public virtual void testDeleteAuthorization() { // create global auth IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); basePerms.Resource = Resources.Authorization; basePerms.ResourceId = AuthorizationFields.Any; basePerms.AddPermission(Permissions.All); basePerms.RemovePermission(Permissions.Delete); // revoke Delete authorizationService.SaveAuthorization(basePerms); // turn on authorization processEngineConfiguration.SetAuthorizationEnabled(true); identityService.AuthenticatedUserId = jonny2; try { // try to Delete authorization authorizationService.DeleteAuthorization(basePerms.Id); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Delete.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, basePerms.Id, info); } }
[Test] public virtual void testTenanGroupMembershipDeleteAuthorizations() { IGroup group1 = identityService.NewGroup("group1"); identityService.SaveGroup(group1); ITenant tenant1 = identityService.NewTenant("tenant1"); identityService.SaveTenant(tenant1); // add base permission which allows nobody to Delete memberships IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); basePerms.Resource = Resources.TenantMembership; basePerms.ResourceId = AuthorizationFields.Any; basePerms.AddPermission(Permissions.All); // add all then remove 'Delete' basePerms.RemovePermission(Permissions.Delete); authorizationService.SaveAuthorization(basePerms); processEngineConfiguration.SetAuthorizationEnabled(true); identityService.AuthenticatedUserId = jonny2; try { identityService.DeleteTenantGroupMembership("tenant1", "group1"); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Delete.ToString(), Resources.TenantMembership.ToString() /*.ResourceName()*/, "tenant1", info); } }
public virtual void testCreateAuthorization() { // add base permission which allows nobody to create authorizations IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); basePerms.Resource = Resources.Authorization; basePerms.ResourceId = AuthorizationFields.Any; basePerms.AddPermission(Permissions.All); // add all then remove 'create' basePerms.RemovePermission(Permissions.Create); authorizationService.SaveAuthorization(basePerms); // now enable authorizations: processEngineConfiguration.SetAuthorizationEnabled(true); identityService.AuthenticatedUserId = jonny2; try { // we cannot create another authorization authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, null, info); } // circumvent auth check to get new transient object IAuthorization authorization = new AuthorizationEntity(AuthorizationFields.AuthTypeRevoke); authorization.UserId = "someUserId"; authorization.Resource = Resources.Application; try { authorizationService.SaveAuthorization(authorization); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, null, info); } }
[Test] public virtual void testTenantCreateAuthorizations() { // add base permission which allows nobody to create tenants: IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); basePerms.Resource = Resources.Tenant; basePerms.ResourceId = AuthorizationFields.Any; basePerms.AddPermission(Permissions.All); // add all then remove 'create' basePerms.RemovePermission(Permissions.Create); authorizationService.SaveAuthorization(basePerms); processEngineConfiguration.SetAuthorizationEnabled(true); identityService.AuthenticatedUserId = jonny2; try { identityService.NewTenant("tenant"); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Tenant.ToString() /*.ResourceName()*/, null, info); } // circumvent auth check to get new transient userobject ITenant tenant = new TenantEntity("tenant"); try { identityService.SaveTenant(tenant); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Tenant.ToString() /*.ResourceName()*/, null, info); } }
[Test] public virtual void testTenantUpdateAuthorizations() { // create tenant ITenant tenant = new TenantEntity("tenant"); identityService.SaveTenant(tenant); // create global auth IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); basePerms.Resource = Resources.Tenant; basePerms.ResourceId = AuthorizationFields.Any; basePerms.AddPermission(Permissions.All); basePerms.RemovePermission(Permissions.Update); // revoke update authorizationService.SaveAuthorization(basePerms); // turn on authorization processEngineConfiguration.SetAuthorizationEnabled(true); identityService.AuthenticatedUserId = jonny2; // fetch user: tenant = identityService.CreateTenantQuery().First(); tenant.Name = "newName"; try { identityService.SaveTenant(tenant); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.Tenant.ToString() /*.ResourceName()*/, "tenant", info); } // but I can create a new tenant: ITenant newTenant = identityService.NewTenant("newTenant"); identityService.SaveTenant(newTenant); }
public virtual void testUserUpdateAuthorizations() { // create global auth IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); basePerms.Resource = Resources.Authorization; basePerms.ResourceId = AuthorizationFields.Any; basePerms.AddPermission(Permissions.All); basePerms.RemovePermission(Permissions.Update); // revoke update authorizationService.SaveAuthorization(basePerms); // turn on authorization processEngineConfiguration.SetAuthorizationEnabled(true); identityService.AuthenticatedUserId = jonny2; // fetch authhorization basePerms = authorizationService.CreateAuthorizationQuery().First(); // make some change to the perms basePerms.AddPermission(Permissions.All); try { authorizationService.SaveAuthorization(basePerms); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, basePerms.Id, info); } // but we can create a new auth IAuthorization newAuth = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGrant); newAuth.UserId = "jonny2"; newAuth.Resource = Resources.Authorization; newAuth.ResourceId = AuthorizationFields.Any; newAuth.AddPermission(Permissions.All); authorizationService.SaveAuthorization(newAuth); }
[Test] public virtual void testGroupUpdateAuthorizations() { // crate group while still in god-mode: IGroup group1 = identityService.NewGroup("group1"); identityService.SaveGroup(group1); // create global auth IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); basePerms.Resource = Resources.Group; basePerms.ResourceId = AuthorizationFields.Any; basePerms.AddPermission(Permissions.All); basePerms.RemovePermission(Permissions.Update); // revoke update authorizationService.SaveAuthorization(basePerms); // turn on authorization processEngineConfiguration.SetAuthorizationEnabled(true); identityService.AuthenticatedUserId = jonny2; // fetch user: group1 = identityService.CreateGroupQuery().First(); //group1.ToString() = "IGroup 1"; try { identityService.SaveGroup(group1); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.Group.ToString() /*.ResourceName()*/, "group1", info); } // but I can create a new group: IGroup group2 = identityService.NewGroup("group2"); identityService.SaveGroup(group2); }
[Test] public virtual void testUserUpdateAuthorizations() { // crate user while still in god-mode: IUser jonny1 = identityService.NewUser("jonny1"); identityService.SaveUser(jonny1); // create global auth IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); basePerms.Resource = Resources.User; basePerms.ResourceId = AuthorizationFields.Any; basePerms.AddPermission(Permissions.All); basePerms.RemovePermission(Permissions.Update); // revoke update authorizationService.SaveAuthorization(basePerms); // turn on authorization processEngineConfiguration.SetAuthorizationEnabled(true); identityService.AuthenticatedUserId = jonny2; // fetch user: jonny1 = identityService.CreateUserQuery().First(); jonny1.FirstName = "Jonny"; try { identityService.SaveUser(jonny1); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.User.ToString() /*.ResourceName()*/, "jonny1", info); } // but I can create a new user: IUser jonny3 = identityService.NewUser("jonny3"); identityService.SaveUser(jonny3); }