns></returns>
 public virtual AuditFilterBase ByRight(SecurityRight right)
 {
     return new SecurityRightAuditFilter(right, this);
 }
 /// <summary>
 /// Performs the actual logging of a security event
 /// </summary>
 /// <param name="projectName">The name of the project.</param>
 /// <param name="userName">The name of the user.</param>
 /// <param name="eventType">The type of event.</param>
 /// <param name="eventRight">The right of the event.</param>
 /// <param name="message">Any security message.</param>
 protected abstract void DoLogEvent(string projectName, string userName, SecurityEvent eventType, SecurityRight eventRight, string message);