Esempio n. 1
0
        public void Role_Flatten()
        {
            Role a = new Role { Name = "A" };
            Role b = new Role { Name = "B" };
            Role c = new Role { Name = "C" };
            Role d = new Role { Name = "D" };

            MakeMember(a, b);
            MakeMember(b, c);
            MakeMember(a, d);
            MakeMember(c, d);

            var flat = a.Flatten().Distinct().ToArray();
            Assert.AreEqual(4, flat.Length, "Should have 4 roles total");
            foreach (var name in new[] { "A", "B", "C", "D" })
            {
                Assert.IsNotNull(flat.SingleOrDefault(f => f.Name == name));
            }
        }
Esempio n. 2
0
        public void AuthIdentity_HasPermission_1()
        {
            TestStore store = ((TestStore)DevWebsiteDataInitializer.FillDefaultDevSet(new TestStore())).FixupReferences();
            User user = PopulateAuthData(store);

            // Find a member and their organization
            SarMember member = store.Members.First(f => f.Memberships.Count > 0);
            var orgId = member.Memberships.First().OrganizationId;

            // Create a new role and put our test user in that role
            Role testRole = new Role { Name = "testrole" };
            RoleUserMembership ru = new RoleUserMembership { Role = testRole, User = user };
            testRole.Users.Add(ru);
            user.Roles.Add(ru);
            store.Roles.Add(testRole);

            var tmp = member.Memberships.Select(f => f.OrganizationId).ToArray();

            // Give the role permissions to edit members in org
            Authorization auth = new Authorization { Role = testRole, RoleId = testRole.Id, Permission = PermissionType.EditMember, Scope = orgId };
            store.Authorization.Add(auth);

            AuthIdentityTestService service = new AuthIdentityTestService(user.Username, store);

            Assert.IsTrue(service.HasPermission(PermissionType.EditMember, member.Id));
        }
Esempio n. 3
0
        private User PopulateAuthData(TestStore store)
        {
            User user = new User { Username = "******" };
            store.Users.Add(user);

            Role parent = new Role { Name = "Parent" };
            Role child = new Role { Name = "Child" };
            store.Roles.Add(parent);
            store.Roles.Add(child);
            RoleTests.MakeMember(parent, child);

            RoleUserMembership ru = new RoleUserMembership { User = user, Role = parent };
            parent.Users.Add(ru);
            user.Roles.Add(ru);

            Authorization auth = new Authorization { Permission = PermissionType.EditMember, Role = child, RoleId = child.Id };
            store.Authorization.Add(auth);

            return user;
        }
Esempio n. 4
0
        public virtual void CreateRole(RoleKey role, bool system, RoleKey? parent)
        {
            if (string.IsNullOrWhiteSpace(role.Name))
            {
                throw new ArgumentException("role", "Role name cannot be null or empty");
            }

            using (var ctx = storeFactory.Create(this.UserLogin))
            {
                Role newRole = ctx.Roles.SingleOrDefault(f => f.Name == role.Name && f.OrganizationId == role.OrgId);
                if (newRole != null) throw new InvalidOperationException("Role " + role.Name + " already exists");

                newRole = new Role
                {
                    Name = role.Name,
                    OrganizationId = role.OrgId,
                    SystemRole = system,
                };

                if (parent != null)
                {
                    if (string.IsNullOrWhiteSpace(parent.Value.Name))
                    {
                        throw new ArgumentException("parent", "Parent role name cannot be null or empty");
                    }

                    RoleKey p = parent.Value;

                    var query = ctx.Roles.Where(f => f.Name == p.Name && f.OrganizationId == p.OrgId);
                    //if (parent.Value.OrgId.HasValue)
                    //{
                    //    Guid workaround = parent.Value.OrgId.Value;
                    //    query = query.Where(f => f.Organization.Id == workaround);
                    //}
                    //else
                    //{
                    //    query = query.Where(f => f.Organization == null);
                    //}

                    Role parentRole = query.SingleOrDefault();
                    if (parentRole == null)
                    {
                        throw new InvalidOperationException("Parent role does not exist");
                    }
                    else
                    {
                        newRole.MemberOfRoles.Add(new RoleRoleMembership { Parent = parentRole, Child = newRole, IsSystem = system });
                    }
                }

                ctx.Roles.Add(newRole);
                ctx.SaveChanges();
            }
        }
Esempio n. 5
0
        public static string InitializeSystemSecurity(this IDataStoreService ctx)
        {
            string adminGroup = AuthIdentityService.ADMIN_ROLE;
            string password = null;
            Role adminRole = ctx.Roles.IncludePaths("Users").SingleOrDefault(f => f.Name == adminGroup && f.Organization == null);
            if (adminRole == null)
            {
                adminRole = new Role { Name = adminGroup, SystemRole = true };
                ctx.Roles.Add(adminRole);
            }

            User admin = ctx.Users.SingleOrDefault(f => f.Username == "admin");
            if (admin == null)
            {
                password = Membership.GeneratePassword(8, 2);
                admin = AuthIdentityService.CreateAdminUser(password);
                ctx.Users.Add(admin);
            }
            else
            {
                password = AuthIdentityService.ResetPassword(admin);
            }

            if (!adminRole.Users.Any(f => f.User.Username == admin.Username))
            {
                adminRole.Users.Add(new RoleUserMembership { User = admin, Role = adminRole, IsSystem = true });
            }

            foreach (string name in new[] { AuthIdentityService.EVERYONE_ROLE, AuthIdentityService.USERS_ROLE, AuthIdentityService.MISSION_VIEWERS_ROLE })
            {
                Role role = ctx.Roles.SingleOrDefault(f => f.Name == name);
                if (role == null)
                {
                    role = new Role { Name = name, SystemRole = true };
                    ctx.Roles.Add(role);
                }
            }

            ctx.Authorization.Add(new Authorization { Permission = PermissionType.SiteAdmin, Role = adminRole });

            ctx.SaveChanges();
            return password;
        }
Esempio n. 6
0
        public static void InitializeOrganizationSecurity(this IDataStoreService ctx, Organization org, User admin)
        {
            org.AdminAccount = (admin == null) ? "setup" : admin.Username;

            var usersRole = new Role { Name = "Members", OrganizationId = org.Id, SystemRole = true };
            var adminRole = new Role { Name = "Administrators", OrganizationId = org.Id, SystemRole = true };
            adminRole.MemberOfRoles.Add(new RoleRoleMembership { Parent = usersRole, Child = adminRole, IsSystem = true });

            var siteAdmin = ctx.Roles.Single(f => f.Name == AuthIdentityService.ADMIN_ROLE && f.OrganizationId == null);
            siteAdmin.MemberOfRoles.Add(new RoleRoleMembership { Parent = adminRole, Child = siteAdmin, IsSystem = true });

            if (admin != null)
            {
                adminRole.Users.Add(new RoleUserMembership { Role = adminRole, User = admin });
            }

            ctx.Roles.Add(adminRole);
            ctx.Roles.Add(usersRole);

            ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.AdminOrganization, IsSystem = true });
            ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.AddOrganizationMembers, IsSystem = true });
            ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.EditMember, IsSystem = true });
            ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.EditMemberContacts, IsSystem = true });
            ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.ViewMemberDetail, IsSystem = true });
            ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.ViewMemberStandard, IsSystem = true });

            ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewOrganizationBasic, IsSystem = true });
            ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewOrganizationDetail, IsSystem = true });
            ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ListOrganization, IsSystem = true });
            ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewMemberStandard, IsSystem = false });
            ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewMemberBasic, IsSystem = false });
        }
Esempio n. 7
0
 public static void MakeMember(Role aMemberOf, Role isAlsoAMemberOf)
 {
     RoleRoleMembership ab = new RoleRoleMembership { Parent = isAlsoAMemberOf, Child = aMemberOf };
     isAlsoAMemberOf.MemberRoles.Add(ab);
     aMemberOf.MemberOfRoles.Add(ab);
 }