public void Import_3AbstractRoles() { string metadataXml = @" <securityMetadata xmlns=""http://www.re-motion.org/Security/Metadata/1.0""> <classes /> <stateProperties /> <accessTypes /> <abstractRoles> <abstractRole id=""00000003-0001-0000-0000-000000000000"" name=""Clerk|Remotion.Security.UnitTests.TestDomain.DomainAbstractRoles, Remotion.Security.UnitTests.TestDomain"" value=""0"" /> <abstractRole id=""00000003-0002-0000-0000-000000000000"" name=""Secretary|Remotion.Security.UnitTests.TestDomain.DomainAbstractRoles, Remotion.Security.UnitTests.TestDomain"" value=""1"" /> <abstractRole id=""00000004-0001-0000-0000-000000000000"" name=""Administrator|Remotion.Security.UnitTests.TestDomain.SpecialAbstractRoles, Remotion.Security.UnitTests.TestDomain"" value=""0"" /> </abstractRoles> </securityMetadata> "; _importer.Import(GetXmlDocument(metadataXml)); using (_testHelper.Transaction.EnterNonDiscardingScope()) { Assert.AreEqual(0, _importer.Classes.Count, "Class count"); Assert.AreEqual(0, _importer.StateProperties.Count, "State property count"); Assert.AreEqual(3, _importer.AbstractRoles.Count, "Abstract role count"); Assert.AreEqual(0, _importer.AccessTypes.Count, "Access type count"); AbstractRoleDefinition expectedRole1 = _testHelper.CreateClerkAbstractRole(0); MetadataObjectAssert.AreEqual(expectedRole1, _importer.AbstractRoles[expectedRole1.MetadataItemID], "Abstract Role Clerk"); AbstractRoleDefinition expectedRole2 = _testHelper.CreateSecretaryAbstractRole(1); MetadataObjectAssert.AreEqual(expectedRole2, _importer.AbstractRoles[expectedRole2.MetadataItemID], "Abstract Role Secretary"); AbstractRoleDefinition expectedRole3 = _testHelper.CreateAdministratorAbstractRole(2); MetadataObjectAssert.AreEqual(expectedRole3, _importer.AbstractRoles[expectedRole3.MetadataItemID], "Abstract Role Administrator"); } }
public AbstractRoleDefinition CreateAbstractRoleDefinition(string name, int value) { using (_transaction.EnterNonDiscardingScope()) { return(AbstractRoleDefinition.NewObject(Guid.NewGuid(), name, value)); } }
public void Find_ValidOneAbstractRole() { var abstractRoles = new[] { EnumWrapper.Get(ProjectRoles.QualityManager) }; var result = AbstractRoleDefinition.Find(abstractRoles); Assert.That(result.Count, Is.EqualTo(1)); Assert.That(result[0].Name, Is.EqualTo(abstractRoles[0].Name)); }
public void GetAccessTypes_WithMultipleMatchingAces() { AbstractRoleDefinition role1 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "QualityManager", 0); AccessControlEntry ace1 = AccessControlEntry.NewObject(); ace1.SpecificAbstractRole = role1; AccessTypeDefinition readAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Read", 0); AccessTypeDefinition copyAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Copy", 1); AccessTypeDefinition indexAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Index", 2); AccessTypeDefinition moveAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Move", 3); AccessTypeDefinition appendAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Append", 4); AccessTypeDefinition renameAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Rename", 5); AccessTypeDefinition writeAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Write", 6); AccessTypeDefinition deleteAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Delete", 7); AccessTypeDefinition findAccessType = _testHelper.CreateAccessTypeForAce(ace1, null, Guid.NewGuid(), "Find", 8); AbstractRoleDefinition role2 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "SoftwareDeveloper", 1); AccessControlEntry ace2 = AccessControlEntry.NewObject(); ace2.SpecificAbstractRole = role2; _testHelper.AttachAccessType(ace2, readAccessType, true); _testHelper.AttachAccessType(ace2, copyAccessType, false); _testHelper.AttachAccessType(ace2, indexAccessType, null); _testHelper.AttachAccessType(ace2, moveAccessType, true); _testHelper.AttachAccessType(ace2, appendAccessType, false); _testHelper.AttachAccessType(ace2, renameAccessType, null); _testHelper.AttachAccessType(ace2, writeAccessType, true); _testHelper.AttachAccessType(ace2, deleteAccessType, false); _testHelper.AttachAccessType(ace2, findAccessType, null); AccessControlList acl = _testHelper.CreateStatefulAcl(ace1, ace2); SecurityToken token = _testHelper.CreateTokenWithAbstractRole(role1, role2); AccessInformation accessInformation = acl.GetAccessTypes(token); //read y y y //copy y n n //index y - y //move n y n //append n n n //rename n - n //write - y y //delete - n n //find - - - Assert.That( accessInformation.AllowedAccessTypes, Is.EquivalentTo(new[] { readAccessType, indexAccessType, writeAccessType })); Assert.That( accessInformation.DeniedAccessTypes, Is.EquivalentTo(new[] { copyAccessType, moveAccessType, appendAccessType, renameAccessType, deleteAccessType })); }
public void Search_WithDisplayNameConstraint_FindDisplayNameCaseInsensitive() { var expected = AbstractRoleDefinition.FindAll().AsEnumerable().Where(r => r.DisplayName.Contains("QualityManager")).ToArray(); Assert.That(expected.Length, Is.EqualTo(1)); var actual = _searchService.Search(null, _property, CreateSecurityManagerSearchArguments("qualitymanager")); Assert.That(actual, Is.EquivalentTo(expected)); }
public void Search_WithDisplayNameConstraint_DontMatchOtherValue() { var expected = AbstractRoleDefinition.FindAll().AsEnumerable().ToArray(); Assert.That(expected.Length, Is.EqualTo(2)); var actual = _searchService.Search(null, _property, CreateSecurityManagerSearchArguments("QualityManager")); Assert.That(actual.Length, Is.EqualTo(1)); }
public void Search() { var expected = AbstractRoleDefinition.FindAll().ToArray(); Assert.That(expected, Is.Not.Empty); IBusinessObject[] actual = _searchService.Search(null, _property, CreateSecurityManagerSearchArguments(null)); Assert.That(actual, Is.EqualTo(expected)); }
public void FindAll_TwoFound() { var result = AbstractRoleDefinition.FindAll(); Assert.That(result.Count, Is.EqualTo(2)); for (int i = 0; i < result.Count; i++) { AbstractRoleDefinition abstractRole = result[i]; Assert.AreEqual(i, abstractRole.Index, "Wrong Index."); } }
public AbstractRoleDefinition CreateAdministratorAbstractRole(int index) { using (_transaction.EnterNonDiscardingScope()) { AbstractRoleDefinition role = AbstractRoleDefinition.NewObject( new Guid("00000004-0001-0000-0000-000000000000"), "Administrator|Remotion.Security.UnitTests.TestDomain.SpecialAbstractRoles, Remotion.Security.UnitTests.TestDomain", 0); role.Index = index; return(role); } }
public AbstractRoleDefinition CreateSecretaryAbstractRole(int index) { using (_transaction.EnterNonDiscardingScope()) { AbstractRoleDefinition role = AbstractRoleDefinition.NewObject( new Guid("00000003-0002-0000-0000-000000000000"), "Secretary|Remotion.Security.UnitTests.TestDomain.DomainAbstractRoles, Remotion.Security.UnitTests.TestDomain", 1); role.Index = index; return(role); } }
public void CreateAndCommitAdministratorAbstractRole(ClientTransaction transaction) { CreateEmptyDomain(); using (transaction.EnterNonDiscardingScope()) { Guid metadataItemID = new Guid("00000004-0001-0000-0000-000000000000"); string abstractRoleName = "Administrator|Remotion.Security.UnitTests.TestDomain.SpecialAbstractRoles, Remotion.Security.UnitTests.TestDomain"; AbstractRoleDefinition administratorAbstractRole = AbstractRoleDefinition.NewObject(metadataItemID, abstractRoleName, 0); ClientTransactionScope.CurrentTransaction.Commit(); } }
public void Initialize_Values() { Tenant principalTenant = CreateTenant("principalTenant"); Principal principal = PrincipalTestHelper.Create(principalTenant, null, new Role[0]); Tenant owningTenant = CreateTenant("owningTenant"); Group owningGroup = CreateGroup("owningGroup", null, owningTenant); User owningUser = CreateUser("owningUser", CreateGroup("owningUserGroup", null, owningTenant), owningTenant); AbstractRoleDefinition abstractRole1 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "role1", 0); AbstractRoleDefinition abstractRole2 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "role2", 1); SecurityToken token = SecurityToken.Create( principal, owningTenant, owningGroup, owningUser, new[] { abstractRole1.GetHandle(), abstractRole2.GetHandle() }); Assert.That(token.Principal, Is.SameAs(principal)); Assert.That(token.OwningTenant, Is.EqualTo(owningTenant).Using(DomainObjectHandleComparer.Instance)); Assert.That(token.OwningGroup, Is.EqualTo(owningGroup).Using(DomainObjectHandleComparer.Instance)); Assert.That(token.OwningUser, Is.EqualTo(owningUser).Using(DomainObjectHandleComparer.Instance)); Assert.That(token.AbstractRoles, Is.EquivalentTo(new[] { abstractRole1, abstractRole2 }).Using(DomainObjectHandleComparer.Instance)); }
public void FindMatchingEntries_WithMultipleMatchingAces() { AccessControlEntry ace1 = AccessControlEntry.NewObject(); AccessTypeDefinition readAccessType = _testHelper.CreateReadAccessTypeAndAttachToAce(ace1, true); AccessTypeDefinition writeAccessType = _testHelper.CreateWriteAccessTypeAndAttachToAce(ace1, null); AccessTypeDefinition deleteAccessType = _testHelper.CreateDeleteAccessTypeAndAttachToAce(ace1, null); AbstractRoleDefinition role2 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "SoftwareDeveloper", 1); AccessControlEntry ace2 = AccessControlEntry.NewObject(); ace2.SpecificAbstractRole = role2; _testHelper.AttachAccessType(ace2, readAccessType, null); _testHelper.AttachAccessType(ace2, writeAccessType, true); _testHelper.AttachAccessType(ace2, deleteAccessType, null); AccessControlList acl = _testHelper.CreateStatefulAcl(ace1, ace2); SecurityToken token = _testHelper.CreateTokenWithAbstractRole(role2); AccessControlEntry[] entries = acl.FindMatchingEntries(token); Assert.That(entries.Length, Is.EqualTo(2)); Assert.That(entries, Has.Member(ace2)); Assert.That(entries, Has.Member(ace1)); }
public void DomainObjectsAreSerializable() { CheckDomainObjectSerializability(delegate { return(AccessControlEntry.NewObject()); }); CheckDomainObjectSerializability(delegate { return(StatefulAccessControlList.NewObject()); }); CheckDomainObjectSerializability(delegate { return(Permission.NewObject()); }); CheckDomainObjectSerializability(delegate { return(StateCombination.NewObject()); }); CheckDomainObjectSerializability(delegate { return(StateUsage.NewObject()); }); CheckDomainObjectSerializability(delegate { return(AbstractRoleDefinition.NewObject()); }); CheckDomainObjectSerializability(delegate { return(AccessTypeDefinition.NewObject()); }); CheckDomainObjectSerializability(delegate { return(AccessTypeReference.NewObject()); }); CheckDomainObjectSerializability(delegate { return(Culture.NewObject("DE-DE")); }); CheckDomainObjectSerializability(delegate { return(LocalizedName.NewObject("foo", Culture.NewObject("DE-DE"), SecurableClassDefinition.NewObject())); }); CheckDomainObjectSerializability(delegate { return(SecurableClassDefinition.NewObject()); }); CheckDomainObjectSerializability(delegate { return(StateDefinition.NewObject()); }); CheckDomainObjectSerializability(delegate { return(StatePropertyDefinition.NewObject()); }); CheckDomainObjectSerializability(delegate { return(StatePropertyReference.NewObject()); }); CheckDomainObjectSerializability(delegate { return((Group)LifetimeService.NewObject(ClientTransaction.Current, typeof(Group), ParamList.Empty)); }); CheckDomainObjectSerializability(delegate { return((GroupType)LifetimeService.NewObject(ClientTransaction.Current, typeof(GroupType), ParamList.Empty)); }); CheckDomainObjectSerializability(delegate { return(GroupTypePosition.NewObject()); }); CheckDomainObjectSerializability(delegate { return((Position)LifetimeService.NewObject(ClientTransaction.Current, typeof(Position), ParamList.Empty)); }); CheckDomainObjectSerializability(delegate { return(Role.NewObject()); }); CheckDomainObjectSerializability(delegate { return((Tenant)LifetimeService.NewObject(ClientTransaction.Current, typeof(Tenant), ParamList.Empty)); }); CheckDomainObjectSerializability(delegate { return((User)LifetimeService.NewObject(ClientTransaction.Current, typeof(User), ParamList.Empty)); }); }
/// <summary> /// Inits security manager database with users, groups, roles, group types, position, etc for 2 tenants. /// Use to catch sideffect due to incorrect tenant domain seperation. /// Caution: DB setup is performance critical. Avoid if possible. /// </summary> /// <returns>The tenant to use in the test.</returns> public Tenant CreateAndCommitOrganizationalStructureWithTwoTenants(ClientTransaction transaction) { CreateEmptyDomain(); using (transaction.EnterNonDiscardingScope()) { AbstractRoleDefinition qualityManagerRole = AbstractRoleDefinition.NewObject( Guid.NewGuid(), "QualityManager|Remotion.SecurityManager.UnitTests.TestDomain.ProjectRoles, Remotion.SecurityManager.UnitTests", 0); qualityManagerRole.Index = 1; AbstractRoleDefinition developerRole = AbstractRoleDefinition.NewObject( Guid.NewGuid(), "Developer|Remotion.SecurityManager.UnitTests.TestDomain.ProjectRoles, Remotion.SecurityManager.UnitTests", 1); developerRole.Index = 0; Position globalPosition = CreatePosition("Global"); globalPosition.Delegation = Delegation.Enabled; globalPosition.UniqueIdentifier = "UID: Global"; Position officialPosition = CreatePosition("Official"); officialPosition.UniqueIdentifier = "UID: Official"; officialPosition.Delegation = Delegation.Enabled; Position managerPosition = CreatePosition("Manager"); managerPosition.Delegation = Delegation.Disabled; managerPosition.UniqueIdentifier = "UID: Manager"; GroupType groupType1 = CreateGroupType("groupType 1"); GroupType groupType2 = CreateGroupType("groupType 2"); GroupTypePosition groupType1_managerPosition = GroupTypePosition.NewObject(); groupType1_managerPosition.GroupType = groupType1; groupType1_managerPosition.Position = managerPosition; GroupTypePosition groupType1_officialPosition = GroupTypePosition.NewObject(); groupType1_officialPosition.GroupType = groupType1; groupType1_officialPosition.Position = officialPosition; GroupTypePosition groupType2_officialPosition = GroupTypePosition.NewObject(); groupType2_officialPosition.GroupType = groupType2; groupType2_officialPosition.Position = officialPosition; Tenant tenant1 = CreateTenant("TestTenant"); tenant1.UniqueIdentifier = "UID: testTenant"; Group rootGroup = CreateGroup("rootGroup", "RG", "UID: rootGroup", null, tenant1); for (int i = 0; i < 2; i++) { Group parentGroup = CreateGroup( string.Format("parentGroup{0}", i), string.Format("PG{0}", i), string.Format("UID: parentGroup{0}", i), rootGroup, tenant1); parentGroup.GroupType = groupType1; Group group = CreateGroup( string.Format("group{0}", i), string.Format("G{0}", i), string.Format("UID: group{0}", i), parentGroup, tenant1); group.GroupType = groupType2; User user1 = CreateUser(string.Format("group{0}/user1", i), string.Empty, "user1", string.Empty, group, tenant1); User user2 = CreateUser(string.Format("group{0}/user2", i), string.Empty, "user2", string.Empty, group, tenant1); CreateRole(user1, parentGroup, managerPosition); CreateRole(user2, parentGroup, officialPosition); } Group testRootGroup = CreateGroup("testRootGroup", null, "UID: testRootGroup", null, tenant1); Group testParentOfOwningGroup = CreateGroup("testParentOfOwningGroup", null, "UID: testParentOfOwningGroup", testRootGroup, tenant1); Group testOwningGroup = CreateGroup("testOwningGroup", null, "UID: testOwningGroup", testParentOfOwningGroup, tenant1); Group testGroup = CreateGroup("testGroup", null, "UID: testGroup", null, tenant1); User testUser = CreateUser("test.user", "test", "user", "Dipl.Ing.(FH)", testOwningGroup, tenant1); Role officialRole = CreateRole(testUser, testGroup, officialPosition); Role managerRole = CreateRole(testUser, testGroup, managerPosition); CreateRole(testUser, testOwningGroup, managerPosition); CreateRole(testUser, testRootGroup, officialPosition); User substitutingUser = CreateUser("substituting.user", null, "substitute", null, testRootGroup, tenant1); CreateRole(substitutingUser, testOwningGroup, managerPosition); CreateRole(substitutingUser, testRootGroup, officialPosition); Substitution enabledUserSubstitution = Substitution.NewObject(); enabledUserSubstitution.SubstitutingUser = substitutingUser; enabledUserSubstitution.SubstitutedUser = testUser; Substitution enabledRoleSubstitution = Substitution.NewObject(); enabledRoleSubstitution.SubstitutingUser = substitutingUser; enabledRoleSubstitution.SubstitutedUser = testUser; enabledRoleSubstitution.SubstitutedRole = officialRole; Substitution disabledRoleSubstitution = Substitution.NewObject(); disabledRoleSubstitution.SubstitutingUser = substitutingUser; disabledRoleSubstitution.SubstitutedUser = testUser; disabledRoleSubstitution.SubstitutedRole = managerRole; disabledRoleSubstitution.IsEnabled = false; Tenant tenant2 = CreateTenant("Tenant 2"); Group groupTenant2 = CreateGroup("Group Tenant 2", "GT2", "UID: group Tenant 2", null, tenant2); User userTenant2 = CreateUser("User.Tenant2", "User", "Tenant 2", string.Empty, groupTenant2, tenant2); Substitution userTenant2Substitution = Substitution.NewObject(); userTenant2Substitution.SubstitutingUser = userTenant2; userTenant2Substitution.SubstitutedUser = testUser; ClientTransactionScope.CurrentTransaction.Commit(); return(tenant1); } }
public void Find_EmptyResult() { var result = AbstractRoleDefinition.Find(new EnumWrapper[0]); Assert.That(result, Is.Empty); }
public void FindAll_EmptyResult () { DomainObjectCollection result = AbstractRoleDefinition.FindAll(); Assert.That (result.Count, Is.EqualTo (0)); }