Esempio n. 1
0
        public void GivenAnAccessListWhenRemovingUserFromACLThenUserHasNoAccessToThePermissionsInTheRole()
        {
            var permission = this.FindPermission(M.Organisation.Name, Operations.Read);
            var role       = new RoleBuilder(this.Session).WithName("Role").WithPermission(permission).Build();
            var person     = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build();
            var person2    = new PersonBuilder(this.Session).WithFirstName("Jane").WithLastName("Doe").Build();

            new AccessControlBuilder(this.Session).WithSubject(person).WithRole(role).Build();

            this.Session.Derive();
            this.Session.Commit();

            var sessions = new ISession[] { this.Session };

            foreach (var session in sessions)
            {
                session.Commit();

                var organisation = new OrganisationBuilder(session).WithName("Organisation").Build();

                var token = new SecurityTokenBuilder(session).Build();
                organisation.AddSecurityToken(token);

                var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First);
                token.AddAccessControl(accessControl);

                this.Session.Derive();

                var acl = new AccessControlLists(person)[organisation];

                accessControl.RemoveSubject(person);
                accessControl.AddSubject(person2);

                this.Session.Derive();

                acl = new AccessControlLists(person)[organisation];

                Assert.False(acl.CanRead(M.Organisation.Name));

                session.Rollback();
            }
        }
Esempio n. 2
0
        public void GivenNoAccessControlWhenCreatingAnAccessControlWithoutARoleThenAccessControlIsInvalid()
        {
            var userGroup     = new UserGroupBuilder(this.Session).WithName("UserGroup").Build();
            var securityToken = new SecurityTokenBuilder(this.Session).Build();

            securityToken.AddAccessControl(new AccessControlBuilder(this.Session)
                                           .WithSubjectGroup(userGroup)
                                           .Build());

            var validation = this.Session.Derive(false);

            Assert.True(validation.HasErrors);
            Assert.Equal(1, validation.Errors.Length);

            var derivationError = validation.Errors[0];

            Assert.Equal(1, derivationError.Relations.Length);
            Assert.Equal(typeof(DerivationErrorRequired), derivationError.GetType());
            Assert.Equal(M.AccessControl.Role, derivationError.Relations[0].RoleType);
        }
Esempio n. 3
0
        public void DeniedPermissions()
        {
            var readOrganisationName = this.FindPermission(M.Organisation.Name, Operations.Read);
            var databaseRole         = new RoleBuilder(this.Session).WithName("Role").WithPermission(readOrganisationName).Build();
            var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build();

            new AccessControlBuilder(this.Session).WithRole(databaseRole).WithSubject(person).Build();

            this.Session.Derive(true);
            this.Session.Commit();

            var sessions = new ISession[] { this.Session };

            foreach (var session in sessions)
            {
                session.Commit();

                var organisation = new OrganisationBuilder(session).WithName("Organisation").Build();

                var token = new SecurityTokenBuilder(session).Build();
                organisation.AddSecurityToken(token);

                var role          = (Role)session.Instantiate(new Roles(this.Session).FindBy(M.Role.Name, "Role"));
                var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First);
                token.AddAccessControl(accessControl);

                Assert.IsFalse(this.Session.Derive().HasErrors);

                var accessList = new AccessControlList(organisation, person);

                Assert.IsTrue(accessList.CanRead(M.Organisation.Name));

                organisation.AddDeniedPermission(readOrganisationName);

                accessList = new AccessControlList(organisation, person);

                Assert.IsFalse(accessList.CanRead(M.Organisation.Name));

                session.Rollback();
            }
        }
Esempio n. 4
0
        public void GivenAnotherUserGroupAndAnAccessControlledObjectWhenGettingTheAccessListThenUserHasAccessToThePermissionsInTheRole()
        {
            var readOrganisationName = this.FindPermission(M.Organisation.Name, Operations.Read);
            var databaseRole         = new RoleBuilder(this.Session).WithName("Role").WithPermission(readOrganisationName).Build();

            var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build();

            new UserGroupBuilder(this.Session).WithName("Group").WithMember(person).Build();
            var anotherUserGroup = new UserGroupBuilder(this.Session).WithName("AnotherGroup").Build();

            this.Session.Derive(true);
            this.Session.Commit();

            new AccessControlBuilder(this.Session).WithSubjectGroup(anotherUserGroup).WithRole(databaseRole).Build();

            this.Session.Commit();

            var sessions = new ISession[] { this.Session };

            foreach (var session in sessions)
            {
                session.Commit();

                var organisation = new OrganisationBuilder(session).WithName("Organisation").Build();

                var token = new SecurityTokenBuilder(session).Build();
                organisation.AddSecurityToken(token);

                var role          = (Role)session.Instantiate(new Roles(this.Session).FindBy(M.Role.Name, "Role"));
                var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First);
                token.AddAccessControl(accessControl);

                Assert.IsFalse(this.Session.Derive().HasErrors);

                var accessList = new AccessControlList(organisation, person);

                Assert.IsFalse(accessList.CanRead(M.Organisation.Name));

                session.Rollback();
            }
        }
Esempio n. 5
0
        public void GivenNoAccessControlWhenCreatingAAccessControlWithoutAUserOrUserGroupThenAccessControlIsInvalid()
        {
            var securityToken = new SecurityTokenBuilder(this.Session).Build();
            var role          = new RoleBuilder(this.Session).WithName("Role").Build();

            securityToken.AddAccessControl(
                new AccessControlBuilder(this.Session)
                .WithRole(role)
                .Build());

            var validation = this.Session.Derive(false);

            Assert.True(validation.HasErrors);
            Assert.Equal(1, validation.Errors.Length);

            var derivationError = validation.Errors[0];

            Assert.Equal(2, derivationError.Relations.Length);
            Assert.Equal(typeof(DerivationErrorAtLeastOne), derivationError.GetType());
            Assert.True(new ArrayList(derivationError.RoleTypes).Contains((RoleType)M.AccessControl.Subjects));
            Assert.True(new ArrayList(derivationError.RoleTypes).Contains((RoleType)M.AccessControl.SubjectGroups));
        }