public void GetRolesOExistingfUsersSucceeds()
{
var pdp = new PDP();
// Admin
Assert.That(pdp.getRolesOfUser("Ricardo").Select(role => role.RoleName), Is.EquivalentTo(new[] {"Admin", "Director", "User", "Manager", "Guest"}));
// Director
Assert.That(pdp.getRolesOfUser("Luís").Select(role => role.RoleName), Is.EquivalentTo(new[] { "Director", "User", "Guest" }));
// Manager
Assert.That(pdp.getRolesOfUser("Pedro").Select(role => role.RoleName), Is.EquivalentTo(new[] { "Manager", "User", "Guest" }));
// Auditor
Assert.That(pdp.getRolesOfUser("João").Select(role => role.RoleName), Is.EquivalentTo(new[] { "Auditor", "User", "Guest" }));
// User
var users = new[] {"Lídia", "Teresa", "Sara", "Elsa", "Mário", "Cristina"};
foreach (var user in users)
{
Assert.That(pdp.getRolesOfUser(user).Select(role => role.RoleName), Is.EquivalentTo(new[] { "User", "Guest" }));
}
// Guest
var guests = new[] { "Maria", "Miguel" };
foreach (var guest in guests)
{
Assert.That(pdp.getRolesOfUser(guest).Select(role => role.RoleName), Is.EquivalentTo(new[] { "Guest" }));
}
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var pdp = new PDP();
string action = httpContext.Request.HttpMethod;
string username = httpContext.User.Identity.Name;
string resource = httpContext.Request.Url.AbsolutePath;
if (!_caseSensitive)
{
action = action.ToLower();
resource = resource.ToLower();
}
try
{
return pdp.IsUserAuthorized(username, action, resource);
}
catch (Exception e)
{
if (!(e is ActionNotFoundException) && !(e is ResourceNotFoundException))
{
throw;
}
// Action or resource unknown to the policy repository. Forward to default AuthorizeAttribute implementation.
System.Diagnostics.Debug.WriteLine(e.Message);
return base.AuthorizeCore(httpContext);
}
}
public void GetResourcesOfAuthorizedUserSucceeds()
{
const string updateAction = "Alterar ficheiros", insertAction = "Criar ficheiros e pastas", executeAction = "Executar ficheiros";
var pdp = new PDP();
// Admin
Assert.That(
pdp.getResourcesOfAuthorizedUser("Ricardo", updateAction).Select(resource => resource.ResourceName),
Is.EquivalentTo(new[]
{"/folder", "/folder/file1.txt", "/folder/file2.txt"}));
Assert.That(
pdp.getResourcesOfAuthorizedUser("Ricardo", executeAction).Select(resource => resource.ResourceName),
Is.EquivalentTo(new[] { "/folder", "/program.exe" }));
// Director
Assert.That(
pdp.getResourcesOfAuthorizedUser("Luís", executeAction).Select(resource => resource.ResourceName),
Is.EquivalentTo(new[] { "/folder", "/program.exe" }));
// Guest
Assert.That(
pdp.getResourcesOfAuthorizedUser("Maria", executeAction).Select(resource => resource.ResourceName),
Is.EquivalentTo(new[] { "/program.exe" }));
}
public ActionResult Index()
{
ViewBag.Message = "PEP - Policy Enforcement Point.";
var pdp = new PDP();
IList<User> users = pdp.GetUsers();
var userRoles = new Dictionary<int, string>();
foreach (var user in users)
{
List<Role> roles = pdp.getRolesOfUser(user.UserName);
var sb = new StringBuilder();
foreach (var role in roles)
{
if (sb.Length != 0)
{
sb.Append(", ");
}
sb.Append(role.RoleName);
}
userRoles[user.UserId] = sb.ToString();
}
ViewBag.Users = users;
ViewBag.UserRoles = userRoles;
return View();
}
static void isActionAllowedOfUserWithResourceTest(PDP lib)
{
String userName = "******";
String resourceName = "/folder/file1.txt";
String actionName = "Criar ficheiros e pastas";
if (!lib.IsUserAuthorized(userName, actionName, resourceName))
Console.WriteLine("O utilizador {0} não tem permissão {1} sobre o recurso {2}.", userName, actionName, resourceName);
else
Console.WriteLine("O utilizador {0} tem permissão {1} sobre o recurso {2}.", userName, actionName, resourceName);
}
static void Main(string[] args)
{
PDP.ConnStringName = "Local";
PDP lib = new PDP();
//getRolesOfUserTest(lib);
//getPermissionsOfUserTest(lib);
//getActionsAllowedOfUserWithResourceTest(lib);
isActionAllowedOfUserWithResourceTest(lib);
Console.ReadKey();
}
public ActionResult Resource(string id)
{
ViewBag.Username = id;
// Get user page if user exists
var users = new PDP().GetUsers();
if (!users.Select(u => u.UserName).Contains(id))
{
return new HttpStatusCodeResult(HttpStatusCode.NotFound);
}
return View();
}
static void getPermissionsOfUserTest(PDP lib)
{
String userName = "******";
List<Permission> result = lib.getPermissionsOfUser(userName);
if (result == null)
Console.WriteLine("O utilizador {0} não tem Permissões", userName);
else
{
Console.WriteLine("O utilizador {0} tem os seguintes permissões:", userName);
foreach (Permission p in result)
Console.WriteLine("\t Permissão {0} sobre o recurso {1}.", p.ActionId,p.ResourceId);
}
}
static void getRolesOfUserTest(PDP lib)
{
String userName = "******";
List<Role> result = lib.getRolesOfUser(userName);
if (result == null)
Console.WriteLine("O utilizador {0} não tem Roles", userName);
else
{
Console.WriteLine("O utilizador {0} tem os seguintes Roles:", userName);
foreach (Role r in result)
Console.WriteLine("\t {0}", r.RoleName);
}
}
static void getActionsAllowedOfUserWithResourceTest(PDP lib)
{
String userName = "******";
String resourceName = "/folder/file1.txt";
List<Action> result = lib.getActionsAllowedOfUserWithResource(userName,resourceName).ToList<Action>();
if (result == null)
Console.WriteLine("O utilizador {0} não tem Permissões", userName);
else
{
Console.WriteLine("O utilizador {0} tem as seguintes acções sobre o recurso {1}:", userName, resourceName);
foreach (Action a in result.Distinct())
Console.WriteLine("\t {0}", a.ActionName);
}
}
public SimpleMembershipInitializer()
{
Database.SetInitializer<UsersContext>(null);
try
{
using (var context = new UsersContext())
{
if (!context.Database.Exists())
{
// Create the SimpleMembership database without Entity Framework migration schema
((IObjectContextAdapter)context).ObjectContext.CreateDatabase();
}
}
WebSecurity.InitializeDatabaseConnection("Local", "User", "userId", "username", autoCreateTables: true);
// Create accounts for all users, if they don't exist already
try
{
IList<User> users = new PDP().GetUsers();
foreach (var user in users)
{
WebSecurity.CreateAccount(user.UserName, "1234");
}
}
catch (System.Web.Security.MembershipCreateUserException)
{
// accounts already created
}
}
catch (Exception ex)
{
throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588", ex);
}
}
public void GetResourcesForUnknownThrowsActionNotFoundException()
{
var pdp = new PDP();
Assert.That(() => pdp.getResourcesOfAuthorizedUser("Unknown user", "Unknown action"), Throws.TypeOf<ActionNotFoundException>());
}
public void GetActionsAllowedForExistingUserAndResourceSucceeds()
{
var pdp = new PDP();
Assert.That(pdp.getActionsAllowedOfUserWithResource("João", "/folder").Select(action => action.ActionName),
Is.EquivalentTo(new[]
{
"Ver o conteúdo de ficheiros e listar conteúdo de pastas",
"Criar ficheiros e pastas",
"Executar ficheiros"
}));
Assert.That(pdp.getActionsAllowedOfUserWithResource("Pedro", "/folder/file3.txt").Select(action => action.ActionName),
Is.EquivalentTo(new[] { "Ver o conteúdo de ficheiros e listar conteúdo de pastas" }));
}
public void IsUserAuthorizedForUnknownActionThrowsActionNotFoundException()
{
var pdp = new PDP();
Assert.That(() => pdp.IsUserAuthorized("Ricardo", "unknown action", "/folder"), Throws.TypeOf<ActionNotFoundException>());
}
public void GetResourcesOfUnknownUserReturnsEmptyList()
{
var pdp = new PDP();
Assert.That(pdp.getResourcesOfAuthorizedUser("Unknown", "Executar ficheiros").Select(resource => resource.ResourceName), Is.EquivalentTo(new string[] { }));
}
public void GetUsersWithPermissionThrowsResourceNotFoundForUnknownResource()
{
var pdp = new PDP();
Assert.That(() => pdp.getUsersWithPermission("Executar ficheiros", "Unknown resource"), Throws.TypeOf<ResourceNotFoundException>());
}
public void GetRolesOfUnknownUserReturnsEmptyList()
{
var pdp = new PDP();
Assert.That(pdp.getRolesOfUser("Unknown").Select(role => role.RoleName), Is.EquivalentTo(new string[] {}));
}
public void GetUsersWithPermissionThrowsActionNotFoundForUnknownAction()
{
var pdp = new PDP();
Assert.That(() => pdp.getUsersWithPermission("Unknown action", "/folder"), Throws.TypeOf<ActionNotFoundException>());
}
public void IsUserAuthorizedForUnknownResourceThrowsResourceNotFoundException()
{
var pdp = new PDP();
Assert.That(() => pdp.IsUserAuthorized("Ricardo", "Executar ficheiros", "unknown resource"), Throws.TypeOf<ResourceNotFoundException>());
}
public void GetUsersForExistingRoleSucceeds()
{
var pdp = new PDP();
Assert.That(pdp.getUsersWithRole("Admin").Select(user => user.UserName),
Is.EquivalentTo(new[] { "Ricardo"}));
Assert.That(pdp.getUsersWithRole("User").Select(user => user.UserName),
Is.EquivalentTo(new[] { "Teresa", "Lídia", "Sara", "Elsa", "Mário", "Cristina" }));
}
public void GetUsersForUnknownRoleReturnsEmptyList()
{
var pdp = new PDP();
Assert.That(pdp.getUsersWithRole("Unknown role").Select(user => user.UserName),
Is.EquivalentTo(new string[] {}));
}
public void GetRolesForExistingUserSucceeds()
{
var pdp = new PDP();
Assert.That(pdp.getRolesOfUser("Ricardo").Select(role => role.RoleName),
Is.EquivalentTo(new[] {"Admin", "Manager", "Director", "User", "Guest"}));
}
public void GetRolesForUnknownUserReturnsEmptyList()
{
var pdp = new PDP();
Assert.That(pdp.getRolesOfUser("unknown user"), Is.EquivalentTo(new string[] { }));
}
public void IsUserAuthorizedForUnknownUserReturnsFalse()
{
var pdp = new PDP();
Assert.That(pdp.IsUserAuthorized("Unknown user", "Executar ficheiros", "/folder"), Is.False);
}
public void GetActionsAllowedForUnknownUserReturnsEmptyList()
{
var pdp = new PDP();
Assert.That(pdp.getActionsAllowedOfUserWithResource("Unknown user", "/folder"), Is.EquivalentTo(new string[] {}));
}
public void GetActionsAllowedForUnknownResourceThrowsResourceNotFoundException()
{
var pdp = new PDP();
Assert.That(() => pdp.getActionsAllowedOfUserWithResource("Ricardo", "unknown resource"), Throws.TypeOf<ResourceNotFoundException>());
}