public void Test_GetQueries_SubjectWith2SEs2SQsDifferentPermissions()
        {
            QueryRepository        queryRepository;
            EntityType             securableEntityType1;
            EntityType             securableEntityType2;
            Role                   subject;
            List <StructuredQuery> result;
            Report                 authReport1;
            Report                 authReport2;

            // Test:
            //
            //                           |--------------> Read
            //                           |
            //  Subject -------> Access Rule -----------> SE1
            //           |
            //           |-----> Access Rule -----------> SE2
            //                           |
            //                           |--------------> Modify

            using (DatabaseContext.GetContext(true))
            {
                securableEntityType1 = Entity.Create <EntityType>();
                securableEntityType1.Save();

                authReport1 = TestQueries.Entities().ToReport();
                authReport1.Save();

                securableEntityType2 = Entity.Create <EntityType>();
                securableEntityType2.Save();

                authReport2 = TestQueries.Entities().ToReport();
                authReport2.Save();

                subject = Entity.Create <Role>();
                subject.Save();

                new AccessRuleFactory().AddAllowReadQuery(subject.As <Subject>(), securableEntityType1.As <SecurableEntity>(), authReport1);
                new AccessRuleFactory().AddAllowModifyQuery(subject.As <Subject>(), securableEntityType1.As <SecurableEntity>(), authReport2);

                queryRepository = new QueryRepository();

                result = new List <StructuredQuery>(queryRepository.GetQueries(subject.Id, Permissions.Read,
                                                                               new[] { securableEntityType1.Id, securableEntityType2.Id }).Select(q => q.Query));
                Assert.That(result,
                            Is.EquivalentTo(new [] { ReportToQueryConverter.Instance.Convert(authReport1) })
                            .Using(new StructuredQueryEqualityComparer()), "Incorrect read queries");

                result = new List <StructuredQuery>(queryRepository.GetQueries(subject.Id, Permissions.Modify,
                                                                               new[] { securableEntityType1.Id, securableEntityType2.Id }).Select(q => q.Query));
                Assert.That(result,
                            Is.EquivalentTo(new [] { ReportToQueryConverter.Instance.Convert(authReport2) })
                            .Using(new StructuredQueryEqualityComparer()), "Incorrect modify queries");
            }
        }
        public void Test_GetQueries_NullPermission( )
        {
            Role       testSubject;
            EntityType testSecurableEntityType;
            IEnumerable <AccessRuleQuery> result;
            AccessRule      accessRule;
            Report          report;
            QueryRepository queryRepository;

            using (DatabaseContext.GetContext(true))
            {
                testSecurableEntityType = Entity.Create <EntityType>( );
                testSecurableEntityType.Save( );

                report = TestQueries.Entities( ).ToReport( );
                report.Save( );

                accessRule = Entity.Create <AccessRule>( );
                accessRule.AccessRuleEnabled = true;
                accessRule.PermissionAccess.Add(Entity.Get <Permission>(Permissions.Read));
                accessRule.ControlAccess    = testSecurableEntityType.As <SecurableEntity>( );
                accessRule.AccessRuleReport = report;
                accessRule.Save( );

                testSubject = Entity.Create <Role>( );
                testSubject.AllowAccess.Add(accessRule.As <AccessRule>( ));
                testSubject.Save( );

                queryRepository = new QueryRepository( );
                result          = new List <AccessRuleQuery>(queryRepository.GetQueries(testSubject.Id,
                                                                                        null, new [] { testSecurableEntityType.Id }));

                Assert.That(result, Is.Not.Empty);
            }
        }
        public void Test_GetQueries_SubjectWithAccessRuleButNoPermissions()
        {
            QueryRepository queryRepository;
            SecurableEntity securableEntityType;
            AccessRule      accessRule;
            Role            subject;
            IEnumerable <AccessRuleQuery> result;
            Report authReport;

            using (DatabaseContext.GetContext(true))
            {
                securableEntityType = Entity.Create <EntityType>().As <SecurableEntity>();
                securableEntityType.Save();

                authReport = Entity.Create <Report>();
                authReport.Save();

                accessRule = Entity.Create <AccessRule>();
                accessRule.AccessRuleEnabled = true;
                accessRule.ControlAccess     = securableEntityType;
                accessRule.AccessRuleReport  = authReport;
                accessRule.Save();

                subject = Entity.Create <Role>();
                subject.AllowAccess.Add(accessRule.As <AccessRule>());
                subject.Save();

                queryRepository = new QueryRepository();
                result          = queryRepository.GetQueries(subject.Id, Permissions.Read, new[] { securableEntityType.Id });

                Assert.That(result, Is.Not.Null);
                Assert.That(result, Is.Empty);
            }
        }
Esempio n. 4
0
        public ActionResult Counts()
        {
            O2CV1QueryDto        queryDto;
            List <O2CV1QueryDto> listQuery = QueryRepository.GetQueries();

            return(View(listQuery));
        }
Esempio n. 5
0
        /// <summary>
        /// Return the list of all objects that the subject has access to, and the reason for the access.
        /// </summary>
        /// <param name="subjectId">The role or user </param>
        /// <param name="settings">Settings</param>
        /// <returns>List of access reasons.</returns>
        public IReadOnlyList <AccessReason> GetTypeAccessReasons(long subjectId, [NotNull] TypeAccessReasonSettings settings)
        {
            // Get list of applicable access rules
            // null permission = matches any permission
            // null securableEntityTypes = matches any type
            IReadOnlyList <AccessRuleQuery> queries = QueryRepository.GetQueries(subjectId, null, null).ToList( );


            // Preload all applicable access rules
            IEnumerable <long>             accessRuleIds = queries.Select(query => query.AccessRuleId);
            IDictionary <long, AccessRule> accessRules   = EntityRepository.Get <AccessRule>(accessRuleIds).ToDictionary(e => e.Id);


            // Build initial list of reasons
            List <AccessReason> reasons = new List <AccessReason>( );

            foreach (AccessRuleQuery ruleQuery in queries)
            {
                AccessRule accessRule;
                if (!accessRules.TryGetValue(ruleQuery.AccessRuleId, out accessRule))
                {
                    continue;    // assert false
                }
                bool            allInstances = ruleQuery.DoesQueryGrantAllOfTypes(ruleQuery.ControlsAccessForTypeId);
                bool            perUser      = !allInstances && ruleQuery.DoesQueryReferToCurrentUser( );
                AccessRuleScope scope        = allInstances ? AccessRuleScope.AllInstances : (perUser ? AccessRuleScope.PerUser : AccessRuleScope.SomeInstances);

                AccessReason reason = new AccessReason
                {
                    AccessRuleQuery = ruleQuery,
                    AccessRule      = accessRule,
                    SubjectId       = accessRule.AllowAccessBy?.Id ?? 0,
                    TypeId          = ruleQuery.ControlsAccessForTypeId,
                    Description     = "Access rule: " + (accessRule.AccessRuleReport?.Name ?? accessRule.Name),
                    AccessRuleScope = scope
                };
                AddPermissionsToReason(reason);
                reasons.Add(reason);
            }

            // Add implicit reasons due to relationship security
            AddReasonsByGroup(reasons);

            IEnumerable <AccessReason> result = reasons;

            result = FilterReasonsToUserTypes(result, settings);

            result = FilterOverlappingReasons(result);

            return(result.ToList( ));
        }
        public void TestSinglePermissionQuery(string permissionAlias)
        {
            QueryRepository        queryRepository;
            SecurableEntity        securableEntityType;
            AccessRule             accessRule;
            Role                   subject;
            List <AccessRuleQuery> result;
            Permission             permission;
            Report                 report;

            using (DatabaseContext.GetContext(true))
            {
                permission = Entity.Get <Permission>(permissionAlias);

                securableEntityType = Entity.Create <EntityType>().As <SecurableEntity>();
                securableEntityType.Save();

                report = TestQueries.Entities().ToReport();
                report.Save();

                accessRule = Entity.Create <AccessRule>();
                accessRule.AccessRuleEnabled = true;
                accessRule.PermissionAccess.Add(permission);
                accessRule.ControlAccess    = securableEntityType;
                accessRule.AccessRuleReport = report;
                accessRule.Save();

                subject = Entity.Create <Role>();
                subject.AllowAccess.Add(accessRule.As <AccessRule>());
                subject.Save();

                queryRepository = new QueryRepository();
                result          = new List <AccessRuleQuery>(queryRepository.GetQueries(subject.Id,
                                                                                        permission, new[] { securableEntityType.Id }));

                Assert.That(result, Has.Count.EqualTo(1));
                Assert.That(TestQueries.IsCreatedFrom(result[0].Query, report), Is.True);
            }
        }
        public void Test_GetQueries_SubjectWithoutAccessRules()
        {
            QueryRepository queryRepository;
            EntityType      testSecurableEntityType;
            Role            testSubject;
            IEnumerable <AccessRuleQuery> result;

            using (DatabaseContext.GetContext(true))
            {
                testSecurableEntityType = Entity.Create <EntityType>();
                testSecurableEntityType.Save();

                testSubject = Entity.Create <Role>();
                testSubject.Save();

                queryRepository = new QueryRepository();
                result          = queryRepository.GetQueries(testSubject.Id, Permissions.Read, new[] { testSecurableEntityType.Id });

                Assert.That(result, Is.Not.Null);
                Assert.That(result, Is.Empty);
            }
        }
        public void Test_GetQueries_SubjectWith2SEs2SQs()
        {
            QueryRepository        queryRepository;
            EntityType             securableEntityType1;
            EntityType             securableEntityType2;
            Role                   subject;
            AccessRule             accessRule1;
            AccessRule             accessRule2;
            List <AccessRuleQuery> result;
            Report                 authReport1;
            Report                 authReport2;

            // Test:
            //
            //                           |--------------> Read
            //                           |
            //  Subject -------> Access Rule -----------> SE1
            //           |
            //           |-----> Access Rule -----------> SE2
            //                           |
            //                           |--------------> Read

            using (DatabaseContext.GetContext(true))
            {
                securableEntityType1 = Entity.Create <EntityType>();
                securableEntityType1.Save();

                authReport1 = TestQueries.Entities().ToReport();
                authReport1.Save();

                accessRule1 = Entity.Create <AccessRule>();
                accessRule1.AccessRuleEnabled = true;
                accessRule1.PermissionAccess.Add(Permissions.Read.Entity.As <Permission>());
                accessRule1.ControlAccess    = securableEntityType1.As <SecurableEntity>();
                accessRule1.AccessRuleReport = authReport1;
                accessRule1.Save();

                securableEntityType2 = Entity.Create <EntityType>();
                securableEntityType2.Save();

                authReport2 = TestQueries.Entities().ToReport();
                authReport2.Save();

                accessRule2 = Entity.Create <AccessRule>();
                accessRule2.AccessRuleEnabled = true;
                accessRule2.PermissionAccess.Add(Permissions.Read.Entity.As <Permission>());
                accessRule2.ControlAccess    = securableEntityType2.As <SecurableEntity>();
                accessRule2.AccessRuleReport = authReport2;
                accessRule2.Save();

                subject = Entity.Create <Role>();
                subject.AllowAccess.Add(accessRule1.As <AccessRule>());
                subject.AllowAccess.Add(accessRule2.As <AccessRule>());
                subject.Save();

                queryRepository = new QueryRepository();
                result          = new List <AccessRuleQuery>(queryRepository.GetQueries(subject.Id, Permissions.Read,
                                                                                        new[] { securableEntityType1.Id, securableEntityType2.Id }));

                Assert.That(result, Is.Not.Null);
                Assert.That(result, Has.Count.EqualTo(2));
                Assert.That(result.Select(q => q.Query),
                            Is.EquivalentTo(new [] {
                    ReportToQueryConverter.Instance.Convert(authReport1),
                    ReportToQueryConverter.Instance.Convert(authReport2)
                })
                            .Using(new StructuredQueryEqualityComparer()));
            }
        }