/// <summary>
/// Provides an entry point for custom authorization checks.
/// </summary>
/// <param name="httpContext">The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.</param>
/// <returns>
/// false if the user is an admin or editor AND the site is private (ispublicsite=false). Otherwise true is returned.
/// </returns>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="httpContext"/> parameter is null.</exception>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (AuthorizationProvider == null)
{
throw new SecurityException("The OptionalAuthorizationAttribute property has not been set for AdminRequiredAttribute. Has it been injected by the DI?", null);
}
if (!ApplicationSettings.Installed)
{
return(true);
}
// If the site is private then check for a login
if (!ApplicationSettings.IsPublicSite)
{
IPrincipal principal = httpContext.User;
AuthorizationProvider provider = new AuthorizationProvider(ApplicationSettings, UserService);
return(provider.IsAdmin(principal) || provider.IsEditor(principal));
}
else
{
return(true);
}
}
public void IsEditor_Should_Return_False_When_No_Identity_Name_Set()
{
// Arrange
User adminUser = CreateAdminUser();
IdentityStub identity = new IdentityStub()
{
Name = "", IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsEditor(principal);
// Assert
Assert.That(isAuthenticated, Is.False);
}
public void IsEditor_Should_Return_True_For_Admin_User()
{
// Arrange
User adminUser = CreateAdminUser();
IdentityStub identity = new IdentityStub()
{
Name = adminUser.Id.ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsEditor(principal);
// Assert
Assert.That(isAuthenticated, Is.True);
}
public void IsEditor_Should_Return_False_When_Not_Authenticated()
{
// Arrange
User editorUser = CreateEditorUser();
IdentityStub identity = new IdentityStub()
{
Name = editorUser.Id.ToString(), IsAuthenticated = false
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsEditor(principal);
// Assert
Assert.That(isAuthenticated, Is.False);
}
public void iseditor_should_return_true_for_editor_user()
{
// Arrange
User editorUser = CreateEditorUser();
IdentityStub identity = new IdentityStub()
{
Name = editorUser.Id.ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsEditor(principal);
// Assert
Assert.That(isAuthenticated, Is.True);
}