public virtual IList <Directory> GetDirectories()
{
try
{
List <Directory> directories = new List <Directory>();
foreach (DirectoryData dir in FileSystem.GetDirectories(LocalUrl))
{
var node = Items.Directory.New(dir, this, DependencyInjector);
node.UrlPrefix = this.UrlPrefix;
if (!DynamicPermissionMap.IsAllRoles(this, Permission.Read))
{
DynamicPermissionMap.SetRoles(node, Permission.Read, DynamicPermissionMap.GetRoles(this, Permission.Read).ToArray());
}
if (!DynamicPermissionMap.IsAllRoles(this, Permission.Write))
{
DynamicPermissionMap.SetRoles(node, Permission.Write, DynamicPermissionMap.GetRoles(this, Permission.Write).ToArray());
}
directories.Add(node);
}
directories.Sort(new TitleComparer <Directory>());
return(directories);
}
catch (DirectoryNotFoundException ex)
{
Engine.Logger.Warn(ex);
return(new List <Directory>());
}
}
protected ContentItem CreateItem <T>(int id, params string[] authorizedRoles) where T : ContentItem
{
T item = CreateOneItem <T>(id, id.ToString(), null);
DynamicPermissionMap.SetRoles(item, Permission.Read, authorizedRoles);
return(item);
}
public void ChangingPermissions_ModifiesAlteredPermissions(Permission permission)
{
var map = new DynamicPermissionMap();
DynamicPermissionMap.SetRoles(item, permission, "rolename");
Assert.That(item.AlteredPermissions & permission, Is.EqualTo(permission));
}
public void IsAllRoles_OnReadPermission_UsesAuthorizedRoles()
{
DynamicPermissionMap.SetRoles(item, Permission.Read, "Somerole");
bool isAllRoles = DynamicPermissionMap.IsAllRoles(item, Permission.Read);
Assert.That(isAllRoles, Is.False);
}
public void UnPermittedRoles_AreNotPermitted_WhenRolesAreSet()
{
DynamicPermissionMap.SetRoles(item, Permission.Administer, "AddedRole");
bool isPermitted = DynamicPermissionMap.IsPermitted("Somerole", item, Permission.Administer);
Assert.That(isPermitted, Is.False);
}
public void UsesMappedPermission_WhenItemCollection_IsNull(Permission permission, bool expectedResult)
{
var map = new DynamicPermissionMap {
Permissions = Permission.ReadWrite, Roles = new[] { "rolename" }
};
Assert.That(map.Authorizes(user, item, permission), Is.EqualTo(expectedResult));
}
public void PermittedRoles_ArePermitted()
{
DynamicPermissionMap.SetRoles(item, Permission.Publish, "Somerole");
bool isPermitted = DynamicPermissionMap.IsPermitted("Somerole", item, Permission.Publish);
Assert.That(isPermitted, Is.True);
}
public void SettingPermissions_AddsDetailCollection()
{
var map = new DynamicPermissionMap();
DynamicPermissionMap.SetRoles(item, Permission.Write, "rolename");
Assert.That(item.GetDetailCollection(DynamicPermissionMap.AuthorizedRolesPrefix + Permission.Write, false), Is.Not.Null);
}
public void ReadRoles_AreNotStored_AsDetailCollections()
{
DynamicPermissionMap.SetRoles(item, Permission.ReadWritePublish, new[] { "rolename" });
var readCollection = item.GetDetailCollection(DynamicPermissionMap.AuthorizedRolesPrefix + Permission.Read, false);
Assert.That(readCollection, Is.Null);
}
public void IsAllRoles_OnWritePermission_UsesDetailCollection()
{
DynamicPermissionMap.SetRoles(item, Permission.Write, "Somerole");
bool isAllRoles = DynamicPermissionMap.IsAllRoles(item, Permission.Write);
Assert.That(isAllRoles, Is.False);
}
public void DoesntMap_BeyondMapped_ReadPermissios(Permission expectedPermission)
{
var map = new DynamicPermissionMap {
Permissions = Permission.Read
};
Assert.That(map.MapsTo(expectedPermission), Is.False);
Assert.That(map.Authorizes(null, null, expectedPermission), Is.False);
}
public void CanSet_AllRoles(Permission permission)
{
DynamicPermissionMap.SetRoles(item, permission, new[] { "rolename1", "rolename2" });
DynamicPermissionMap.SetAllRoles(item, permission);
bool isAllRoles = DynamicPermissionMap.IsAllRoles(item, permission);
Assert.That(isAllRoles, Is.True);
}
public void ResettingPermissions_RestoresAlteredPermissions()
{
var map = new DynamicPermissionMap();
DynamicPermissionMap.SetRoles(item, Permission.Read, "rolename");
DynamicPermissionMap.SetRoles(item, Permission.Read);
Assert.That(item.AlteredPermissions, Is.EqualTo(Permission.None));
}
public void CanAdd_Role_ToItem()
{
DynamicPermissionMap.SetRoles(item, Permission.Write, new[] { "rolename" });
var collection = item.GetDetailCollection(DynamicPermissionMap.AuthorizedRolesPrefix + Permission.Write, false);
Assert.That(collection.Count, Is.EqualTo(1));
Assert.That(collection[0], Is.EqualTo("rolename"));
}
private ContentItem SetupNormalUserAndCreateRestrictedItem()
{
Expect.On(context).Call(context.User).Return(CreatePrincipal("JustAnyGuy")).Repeat.Any();
mocks.Replay(context);
ContentItem root = CreateOneItem <Items.SecurityPage>(1, "root", null);
DynamicPermissionMap.SetRoles(root, Permission.Read, "Editors");
return(root);
}
public void Ignores_UnmappedRoles()
{
var map = new DynamicPermissionMap {
Permissions = Permission.ReadWrite, Roles = new[] { "rolename" }
};
var isAuthorized = map.Authorizes(user, item, Permission.Publish);
Assert.That(isAuthorized, Is.False);
}
private static void Apply(PermissionMap map, Directory dir)
{
if (map.IsAltered)
{
DynamicPermissionMap.SetRoles(dir, map.Permissions, map.Roles);
}
else
{
DynamicPermissionMap.SetAllRoles(dir, map.Permissions);
}
}
public void Denies_NonDefinedItemRoles(Permission deniedPermission)
{
var map = new DynamicPermissionMap {
Permissions = Permission.ReadWrite
};
DynamicPermissionMap.SetRoles(item, Permission.ReadWrite, "somerolename");
bool isAuthorized = map.Authorizes(user, item, deniedPermission);
Assert.That(isAuthorized, Is.False, deniedPermission + " is allowed which it shouldn't have been.");
}
public void Allows_DefinedItemRoles(Permission allowedPermission)
{
var map = new DynamicPermissionMap {
Permissions = Permission.ReadWrite
};
DynamicPermissionMap.SetRoles(item, Permission.ReadWrite, "rolename");
bool isAuthorized = map.Authorizes(user, item, allowedPermission);
Assert.That(isAuthorized, Is.True);
}
public void IsAllRoles_RevertsTo_UserPermissions()
{
var map = new DynamicPermissionMap {
Permissions = Permission.ReadWrite, Roles = new[] { "Writers" }
};
user = CreatePrincipal("joe writer", "Writers");
bool isAuthorizedForPublish = map.Authorizes(user, item, Permission.Publish);
Assert.That(isAuthorizedForPublish, Is.False);
}
public void CanAdd_AllPermissions_ToItem()
{
DynamicPermissionMap.SetRoles(item, Permission.ReadWrite, new[] { "rolename" });
DynamicPermissionMap.SetAllRoles(item, Permission.ReadWrite);
var readCollection = item.GetDetailCollection(DynamicPermissionMap.AuthorizedRolesPrefix + Permission.Read, false);
var writeCollection = item.GetDetailCollection(DynamicPermissionMap.AuthorizedRolesPrefix + Permission.Write, false);
Assert.That(readCollection, Is.Null);
Assert.That(writeCollection, Is.Null);
}
public void AuthorizedRoleDoesNotIncludeUserName()
{
mocks.ReplayAll();
ContentItem root = CreateOneItem <Items.SecurityPage>(1, "root", null);
DynamicPermissionMap.SetRoles(root, Permission.Read, "User1");
IPrincipal user = CreatePrincipal("User1");
Assert.IsFalse(security.IsAuthorized(root, user), "User1 shouldn't have has access.");
}
public void IsCheckedForSecurity(string userInterface, bool useVersion)
{
DynamicPermissionMap.SetRoles(item, Permission.Read, "None");
if (useVersion)
item = MakeVersion(item);
var context = new CommandContext(definitions.GetDefinition(item.GetContentType()), item, userInterface, CreatePrincipal("someone"), new NullBinder<CommandContext>(), new NullValidator<CommandContext>());
var command = CreateCommand(context);
dispatcher.Execute(command, context);
Assert.That(context.ValidationErrors.Count, Is.EqualTo(1));
Assert.That(context.ValidationErrors.First().Name, Is.EqualTo("Unauthorized"));
}
public void Admin_IsAuthorized_ForWrite_WhileItemDisallowsRead()
{
var map = new DynamicPermissionMap(Permission.Full, new[] { "Administrators" }, new[] { "admin" });
var item = new SecurityPage();
DynamicPermissionMap.SetRoles(item, Permission.Read, new[] { "Administrators" });
IPrincipal adminUser = CreatePrincipal("admin");
bool isAuthorized = map.Authorizes(adminUser, item, Permission.Write);
Assert.That(isAuthorized, Is.True);
}
private string GetRolesForPermission(ContentItem item, Permission permission)
{
var roles = DynamicPermissionMap.GetRoles(item, permission);
if (roles != null && roles.Any())
{
return(string.Join(",", roles));
}
else
{
return("");
}
}
public void CanRemoveRoles(Permission permission)
{
DynamicPermissionMap.SetRoles(item, permission, new[] { "rolename1", "rolename2" });
DynamicPermissionMap.SetRoles(item, permission, new[] { "rolename1", "rolename3" });
bool is1 = DynamicPermissionMap.IsPermitted("rolename1", item, permission);
bool is2 = DynamicPermissionMap.IsPermitted("rolename2", item, permission);
bool is3 = DynamicPermissionMap.IsPermitted("rolename3", item, permission);
Assert.That(is1, Is.True);
Assert.That(is2, Is.False);
Assert.That(is3, Is.True);
}
public void CanAdd_MultiplePermissions_ToItem()
{
DynamicPermissionMap.SetRoles(item, Permission.ReadWritePublish, new[] { "rolename" });
var writeCollection = item.GetDetailCollection(DynamicPermissionMap.AuthorizedRolesPrefix + Permission.Write, false);
Assert.That(writeCollection.Count, Is.EqualTo(1));
Assert.That(writeCollection.Contains("rolename"));
var publishCollection = item.GetDetailCollection(DynamicPermissionMap.AuthorizedRolesPrefix + Permission.Publish, false);
Assert.That(publishCollection.Count, Is.EqualTo(1));
Assert.That(publishCollection.Contains("rolename"));
}
public void Permissions_AreCopied(Permission permission)
{
var roles = new string[] { "Permitted" };
ContentItem parent = CreateOneItem <Items.SecurityPage>(0, "parent", null);
DynamicPermissionMap.SetRoles(parent, permission, roles);
ContentItem child = CreateOneItem <Items.SecurityPage>(0, "child", parent);
security.CopyPermissions(parent, child);
bool isPermitted = DynamicPermissionMap.IsPermitted(roles[0], child, permission);
Assert.That(isPermitted, Is.True);
}
private void ApplyRoles(ContentItem item)
{
for (int i = 0; i < Permissions.Length; i++)
{
Permission permission = Permissions[i];
if (!IsAuthorized(Selection.SelectedItem, permission))
{
continue;
}
if (IsDefaultChecked(i))
{
DynamicPermissionMap.SetAllRoles(item, permission);
}
else
{
List <string> checkedRoles = new List <string>();
for (int j = 0; j < Roles.Length; j++)
{
string role = Roles[j];
CheckBox cb = (CheckBox)map[i, j].FindControl("cbRole");
// try to avoid security breaches
if (!IsUserPermitted(role, permission))
{
cb.Checked = IsRolePermitted(role, permission);
}
if (cb.Checked)
{
checkedRoles.Add(role);
}
}
DynamicPermissionMap.SetRoles(item, permission, checkedRoles.ToArray());
}
}
Engine.Persister.Save(item);
}
public void Item_Inherits_AllowedEditors_FromParent()
{
var enforcer = new SecurityEnforcer(persister, new SecurityManager(new ThreadContext(), new EditSection()), activator, MockRepository.GenerateStub <IUrlParser>(), new ThreadContext());
enforcer.Start();
DefinitionTextPage page = definitions.CreateInstance <DefinitionTextPage>(null);
DynamicPermissionMap.SetRoles(page, Permission.Publish, new string[] { "Group1" });
try
{
DefinitionTextPage child = definitions.CreateInstance <DefinitionTextPage>(page);
Assert.That(DynamicPermissionMap.GetRoles(child, Permission.Publish).Count(), Is.EqualTo(1));
Assert.That(DynamicPermissionMap.GetRoles(child, Permission.Publish).Contains("Group1"));
}
finally
{
enforcer.Stop();
}
}
