public void ExecuteWhenCurrentUserCreatedPoll()
		{
			var generator = new RandomObjectGenerator();
			var userId = generator.Generate<int>();

			var poll = new Mock<IPoll>(MockBehavior.Strict);
			poll.Setup(_ => _.UserID).Returns(userId);

			var identity = new Mock<IUserIdentity>(MockBehavior.Strict);
			identity.Setup(_ => _.UserID).Returns(userId);
			identity.Setup(_ => _.IsInRole(UserRoles.Admin)).Returns(false);

			var principal = new Mock<IPrincipal>(MockBehavior.Strict);
			principal.Setup(_ => _.Identity).Returns(identity.Object);

			using (principal.Object.Bind(() => ApplicationContext.User))
			{
				var rule = new CanDeletePollRule();
				var context = new AuthorizationContext(rule, poll.Object, typeof(IPoll));
				(rule as IAuthorizationRule).Execute(context);

				Assert.IsTrue(context.HasPermission, context.GetPropertyName(_ => _.HasPermission));
			}

			principal.VerifyAll();
			identity.VerifyAll();
			poll.VerifyAll();
		}
	// TODO: Uncomment this property if rule result is not static. 
	/// <summary>
	///   Notify RuelEngine that the result of this AuthzRule can not be cached. 
	///   Default is true so AuthzRules will only run once.
	/// </summary>
	//public override bool CacheResult
	//{
	//   get { return false; }
	//}
	
    protected override void Execute(AuthorizationContext context)
    {
      // TODO: Add actual rule code here. 
      //if (!access_condition)
      //{
      //  context.HasPermission = false;
      //}
    }
		protected override void Execute(AuthorizationContext context)
		{
			var pollUserId = (context.Target as IPoll).UserID;
			var currentUser = ApplicationContext.User.Identity as IUserIdentity;

			context.HasPermission = currentUser != null && (
				currentUser.IsInRole(UserRoles.Admin) || currentUser.UserID == pollUserId);
		}
    protected override void Execute(AuthorizationContext context)
    {
      if (context.Target != null)
      {
        var val1 = (string)ReadProperty(context.Target, _prop1);
        var val2 = (string)ReadProperty(context.Target, _prop2);

        // add my own if tests here 
      }
    }
Exemple #5
0
    protected override void Execute(AuthorizationContext context)
    {
      // chect the base rule 
      base.Execute(context);
      if (!context.HasPermission) return;

      if (context.Target != null)
      {
        var val1 = (string) ReadProperty(context.Target, _prop1);
        var val2 = (string) ReadProperty(context.Target, _prop2);

        // add my own if tests here 
      }
    }
		public void ExecuteWhenApplicationContextUserIsNotIUserIdentity()
		{
			var principal = new Mock<IPrincipal>(MockBehavior.Strict);
			principal.Setup(_ => _.Identity).Returns(Mock.Of<IIdentity>());

			using (principal.Object.Bind(() => ApplicationContext.User))
			{
				var rule = new CanDeletePollRule();
				var context = new AuthorizationContext(rule, Mock.Of<IPoll>(), typeof(IPoll));
				(rule as IAuthorizationRule).Execute(context);

				Assert.IsFalse(context.HasPermission, context.GetPropertyName(_ => _.HasPermission));
			}

			principal.VerifyAll();
		}
        public void WhenAccountIsNotReadOnly_UserCanEditObject()
        {
            var rule = new HasAccessToProcess(AuthorizationActions.EditObject, new HasAccessToProcess.ProcessSecurityConfiguration[] {});

            var identity = new Mock<IMQ1Identity>();

            identity.Setup(x => x.IsAuthenticated).Returns(true);
            identity.Setup(x => x.IsAdmin).Returns(false);
            identity.Setup(x => x.LicenseType).Returns(LicenseTypes.Concurrent);

            Csla.ApplicationContext.User = new GenericPrincipal(identity.Object, new string[] { });

            var item = new Mock<IEditableRoot>();

            var context = new AuthorizationContext(rule, item.Object, item.Object.GetType());

            ((IAuthorizationRule)rule).Execute(context);

            Assert.IsTrue(context.HasPermission);
        }
        public void DifferentBadgeTypeAllowedForUnauthorizedUser()
        {
            var mockPrincipal = new Mock<ICslaPrincipal>();
            mockPrincipal.Setup(i => i.IsInRole(Common.Enums.PermissionType.Administrator.ToString())).Returns(false);
            Csla.ApplicationContext.User = mockPrincipal.Object;

            var mockTypeProperty = new Mock<IPropertyInfo>();
            mockTypeProperty.Setup(mp => mp.Type).Returns(typeof(Common.Enums.BadgeType));
            mockTypeProperty.Setup(mp => mp.Name).Returns("Type");

            var newRule = new Rules.CanSetBadgeType(AuthorizationActions.WriteProperty, mockTypeProperty.Object, Common.Enums.BadgeType.Corporate, Common.Enums.PermissionType.Administrator.ToString());
            var targetObject = new Mock<IBadgeEdit>();
            targetObject.Setup(to => to.Type).Returns(Common.Enums.BadgeType.Community);

            var ruleContext = new AuthorizationContext(newRule, targetObject.Object, typeof(IBadgeEdit));
            var ruleRunner = (IAuthorizationRule)newRule;

            ruleRunner.Execute(ruleContext);

            Assert.IsTrue(ruleContext.HasPermission);
        }
Exemple #9
0
 protected override void Execute(AuthorizationContext context)
 {
   var country = (string)MethodCaller.CallPropertyGetter(context.Target, CountryField.Name);
   context.HasPermission = country.Equals(CountryNVL.UnitedStates);
 }
Exemple #10
0
    /// <summary>
    /// The execute.
    /// </summary>
    /// <param name="context">
    /// The context.
    /// </param>
    protected override void Execute(AuthorizationContext context)
    {
      var value = (string) ReadProperty(context.Target, CountryProperty);

      context.HasPermission = value == "US";
    }
 /// <summary>
 /// Initializes the test.
 /// </summary>
 /// <param name="rule">The rule.</param>
 /// <param name="target">The target.</param>
 /// <param name="type">The type.</param>
 public void InitializeTest(IAuthorizationRule rule, object target, Type type)
 {
   AuthorizationContext = new AuthorizationContext(rule, target, type);
 }
 /// <summary>
 /// Gets the permission.
 /// </summary>
 /// <param name="context">The context.</param>
 /// <param name="config">The configuration.</param>
 /// <param name="isAccountReadOnly">if set to <c>true</c> [is account read only].</param>
 /// <returns><c>true</c> if permission is granted, <c>false</c> otherwise.</returns>
 /// <exception cref="Cebos.Veyron.SharedTypes.VeyronException">Unknown Authorization Action</exception>
 private static bool GetPermission(AuthorizationContext context, ProcessSecurityConfiguration config,
     bool isAccountReadOnly)
 {
     switch (context.Rule.Action)
     {
         case AuthorizationActions.CreateObject:
             return config.CanCreate & !isAccountReadOnly;
         case AuthorizationActions.DeleteObject:
             return config.CanDelete & !isAccountReadOnly;
         case AuthorizationActions.EditObject:
             return !isAccountReadOnly;
         default:
             throw new VeyronException("Unknown Authorization Action");
     }
 }
 /// <summary>
 /// Sets the permission.
 /// </summary>
 /// <param name="context">The context.</param>
 /// <param name="configs">The configs.</param>
 /// <param name="isAccountReadOnly">if set to <c>true</c> then account is read only.</param>
 private static void SetPermission(AuthorizationContext context, IEnumerable<ProcessSecurityConfiguration> configs, bool isAccountReadOnly)
 {
     foreach (var config in configs)
     {
         context.HasPermission = context.HasPermission || GetPermission(context, config, isAccountReadOnly);
     }
 }
Exemple #14
0
    private static bool HasPermission(AuthorizationActions action, object obj, Type objType, string ruleSet)
    {

      if (action == AuthorizationActions.ReadProperty ||
          action == AuthorizationActions.WriteProperty ||
          action == AuthorizationActions.ExecuteMethod)
        throw new ArgumentOutOfRangeException("action");

      bool result = true;
      var rule =
        AuthorizationRuleManager.GetRulesForType(objType, ruleSet).Rules.FirstOrDefault(c => c.Element == null && c.Action == action);
      if (rule != null)
      {
        var context = new AuthorizationContext { Rule = rule, Target = obj, TargetType = objType };
        rule.Execute(context);
        result = context.HasPermission;
      }
      return result;
    }
Exemple #15
0
 /// <summary>
 /// Authorization rule implementation.
 /// </summary>
 /// <param name="context">Rule context object.</param>
 protected abstract void Execute(AuthorizationContext context);
Exemple #16
0
 protected override void Execute(AuthorizationContext context)
 {
     context.HasPermission = Provider.Get().HasOperationForProgram(_programId, EDefaultOperation.WriteData);
 }
Exemple #17
0
 protected override void Execute(AuthorizationContext context)
 {
     context.HasPermission = Provider.Get()
         .HasOperationForProgram(_programId, EDefaultOperation.ReadDataAndAccessModule);
 }
Exemple #18
0
    /// <summary>
    /// Checks per-property authorization rules.
    /// </summary>
    /// <param name="action">Authorization action.</param>
    /// <param name="element">Property or method to check.</param>
    public bool HasPermission(AuthorizationActions action, Csla.Core.IMemberInfo element)
    {
      if (_suppressRuleChecking)
        return true;

      if (action == AuthorizationActions.CreateObject ||
          action == AuthorizationActions.DeleteObject ||
          action == AuthorizationActions.GetObject ||
          action == AuthorizationActions.EditObject)
        throw new ArgumentOutOfRangeException("action");

      bool result = true;
      var rule =
        TypeAuthRules.Rules.FirstOrDefault(c => c.Element != null && c.Element.Name == element.Name && c.Action == action);
      if (rule != null)
      {
        var context = new AuthorizationContext { Rule = rule, Target = this.Target, TargetType = this.Target.GetType() };
        rule.Execute(context);
        result = context.HasPermission;
      }
      return result;
    }
 void IAuthorizationRule.Execute(AuthorizationContext context)
 {
   if (!_locked)
     _locked = true;
   Execute(context);
 }
 /// <summary>
 /// Sets the permission.
 /// </summary>
 /// <param name="context">The context.</param>
 /// <param name="config">The configuration.</param>
 /// <param name="isAccountReadOnly">if set to <c>true</c> then account is read only.</param>
 /// <exception cref="VeyronException"></exception>
 private static void SetPermission(AuthorizationContext context, ProcessSecurityConfiguration config, bool isAccountReadOnly)
 {
     context.HasPermission = GetPermission(context, config, isAccountReadOnly);
 }
 /// <summary>
 /// Authorization rule implementation.
 /// </summary>
 /// <param name="context">Rule context object.</param>
 protected abstract void Execute(AuthorizationContext context);
        /// <summary>
        /// Authorization rule implementation.
        /// </summary>
        /// <param name="context">Rule context object.</param>
        protected override void Execute(AuthorizationContext context)
        {
            if (context == null)
                return;

            if (BypassPropertyCheckContext.Current != null)
            {
                context.HasPermission = true;
                return;
            }

            if (ThreadLocalBypassPropertyCheckContext.Current != null)
            {
                context.HasPermission = true;
                return;
            }

            // check if object is irremovable and deny delete
            if (Action == AuthorizationActions.DeleteObject)
            {
                var editableRoot = context.Target as IHasUnremovableCapability;
                if (editableRoot != null && editableRoot.IsUnremovable)
                {
                    context.HasPermission = false;
                    return;
                }
            }

            context.HasPermission = false;

            var user = Csla.ApplicationContext.User;

            if (!user.Identity.IsAuthenticated)
            {
                return;
            }

            var identity = user.Identity as IMQ1Identity;
            if (identity == null)
            {
                return;
            }

            if (identity.IsAdmin)
            {
                context.HasPermission = true;
                return;
            }

            if (Action == AuthorizationActions.EditObject)
            {
                context.HasPermission = identity.LicenseType != LicenseTypes.Viewonly;
                return;
            }

            // find exact match
            var configs = SecurityConfigurations.Where(c => c.BusinessUnitId == identity.BusinessUnitId && identity.RolesId.Contains(c.RoleId)).ToList();
            if (configs.Any())
            {
                SetPermission(context, configs, identity.LicenseType == LicenseTypes.Viewonly);
                return;
            }

            // find partial matches
            configs = SecurityConfigurations.Where(c =>
                (c.BusinessUnitId == identity.BusinessUnitId && c.RoleId < 0)
                || (c.BusinessUnitId < 0 && identity.RolesId.Contains(c.RoleId))).ToList();

            if (configs.Any())
            {
                SetPermission(context, configs, identity.LicenseType == LicenseTypes.Viewonly);
                return;
            }

            // find any matches
            configs = SecurityConfigurations.Where(c => c.BusinessUnitId < 0 && c.RoleId < 0).ToList();
            if (configs.Any())
            {
                SetPermission(context, configs, identity.LicenseType == LicenseTypes.Viewonly);
            }

            // no permission
        }
Exemple #23
0
 void IAuthorizationRule.Execute(AuthorizationContext context)
 {
     Execute(context);
 }