public void A_RulePolicy_can_be_properly_serialized_to_json() { var adminRoleRule = new ClaimRule { ClaimType = "role", ClaimValue = "admin" }; var powerUserRoleRule = new ClaimRule { ClaimType = "role", ClaimValue = "power user" }; var salesDepartmentRule = new ClaimRule { ClaimType = "department", ClaimValue = "sales" }; var nameDynauthorizerRule = new ClaimRule { ClaimType = "name", ClaimValue = "Dynauthorizer" }; var salesPowerUserRuleSet = new RuleSet(new[] { powerUserRoleRule, salesDepartmentRule }, RuleSetOperator.And); var rootRuleSet = new RuleSet(new IRule[] { adminRoleRule, nameDynauthorizerRule, salesPowerUserRuleSet }, RuleSetOperator.Or); var policy = new RulePolicy { Name = "MyPolicy", RootRule = rootRuleSet }; var jsonString = JsonConvert.SerializeObject(policy, Formatting.Indented); var expectedString = @"{ ""name"": ""MyPolicy"", ""rootRule"": { ""rules"": [ { ""claimType"": ""role"", ""claimValue"": ""admin"" }, { ""claimType"": ""name"", ""claimValue"": ""Dynauthorizer"" }, { ""rules"": [ { ""claimType"": ""role"", ""claimValue"": ""power user"" }, { ""claimType"": ""department"", ""claimValue"": ""sales"" } ], ""operator"": ""And"" } ], ""operator"": ""Or"" } }"; Assert.Equal(expectedString, jsonString); }
public void Rule_with_matching_principal_returns_true() { var rule = new ClaimRule { ClaimType = "testclaim", ClaimValue = "testvalue" }; var principal = new ClaimsPrincipalBuilder().WithClaim("testclaim", "testvalue").Build(); var isOk = rule.IsSatisfiedBy(principal); Assert.True(isOk); }
public void Rule_without_ClaimValue_only_checks_ClaimType() { var rule = new ClaimRule { ClaimType = "testclaim", ClaimValue = null }; var principal = new ClaimsPrincipalBuilder().WithClaim("testclaim", "whatever").Build(); var isOk = rule.IsSatisfiedBy(principal); Assert.True(isOk); }
public void Rule_without_matching_principal_returns_false() { var rule = new ClaimRule { ClaimType = "testclaim", ClaimValue = "testvalue" }; var principal = new ClaimsPrincipalBuilder().Build(); // empty, no claims var isOk = rule.IsSatisfiedBy(principal); Assert.False(isOk); }
public void Both_claims_must_be_satisified_in_RuleSet_with_2_rules_and_operator_And() { var rule1 = new ClaimRule { ClaimType = "testclaim1", ClaimValue = "testvalue1" }; var rule2 = new ClaimRule { ClaimType = "testclaim2", ClaimValue = "testvalue2" }; var ruleSet = new RuleSet(new [] { rule1, rule2 }, RuleSetOperator.And); var principalWithBothClaims = new ClaimsPrincipalBuilder().WithClaim("testclaim1", "testvalue1").WithClaim("testclaim2", "testvalue2").Build(); var principalWithOnlyOneClaim = new ClaimsPrincipalBuilder().WithClaim("testclaim1", "textvalue1").Build(); Assert.True(ruleSet.IsSatisfiedBy(principalWithBothClaims)); Assert.False(ruleSet.IsSatisfiedBy(principalWithOnlyOneClaim)); }
public void Composite_RuleSet_with_one_Rule_and_a_nested_RuleSet_and_operator_or_can_be_satisfied_with_a_principal_that_matches_the_Rule_but_also_with_a_principal_that_matches_the_nested_ruleset() { var adminRoleRule = new ClaimRule { ClaimType = "role", ClaimValue = "admin" }; var powerUserRoleRule = new ClaimRule { ClaimType = "role", ClaimValue = "power users" }; var salesDepartmentRule = new ClaimRule { ClaimType = "department", ClaimValue = "sales" }; var salesPowerUsersRuleSet = new RuleSet(new [] { powerUserRoleRule, salesDepartmentRule }, RuleSetOperator.And); var compositeRuleSet = new RuleSet(new IRule[] { adminRoleRule, salesPowerUsersRuleSet }, RuleSetOperator.Or); var adminPrincipal = new ClaimsPrincipalBuilder().WithClaim("role", "admin").Build(); var salesPowerUserPrincipal = new ClaimsPrincipalBuilder().WithClaim("role", "power users").WithClaim("department", "sales").Build(); var regularSalesUser = new ClaimsPrincipalBuilder().WithClaim("role", "users").WithClaim("department", "sales").Build(); Assert.True(compositeRuleSet.IsSatisfiedBy(adminPrincipal)); Assert.True(compositeRuleSet.IsSatisfiedBy(salesPowerUserPrincipal)); Assert.False(compositeRuleSet.IsSatisfiedBy(regularSalesUser)); }