public void ComputeOnInsertPrincipal() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve <ISqlExecuter>() .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role"); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve <Common.DomRepository>(); var roles = container.Resolve <GenericRepository <Common.Role> >(); var principals = container.Resolve <GenericRepository <Common.Principal> >(); var membership = container.Resolve <GenericRepository <Common.PrincipalHasRole> >(); roles.Insert(r1, r2, r25); Assert.AreEqual(@"\r1, \r2, r25", ReportRoles(roles.Load()), "roles created"); principals.Insert(u1, u2, u3, u5); Assert.AreEqual(@"\u1, \u2, \u3, u5", ReportPrincipals(principals.Load()), "principals created"); // Recompute membership on insert domain users: Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container), "auto-membership on insert"); // Inserting non-domain users and roles: membership.Insert(new[] { new Common.PrincipalHasRole { PrincipalID = u2.ID, RoleID = r25.ID }, new Common.PrincipalHasRole { PrincipalID = u5.ID, RoleID = r25.ID } }, checkUserPermissions: true); Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "non-domain users and roles"); } }
public void RoleInheritance() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve <ISqlExecuter>() .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role"); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve <Common.DomRepository>(); var roles = container.Resolve <GenericRepository <Common.Role> >(); var principals = container.Resolve <GenericRepository <Common.Principal> >(); var membership = container.Resolve <GenericRepository <Common.PrincipalHasRole> >(); roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { PrincipalID = u2.ID, RoleID = r25.ID }, new Common.PrincipalHasRole { PrincipalID = u5.ID, RoleID = r25.ID } }); // Modify role inheritance: repository.Common.RoleInheritsRole.Insert(new[] { new Common.RoleInheritsRole { UsersFromID = r1.ID, PermissionsFromID = r25.ID } }); TestUtility.ShouldFail(() => repository.Common.RoleInheritsRole.Insert(new[] { new Common.RoleInheritsRole { UsersFromID = r25.ID, PermissionsFromID = r2.ID } }), "UserException", "It is not allowed to add users or user groups here because this role is synchronized with an Active Directory group.", "Please change the user membership on Active Directory instead."); } }
public void ComputeOnUpdatePrincipal() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve <ISqlExecuter>() .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role"); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve <Common.DomRepository>(); var roles = container.Resolve <GenericRepository <Common.Role> >(); var principals = container.Resolve <GenericRepository <Common.Principal> >(); var membership = container.Resolve <GenericRepository <Common.PrincipalHasRole> >(); roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { PrincipalID = u2.ID, RoleID = r25.ID }, new Common.PrincipalHasRole { PrincipalID = u5.ID, RoleID = r25.ID } }); // Recompute membership on update principal (domain users only): u2.Name = "u2x"; principals.Update(u2); Assert.AreEqual(@"\u1-\r1, u2x-\r2, u2x-r25, u5-r25", ReportMembership(container), "auto-membership on update ignore non-domain users"); u2.Name = _domainPrefix + "u2x"; principals.Update(u2); Assert.AreEqual(@"\u1-\r1, \u2x-r25, u5-r25", ReportMembership(container), "auto-membership on update domain users"); u2.Name = _domainPrefix + "u2"; principals.Update(u2); Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "auto-membership on update domain users 2"); } }
public static Common.Role LoadRole(Guid roleGuid) { Business.Role roleController = new Business.Role(); Common.Role role = new Common.Role(); roleController.Load(roleGuid, role); return(role); }
public void RecomputeMembership() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve <ISqlExecuter>() .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role"); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve <Common.DomRepository>(); var roles = container.Resolve <GenericRepository <Common.Role> >(); var principals = container.Resolve <GenericRepository <Common.Principal> >(); var membership = repository.Common.PrincipalHasRole; roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { PrincipalID = u2.ID, RoleID = r25.ID }, new Common.PrincipalHasRole { PrincipalID = u5.ID, RoleID = r25.ID } }); // Recompute membership relations: var u1r1 = membership.Query(m => m.Principal.Name.Contains(@"\u1")).Single(); membership.Delete(new[] { u1r1 }, checkUserPermissions: false); Assert.AreEqual(@"\u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "modified membership"); repository.Common.PrincipalHasRole.RecomputeFromActiveDirectoryPrincipalHasRole(); Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "recomputed membership"); } }
public bool UpdateRole(Common.Role role) { return(ExecuteSPCommand("UpdateRole", "@Guid", role.RoleGuid, "@Title", role.Title, "@Priority", role.Priority, "@IsDefault", role.IsDefault, "@IsSalePackage", role.IsSalePackage, "@Price", role.Price, "@Description", role.Description)); }
public void InsertUnusedRole() { TestPermissionsCachingOnChange(context => { var common = context.Repository.Common; var role3 = new Common.Role { Name = RolePrefix + Guid.NewGuid().ToString() }; common.Role.Insert(role3); }, new[] { true, true, false }, "Roles"); }
private void InitializePage() { btnSave.Text = Language.GetString(btnSave.Text); btnCancel.Text = Language.GetString(btnCancel.Text); btnSave.Attributes["onclick"] = "return validateRequiredFields();"; if (ActionType == "edit") { Common.Role role = Facade.Role.LoadRole(RoleGuid); txtTitle.Text = role.Title; chbDefaultRole.Checked = role.IsDefault; ChbIsSalePackage.Checked = role.IsSalePackage; txtPrice.Text = Helper.FormatDecimalForDisplay(role.Price); txtDescription.Text = role.Description; } }
public void UserShouldNotUpdateDomainMembership() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve <ISqlExecuter>() .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role"); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var repository = container.Resolve <Common.DomRepository>(); var roles = container.Resolve <GenericRepository <Common.Role> >(); var principals = container.Resolve <GenericRepository <Common.Principal> >(); var membership = repository.Common.PrincipalHasRole; roles.Insert(r1, r2); principals.Insert(u1, u2); // The user should not update domain users/groups membership: Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container)); var u2r2 = membership.Query(m => m.Principal.Name.Contains(@"\u2")).Single(); membership.Delete(new[] { u2r2 }, checkUserPermissions: false); Assert.AreEqual(@"\u1-\r1", ReportMembership(container)); var u1r1 = membership.Query(m => m.Principal.Name.Contains(@"\u1")).Single(); TestUtility.ShouldFail( () => membership.Delete(new[] { u1r1 }, checkUserPermissions: true), "It is not allowed to remove the user membership here, because role " + _domainPrefix + "r1 is synchronized with an Active Directory group"); } }
protected void btnSave_Click(object sender, EventArgs e) { try { Common.Role role = new Common.Role(); role.RoleGuid = RoleGuid; role.Title = txtTitle.Text; role.Price = Helper.GetDecimal(txtPrice.Text); role.Description = txtDescription.Text; role.Priority = Helper.GetByte(txtPriority.Text); role.IsSalePackage = ChbIsSalePackage.Checked; role.IsDefault = chbDefaultRole.Checked; role.UserGuid = UserGuid; role.CreateDate = DateTime.Now; if (role.HasError) { throw new Exception(role.ErrorMessage); } switch (ActionType) { case "edit": if (!Facade.Role.UpdateRole(role)) { throw new Exception(Language.GetString("ErrorRecord")); } break; case "insert": if (!Facade.Role.InsertRole(role)) { throw new Exception(Language.GetString("ErrorRecord")); } break; } Response.Redirect(string.Format("/PageLoader.aspx?c={0}", Helper.Encrypt((int)UserControls.UI_Roles_Role, Session))); } catch (Exception ex) { ClientSideScript = string.Format("result('error','{0}')", ex.Message); } }
public void CommonFilters() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve<Common.ExecutionContext>().NHibernateSession .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role") .ExecuteUpdate(); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve<Common.DomRepository>(); var roles = container.Resolve<GenericRepository<Common.Role>>(); var principals = container.Resolve<GenericRepository<Common.Principal>>(); var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>(); roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { Principal = u2, Role = r25 }, new Common.PrincipalHasRole { Principal = u5, Role = r25 } }); // Common filters: var filter1 = new Common.ActiveDirectoryAllUsersParameter(); Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container, filter1), "filter ActiveDirectoryAllUsersParameter"); var filter2 = new[] { u1.Name, u2.Name }.Select(name => new Common.ActiveDirectoryUserParameter { UserName = name }).ToArray(); Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container, filter2), "filter ActiveDirectoryUserParameter"); } }
public void InsertRoleWithPermissions() { TestPermissionsCachingOnChange(context => { var common = context.Repository.Common; var role3 = new Common.Role { Name = RolePrefix + Guid.NewGuid().ToString() }; common.Role.Insert(role3); var claim1 = common.Claim.Load(c => c.ClaimResource == Claim1.Resource && c.ClaimRight == Claim1.Right).Single(); common.RolePermission.Insert(new Common.RolePermission { RoleID = role3.ID, ClaimID = claim1.ID, IsAuthorized = false }); var role1 = common.Role.Load(r => r.Name == Role1Name).Single(); common.RoleInheritsRole.Insert(new Common.RoleInheritsRole { UsersFromID = role1.ID, PermissionsFromID = role3.ID }); }, new[] { false, true, false }, // Denied permission on claim1. "RolePermissions, RolePermissions, RoleRoles, RoleRoles, Roles"); }
public void InsertTestPermissions() { DeleteTestPermissions(); using (var container = new RhetosTestContainer(commitChanges: true)) { var r = container.Resolve <Common.DomRepository>(); var principal1 = new Common.Principal { Name = User1Name }; var principal2 = new Common.Principal { Name = User2Name }; r.Common.Principal.Insert(principal1, principal2); var role1 = new Common.Role { Name = Role1Name }; var role2 = new Common.Role { Name = Role2Name }; r.Common.Role.Insert(role1, role2); r.Common.PrincipalHasRole.Insert(new Common.PrincipalHasRole { PrincipalID = principal1.ID, RoleID = role1.ID }); r.Common.RoleInheritsRole.Insert(new Common.RoleInheritsRole { UsersFromID = role1.ID, PermissionsFromID = role2.ID }); var claim1 = r.Common.Claim.Load(c => c.ClaimResource == Claim1.Resource && c.ClaimRight == Claim1.Right).Single(); var claim2 = r.Common.Claim.Load(c => c.ClaimResource == Claim2.Resource && c.ClaimRight == Claim2.Right).Single(); r.Common.PrincipalPermission.Insert(new Common.PrincipalPermission { PrincipalID = principal1.ID, ClaimID = claim1.ID, IsAuthorized = true }); r.Common.RolePermission.Insert(new Common.RolePermission { RoleID = role2.ID, ClaimID = claim2.ID, IsAuthorized = true }); } }
public void InsertTestPermissions() { DeleteTestPermissions(); using (var scope = TestScope.Create()) { var context = scope.Resolve <Common.ExecutionContext>(); var r = scope.Resolve <Common.DomRepository>(); var principal1 = context.InsertPrincipalOrReadId(User1Name); context.InsertPrincipalOrReadId(User2Name); var role1 = new Common.Role { Name = Role1Name }; var role2 = new Common.Role { Name = Role2Name }; r.Common.Role.Insert(role1, role2); r.Common.PrincipalHasRole.Insert(new Common.PrincipalHasRole { PrincipalID = principal1.ID, RoleID = role1.ID }); r.Common.RoleInheritsRole.Insert(new Common.RoleInheritsRole { UsersFromID = role1.ID, PermissionsFromID = role2.ID }); var claim1 = r.Common.Claim.Load(c => c.ClaimResource == Claim1.Resource && c.ClaimRight == Claim1.Right).Single(); var claim2 = r.Common.Claim.Load(c => c.ClaimResource == Claim2.Resource && c.ClaimRight == Claim2.Right).Single(); r.Common.PrincipalPermission.Insert(new Common.PrincipalPermission { PrincipalID = principal1.ID, ClaimID = claim1.ID, IsAuthorized = true }); r.Common.RolePermission.Insert(new Common.RolePermission { RoleID = role2.ID, ClaimID = claim2.ID, IsAuthorized = true }); scope.CommitAndClose(); } }
public void InsertTestPermissions() { DeleteTestPermissions(); using (var container = new RhetosTestContainer(commitChanges: true)) { var r = container.Resolve<Common.DomRepository>(); var principal1 = new Common.Principal { Name = User1Name }; var principal2 = new Common.Principal { Name = User2Name }; r.Common.Principal.Insert(principal1, principal2); var role1 = new Common.Role { Name = Role1Name }; var role2 = new Common.Role { Name = Role2Name }; r.Common.Role.Insert(role1, role2); r.Common.PrincipalHasRole.Insert(new Common.PrincipalHasRole { PrincipalID = principal1.ID, RoleID = role1.ID }); r.Common.RoleInheritsRole.Insert(new Common.RoleInheritsRole { UsersFromID = role1.ID, PermissionsFromID = role2.ID }); var claim1 = r.Common.Claim.Load(c => c.ClaimResource == Claim1.Resource && c.ClaimRight == Claim1.Right).Single(); var claim2 = r.Common.Claim.Load(c => c.ClaimResource == Claim2.Resource && c.ClaimRight == Claim2.Right).Single(); r.Common.PrincipalPermission.Insert(new Common.PrincipalPermission { PrincipalID = principal1.ID, ClaimID = claim1.ID, IsAuthorized = true }); r.Common.RolePermission.Insert(new Common.RolePermission { RoleID = role2.ID, ClaimID = claim2.ID, IsAuthorized = true }); } }
public Guid InsertRole(Common.Role role) { Guid guid = Guid.NewGuid(); try { ExecuteSPCommand("InsertRole", "@Guid", guid, "@Title", role.Title, "@Priority", role.Priority, "@CreateDate", role.CreateDate, "@UserGuid", role.UserGuid, "@IsDefault", role.IsDefault, "@IsSalePackage", role.IsSalePackage, "@Price", role.Price, "@Description", role.Description); return(guid); } catch { guid = Guid.Empty; return(guid); } }
public static bool InsertRole(Common.Role role) { Business.Role roleController = new Business.Role(); return(roleController.InsertRole(role) != Guid.Empty ? true : false); }
public void ComputeOnAuthorization() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve <ISqlExecuter>() .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role"); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve <Common.DomRepository>(); var roles = container.Resolve <GenericRepository <Common.Role> >(); var principals = container.Resolve <GenericRepository <Common.Principal> >(); var membership = container.Resolve <GenericRepository <Common.PrincipalHasRole> >(); roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Delete(membership.Load()); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { PrincipalID = u2.ID, RoleID = r25.ID }, new Common.PrincipalHasRole { PrincipalID = u5.ID, RoleID = r25.ID } }); // Recompute membership on authorization: var authorizationProvider = container.Resolve <CommonAuthorizationProvider>(); Assert.AreEqual(@"\u2-r25, u5-r25", ReportMembership(container)); { var userRoles = authorizationProvider.GetUsersRoles(u1); Assert.AreEqual(@"\r1", ReportRoles(userRoles, container)); Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container), "membership recomputed on authorization u1"); } { var userRoles = authorizationProvider.GetUsersRoles(u2); Assert.AreEqual(@"\r2, r25", ReportRoles(userRoles, container), "mixed membership"); Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "membership recomputed on authorization u2"); } AuthorizationDataCache.ClearCache(); membership.Delete(membership.Load()); Assert.AreEqual(@"", ReportMembership(container), "membership deleted"); { var userRoles = authorizationProvider.GetUsersRoles(u1); Assert.AreEqual(@"\r1", ReportRoles(userRoles, container)); Assert.AreEqual(@"\u1-\r1", ReportMembership(container), "membership recomputed on authorization u1"); } { var userRoles = authorizationProvider.GetUsersRoles(u2); Assert.AreEqual(@"\r2", ReportRoles(userRoles, container)); Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container), "membership recomputed on authorization u2"); } } }
public void RoleInheritance() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve<Common.ExecutionContext>().NHibernateSession .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role") .ExecuteUpdate(); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve<Common.DomRepository>(); var roles = container.Resolve<GenericRepository<Common.Role>>(); var principals = container.Resolve<GenericRepository<Common.Principal>>(); var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>(); roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { Principal = u2, Role = r25 }, new Common.PrincipalHasRole { Principal = u5, Role = r25 } }); // Modify role inheritance: repository.Common.RoleInheritsRole.Insert(new[] { new Common.RoleInheritsRole { UsersFrom = r1, PermissionsFrom = r25 } }); TestUtility.ShouldFail(() => repository.Common.RoleInheritsRole.Insert(new[] { new Common.RoleInheritsRole { UsersFrom = r25, PermissionsFrom = r2 } }), "UserException", "It is not allowed to add users or user groups here because this role is synchronized with an Active Directory group.", "Please change the user membership on Active Directory instead."); } }
public void ComputeOnUpdateRole() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve <ISqlExecuter>() .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role"); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve <Common.DomRepository>(); var roles = container.Resolve <GenericRepository <Common.Role> >(); var principals = container.Resolve <GenericRepository <Common.Principal> >(); var membership = container.Resolve <GenericRepository <Common.PrincipalHasRole> >(); roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { PrincipalID = u2.ID, RoleID = r25.ID }, new Common.PrincipalHasRole { PrincipalID = u5.ID, RoleID = r25.ID } }); // Recompute membership on modified role should remove obsolete memebers: Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "initial membership"); r2.Name = _domainPrefix + "r2x"; roles.Update(r2); Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container), "recomputed membership after rename role"); // New role members will not be added automatically, to avoid performance penalty: // (the membership will be added on the principal's authorization check) r2.Name = _domainPrefix + "r2"; roles.Update(r2); // This is not reqested feature, this assert simply describes currently implemented behaviour: Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container)); } }
public void ComputeOnInsertPrincipal() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve<Common.ExecutionContext>().NHibernateSession .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role") .ExecuteUpdate(); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve<Common.DomRepository>(); var roles = container.Resolve<GenericRepository<Common.Role>>(); var principals = container.Resolve<GenericRepository<Common.Principal>>(); var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>(); roles.Insert(r1, r2, r25); Assert.AreEqual(@"\r1, \r2, r25", ReportRoles(roles.Read()), "roles created"); principals.Insert(u1, u2, u3, u5); Assert.AreEqual(@"\u1, \u2, \u3, u5", ReportPrincipals(principals.Read()), "principals created"); // Recompute membership on insert domain users: Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container), "auto-membership on insert"); // Inserting non-domain users and roles: membership.Insert(new[] { new Common.PrincipalHasRole { Principal = u2, Role = r25 }, new Common.PrincipalHasRole { Principal = u5, Role = r25 } }, checkUserPermissions: true); Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "non-domain users and roles"); } }
public void ComputeOnUpdatePrincipal() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve<Common.ExecutionContext>().NHibernateSession .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role") .ExecuteUpdate(); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve<Common.DomRepository>(); var roles = container.Resolve<GenericRepository<Common.Role>>(); var principals = container.Resolve<GenericRepository<Common.Principal>>(); var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>(); roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { Principal = u2, Role = r25 }, new Common.PrincipalHasRole { Principal = u5, Role = r25 } }); // Recompute membership on update principal (domain users only): u2.Name = "u2x"; principals.Update(u2); Assert.AreEqual(@"\u1-\r1, u2x-\r2, u2x-r25, u5-r25", ReportMembership(container), "auto-membership on update ignore non-domain users"); u2.Name = _domainPrefix + "u2x"; principals.Update(u2); Assert.AreEqual(@"\u1-\r1, \u2x-r25, u5-r25", ReportMembership(container), "auto-membership on update domain users"); u2.Name = _domainPrefix + "u2"; principals.Update(u2); Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "auto-membership on update domain users 2"); } }
public void CommonFilters() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve <ISqlExecuter>() .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role"); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve <Common.DomRepository>(); var roles = container.Resolve <GenericRepository <Common.Role> >(); var principals = container.Resolve <GenericRepository <Common.Principal> >(); var membership = repository.Common.PrincipalHasRole; roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { PrincipalID = u2.ID, RoleID = r25.ID }, new Common.PrincipalHasRole { PrincipalID = u5.ID, RoleID = r25.ID } }); // Common filters: var filter1 = new Common.ActiveDirectoryAllUsersParameter(); Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container, filter1), "filter ActiveDirectoryAllUsersParameter"); var filter2 = new[] { u1.Name, u2.Name }.Select(name => new Common.ActiveDirectoryUserParameter { UserName = name }).ToArray(); Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container, filter2), "filter ActiveDirectoryUserParameter"); } }
public void ComputeOnUpdateRole() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve<Common.ExecutionContext>().NHibernateSession .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role") .ExecuteUpdate(); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve<Common.DomRepository>(); var roles = container.Resolve<GenericRepository<Common.Role>>(); var principals = container.Resolve<GenericRepository<Common.Principal>>(); var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>(); roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { Principal = u2, Role = r25 }, new Common.PrincipalHasRole { Principal = u5, Role = r25 } }); // Recompute membership on modified role should remove obsolete memebers: Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "initial membership"); r2.Name = _domainPrefix + "r2x"; roles.Update(r2); Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container), "recomputed membership after rename role"); // New role members will not be added automatically, to avoid performance penalty: // (the membership will be added on the principal's authorization check) r2.Name = _domainPrefix + "r2"; roles.Update(r2); // This is not reqested feature, this assert simply describes currently implemented behaviour: Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container)); } }
public void RecomputeMembership() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve<Common.ExecutionContext>().NHibernateSession .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role") .ExecuteUpdate(); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve<Common.DomRepository>(); var roles = container.Resolve<GenericRepository<Common.Role>>(); var principals = container.Resolve<GenericRepository<Common.Principal>>(); var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>(); roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { Principal = u2, Role = r25 }, new Common.PrincipalHasRole { Principal = u5, Role = r25 } }); // Recompute membership relations: var u1r1 = membership.Read(m => m.Principal.Name.Contains(@"\u1")).Single(); membership.Delete(new[] { u1r1 }, checkUserPermissions: false); Assert.AreEqual(@"\u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "modified membership"); repository.Common.PrincipalHasRole.RecomputeFromActiveDirectoryPrincipalHasRole(); Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "recomputed membership"); } }
public static bool UpdateRole(Common.Role role) { Business.Role roleController = new Business.Role(); return(roleController.UpdateRole(role)); }
public void SystemRoles() { string testUserName = "******" + Guid.NewGuid().ToString(); string allPrincipals = SystemRole.AllPrincipals.ToString(); string anonymous = SystemRole.Anonymous.ToString(); AuthorizationDataCache.ClearCache(); using (var scope = TestScope.Create()) { var context = scope.Resolve <Common.ExecutionContext>(); var repository = context.Repository; // Insert test user and roles: var testPrincipal = context.InsertPrincipalOrReadId(testUserName); var roles = context.Repository.Common.Role; if (!roles.Query().Any(r => r.Name == allPrincipals)) { roles.Insert(new Common.Role { Name = allPrincipals }); } var allPrincipalsRole = roles.Load(r => r.Name == allPrincipals).Single(); if (!roles.Query().Any(r => r.Name == anonymous)) { roles.Insert(new Common.Role { Name = anonymous }); } var anonymousRole = roles.Load(r => r.Name == anonymous).Single(); // Test automatically assigned system roles: var authorizationProvider = (CommonAuthorizationProvider)scope.Resolve <IAuthorizationProvider>(); Func <IPrincipal, string[]> getUserRolesNames = principal => authorizationProvider.GetUsersRoles(principal).Select(id => repository.Common.Role.Load(new[] { id }).Single().Name).ToArray(); Assert.AreEqual( TestUtility.DumpSorted(new[] { anonymous, allPrincipals }), TestUtility.DumpSorted(getUserRolesNames(testPrincipal))); Assert.AreEqual( TestUtility.DumpSorted(new[] { anonymous }), TestUtility.DumpSorted(getUserRolesNames(null))); // Test system roles inheritance: var allPrincipalsIndirectRole = new Common.Role { Name = "allPrincipalsIndirectRole" }; var anonymousIndirectRole = new Common.Role { Name = "anonymousIndirectRole" }; roles.Insert(allPrincipalsIndirectRole, anonymousIndirectRole); repository.Common.RoleInheritsRole.Insert( new Common.RoleInheritsRole { UsersFromID = allPrincipalsRole.ID, PermissionsFromID = allPrincipalsIndirectRole.ID }, new Common.RoleInheritsRole { UsersFromID = anonymousRole.ID, PermissionsFromID = anonymousIndirectRole.ID }); Assert.AreEqual( TestUtility.DumpSorted(new[] { anonymous, anonymousIndirectRole.Name, allPrincipals, allPrincipalsIndirectRole.Name }), TestUtility.DumpSorted(getUserRolesNames(testPrincipal))); Assert.AreEqual( TestUtility.DumpSorted(new[] { anonymous, anonymousIndirectRole.Name }), TestUtility.DumpSorted(getUserRolesNames(null))); // Remove the system roles: // Considering the naming convention, it should be enough to rename the roles. allPrincipalsRole.Name += Guid.NewGuid().ToString(); anonymousRole.Name += Guid.NewGuid().ToString(); repository.Common.Role.Update(allPrincipalsRole, anonymousRole); Assert.AreEqual("", TestUtility.DumpSorted(getUserRolesNames(testPrincipal))); Assert.AreEqual("", TestUtility.DumpSorted(getUserRolesNames(null))); } }
public void ComputeOnAuthorization() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve<Common.ExecutionContext>().NHibernateSession .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role") .ExecuteUpdate(); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" }; var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" }; var repository = container.Resolve<Common.DomRepository>(); var roles = container.Resolve<GenericRepository<Common.Role>>(); var principals = container.Resolve<GenericRepository<Common.Principal>>(); var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>(); roles.Insert(r1, r2, r25); principals.Insert(u1, u2, u3, u5); membership.Delete(membership.Read()); membership.Insert(new[] { // Non-domain users and roles. new Common.PrincipalHasRole { Principal = u2, Role = r25 }, new Common.PrincipalHasRole { Principal = u5, Role = r25 } }); // Recompute membership on authorization: var authorizationProvider = container.Resolve<CommonAuthorizationProvider>(); Assert.AreEqual(@"\u2-r25, u5-r25", ReportMembership(container)); { var userRoles = authorizationProvider.GetUsersRoles(u1); Assert.AreEqual(@"\r1", ReportRoles(userRoles, container)); Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container), "membership recomputed on authorization u1"); } { var userRoles = authorizationProvider.GetUsersRoles(u2); Assert.AreEqual(@"\r2, r25", ReportRoles(userRoles, container), "mixed membership"); Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "membership recomputed on authorization u2"); } AuthorizationDataCache.ClearCache(); membership.Delete(membership.Read()); Assert.AreEqual(@"", ReportMembership(container), "membership deleted"); { var userRoles = authorizationProvider.GetUsersRoles(u1); Assert.AreEqual(@"\r1", ReportRoles(userRoles, container)); Assert.AreEqual(@"\u1-\r1", ReportMembership(container), "membership recomputed on authorization u1"); } { var userRoles = authorizationProvider.GetUsersRoles(u2); Assert.AreEqual(@"\r2", ReportRoles(userRoles, container)); Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container), "membership recomputed on authorization u2"); } } }
public void UserShouldNotUpdateDomainMembership() { using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false)) { container.Resolve<Common.ExecutionContext>().NHibernateSession .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role") .ExecuteUpdate(); // Insert test data: var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" }; var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" }; var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" }; var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" }; var repository = container.Resolve<Common.DomRepository>(); var roles = container.Resolve<GenericRepository<Common.Role>>(); var principals = container.Resolve<GenericRepository<Common.Principal>>(); var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>(); roles.Insert(r1, r2); principals.Insert(u1, u2); // The user should not update domain users/groups membership: Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container)); var u2r2 = membership.Read(m => m.Principal.Name.Contains(@"\u2")).Single(); membership.Delete(new[] { u2r2 }, checkUserPermissions: false); Assert.AreEqual(@"\u1-\r1", ReportMembership(container)); var u1r1 = membership.Read(m => m.Principal.Name.Contains(@"\u1")).Single(); TestUtility.ShouldFail( () => membership.Delete(new[] { u1r1 }, checkUserPermissions: true), "It is not allowed to remove the user membership here, because role " + _domainPrefix + "r1 is synchronized with an Active Directory group"); } }