public void RequiresRoleAttribute_TypeId()
{
// TypeDescriptionProvider
RequiresRoleAttribute attr1 = new RequiresRoleAttribute("role1");
RequiresRoleAttribute attr2 = new RequiresRoleAttribute("role2");
Assert.AreNotEqual(attr1.TypeId, attr2.TypeId, "TypeID should be different for different attributes");
}
public void RequiresRoleAttribute_NoRolesDefined_Throws()
{
// Validate that we can access all forms of the Roles property without an exception
var ignored = new RequiresRoleAttribute().Roles;
ignored = new RequiresRoleAttribute((string)null).Roles;
ignored = new RequiresRoleAttribute((string[])null).Roles;
// But attempting do authorization with null roles throws
using (AuthorizationContext context = new AuthorizationContext(/*instance*/ null, "testOp", "testOpType", /*IServiceProvider*/ null, /*items*/ null))
{
ExceptionHelper.ExpectInvalidOperationException(
() => { new RequiresRoleAttribute((string[])null).Authorize(this.CreateIPrincipal("John Doe"), context); },
Resource.RequiresRoleAttribute_MustSpecifyRole);
}
}
public void RequiresRoleAttribute_NoRolesDefined_Throws()
{
// Validate that we can access all forms of the Roles property without an exception
var ignored = new RequiresRoleAttribute().Roles;
ignored = new RequiresRoleAttribute((string)null).Roles;
ignored = new RequiresRoleAttribute((string[])null).Roles;
// But attempting do authorization with null roles throws
using (AuthorizationContext context = new AuthorizationContext(/*instance*/ null, "testOp", "testOpType", /*IServiceProvider*/ null, /*items*/ null))
{
ExceptionHelper.ExpectInvalidOperationException(
() => { new RequiresRoleAttribute((string[])null).Authorize(this.CreateIPrincipal("John Doe"), context); },
Resource.RequiresRoleAttribute_MustSpecifyRole);
}
}
public void RequiresRoleAttribute_Authorize_SingleAttribute()
{
IPrincipal user1 = this.CreateIPrincipal("user1", "role1");
IPrincipal user2 = this.CreateIPrincipal("user1", "role2");
RequiresRoleAttribute requireRole1 = new RequiresRoleAttribute("role1");
using (AuthorizationContext context = new AuthorizationContext(/*instance*/ null, "testOp", "testOpType", /*IServiceProvider*/ null, /*items*/ null))
{
// user in role1 should be allowed
AuthorizationResult result = requireRole1.Authorize(user1, context);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected user in role1 to be authorized when only role1 is permitted");
// user in role2 should be denied
result = requireRole1.Authorize(user2, context);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected user in role2 to be denied when only role1 is permitted");
// Denial error message should reflect default plus operation
string expectedMessage = String.Format(CultureInfo.CurrentCulture, Resource.AuthorizationAttribute_Default_Message, context.Operation);
Assert.AreEqual(expectedMessage, result.ErrorMessage, "Expected to see default denial error message");
// user in role1 should be allowed if role1 + role2 + role3 are permitted
RequiresRoleAttribute requireRole123 = new RequiresRoleAttribute(new string[] { "role1", "role2", "role3" });
result = requireRole123.Authorize(user1, context);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected user1 in role1 to be authorized when role1, role2, and role3 are all permitted");
// user is in multiple roles (1, 2, and 3) should be allowed if any of these 3 roles are allowed
IPrincipal user13 = this.CreateIPrincipal("user1", "role1", "role3");
result = requireRole123.Authorize(user13, context);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected user1 in role1 and role3 to be authorized when role1, role2, and role3 are all permitted");
// user is in none of the required roles
RequiresRoleAttribute requireRole567 = new RequiresRoleAttribute(new string[] { "role5", "role6", "role7" });
result = requireRole567.Authorize(user1, context);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected user in role1 to be denied when only roles 5, 6, and 7 are allowed");
}
}
public void RequiresRoleAttribute_Authorize_SingleAttribute()
{
IPrincipal user1 = this.CreateIPrincipal("user1", "role1");
IPrincipal user2 = this.CreateIPrincipal("user1", "role2");
RequiresRoleAttribute requireRole1 = new RequiresRoleAttribute("role1");
using (AuthorizationContext context = new AuthorizationContext(/*instance*/ null, "testOp", "testOpType", /*IServiceProvider*/ null, /*items*/ null))
{
// user in role1 should be allowed
AuthorizationResult result = requireRole1.Authorize(user1, context);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected user in role1 to be authorized when only role1 is permitted");
// user in role2 should be denied
result = requireRole1.Authorize(user2, context);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected user in role2 to be denied when only role1 is permitted");
// Denial error message should reflect default plus operation
string expectedMessage = String.Format(CultureInfo.CurrentCulture, Resource.AuthorizationAttribute_Default_Message, context.Operation);
Assert.AreEqual(expectedMessage, result.ErrorMessage, "Expected to see default denial error message");
// user in role1 should be allowed if role1 + role2 + role3 are permitted
RequiresRoleAttribute requireRole123 = new RequiresRoleAttribute(new string[] { "role1", "role2", "role3" });
result = requireRole123.Authorize(user1, context);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected user1 in role1 to be authorized when role1, role2, and role3 are all permitted");
// user is in multiple roles (1, 2, and 3) should be allowed if any of these 3 roles are allowed
IPrincipal user13 = this.CreateIPrincipal("user1", "role1", "role3");
result = requireRole123.Authorize(user13, context);
Assert.AreSame(AuthorizationResult.Allowed, result, "Expected user1 in role1 and role3 to be authorized when role1, role2, and role3 are all permitted");
// user is in none of the required roles
RequiresRoleAttribute requireRole567 = new RequiresRoleAttribute(new string[] { "role5", "role6", "role7" });
result = requireRole567.Authorize(user1, context);
Assert.AreNotSame(AuthorizationResult.Allowed, result, "Expected user in role1 to be denied when only roles 5, 6, and 7 are allowed");
}
}
public void RequiresRoleAttribute_TypeId()
{
// TypeDescriptionProvider
RequiresRoleAttribute attr1 = new RequiresRoleAttribute("role1");
RequiresRoleAttribute attr2 = new RequiresRoleAttribute("role2");
Assert.AreNotEqual(attr1.TypeId, attr2.TypeId, "TypeID should be different for different attributes");
}