public void SecurityServiceTests_User_HasPermission_Success()
{
//Arrange
var permissionsService = new SecurityService(_hive, _permissions);
//Assert
// Both permissions set to allow, no node inheritance
Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Copy), _userId).IsAllowed());
// One permission set to allow, one deny, no node inheritance
Assert.IsFalse(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Save), _userId).IsAllowed());
Assert.IsFalse(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Publish), _userId).IsAllowed());
// One permission set to inherit, one set to allow, no node inheritance
Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Hostnames), _userId).IsAllowed());
// Both permissions set to inherit, no node inheritance
Assert.IsFalse(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Move), _userId).IsAllowed());
// Both permissions set to allow, no node inheritance
Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Copy), _userId, _childContentNode.Id).IsAllowed());
// One permission set to allow, one deny, node inheritance
Assert.IsFalse(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Save), _userId, _childContentNode.Id).IsAllowed());
Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Publish), _userId, _childContentNode.Id).IsAllowed()); // In this instance, becuase the deny permission is inherited, the allow permission takes precedence
// One permission set to inherit, one set to allow, node inheritance
Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Hostnames), _userId, _childContentNode.Id).IsAllowed());
// Both permissions set to inherit, node inheritance
Assert.IsFalse(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Move), _userId, _childContentNode.Id).IsAllowed());
}
public void SecurityServiceTests_Non_Entity_Actions_Dont_Check_Id()
{
//Arrange
var permissionsService = new SecurityService(_hive, _permissions);
//Assert
// Child content node has a BackOffice permission defined and set to Deny where system root has one set to Allow
// because BackOfficeAccess permission is not an entity action, it should go straight to checking the system root
// so should come back as allow.
Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.BackOfficeAccess), _userId, _childContentNode.Id).IsAllowed());
}