public void Test_CheckAccess_SecurityBypassContext()
{
EntityRef[] entityIds;
IDictionary <long, bool> result;
UserAccount userAccount;
EntityAccessControlChecker entityAccessControlChecker;
MockRepository mockRepository;
entityIds = new EntityRef[] { 1, 2, 3 };
mockRepository = new MockRepository(MockBehavior.Strict);
entityAccessControlChecker = new EntityAccessControlChecker(
mockRepository.Create <IUserRoleRepository>().Object,
mockRepository.Create <IQueryRepository>().Object,
mockRepository.Create <IEntityTypeRepository>().Object
);
userAccount = Entity.Create <UserAccount>();
userAccount.Save();
using (new SecurityBypassContext())
{
result = entityAccessControlChecker.CheckAccess(entityIds,
new[] { Permissions.Read },
userAccount);
}
Assert.That(result, Has.Count.EqualTo(entityIds.Count()));
Assert.That(result, Has.All.Property("Value").True);
mockRepository.VerifyAll();
}
public void Test_CheckAccess_NoEntities()
{
MockRepository mockRepository;
EntityAccessControlChecker entityAccessControlChecker;
Mock <IUserRoleRepository> roleRepository;
Mock <IQueryRepository> queryRepository;
Mock <IEntityTypeRepository> entityTypeRepository;
IDictionary <long, bool> result;
UserAccount userAccount;
userAccount = Entity.Get <UserAccount>(RequestContext.GetContext().Identity.Id);
mockRepository = new MockRepository(MockBehavior.Strict);
roleRepository = mockRepository.Create <IUserRoleRepository>();
queryRepository = mockRepository.Create <IQueryRepository>();
entityTypeRepository = mockRepository.Create <IEntityTypeRepository>();
entityAccessControlChecker = new EntityAccessControlChecker(roleRepository.Object,
queryRepository.Object,
entityTypeRepository.Object);
result = entityAccessControlChecker.CheckAccess(new Collection <EntityRef>(),
new[] { Permissions.Read },
userAccount);
mockRepository.VerifyAll();
Assert.That(result, Is.Empty);
}
public void Test_CheckAccess_Mocked_TypelessEntity()
{
MockRepository mockRepository;
EntityAccessControlChecker entityAccessControlChecker;
Mock <IUserRoleRepository> roleRepository;
Mock <IQueryRepository> queryRepository;
Mock <IEntityTypeRepository> entityTypeRepository;
IDictionary <long, bool> result;
UserAccount userAccount;
EntityRef[] entitiesToTest;
long testId = EntityId.Max;
userAccount = Entity.Get <UserAccount>(RequestContext.GetContext().Identity.Id);
mockRepository = new MockRepository(MockBehavior.Strict);
roleRepository = mockRepository.Create <IUserRoleRepository>();
roleRepository.Setup(rr => rr.GetUserRoles(userAccount.Id)).Returns(() => new HashSet <long>());
queryRepository = mockRepository.Create <IQueryRepository>();
entitiesToTest = new [] { new EntityRef(testId) };
entityTypeRepository = mockRepository.Create <IEntityTypeRepository>();
entityTypeRepository.Setup(etr => etr.GetEntityTypes(entitiesToTest))
.Returns(() => new Dictionary <long, ISet <EntityRef> >
{
{ EntityTypeRepository.TypelessId, new HashSet <EntityRef> {
new EntityRef(testId)
} }
});
entityAccessControlChecker = new EntityAccessControlChecker(roleRepository.Object,
queryRepository.Object,
entityTypeRepository.Object);
result = entityAccessControlChecker.CheckAccess(entitiesToTest,
new[] { Permissions.Read },
userAccount);
mockRepository.VerifyAll();
Assert.That(result, Has.Count.EqualTo(1));
Assert.That(result[testId], Is.True);
}
public void Test_CheckAccess_NoPermissions()
{
MockRepository mockRepository;
EntityAccessControlChecker entityAccessControlChecker;
Mock <IUserRoleRepository> roleRepository;
Mock <IQueryRepository> queryRepository;
Mock <IEntityTypeRepository> entityTypeRepository;
IDictionary <long, bool> result;
EntityRef testEntity;
UserAccount userAccount;
userAccount = Entity.Get <UserAccount>(RequestContext.GetContext().Identity.Id);
testEntity = new EntityRef(1);
mockRepository = new MockRepository(MockBehavior.Strict);
roleRepository = mockRepository.Create <IUserRoleRepository>();
roleRepository.Setup(rr => rr.GetUserRoles(userAccount.Id)).Returns(() => new HashSet <long>());
queryRepository = mockRepository.Create <IQueryRepository>();
entityTypeRepository = mockRepository.Create <IEntityTypeRepository>();
entityAccessControlChecker = new EntityAccessControlChecker(roleRepository.Object,
queryRepository.Object,
entityTypeRepository.Object);
result = entityAccessControlChecker.CheckAccess(new[] { testEntity }, new Collection <EntityRef>(),
userAccount);
mockRepository.VerifyAll();
Assert.That(result,
Has.Exactly(1).Property("Key").EqualTo(testEntity.Id).And.Property("Value").EqualTo(false));
Assert.That(result, Has.Count.EqualTo(1));
}
