public void No_Access_By_Path() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); userMock.Setup(u => u.StartContentIds).Returns(new[] { 9876 }); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); var contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection(); var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>())) .Returns(new[] { Mock.Of <EntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") }); var entityService = entityServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' }); //assert Assert.IsFalse(result); }
public void No_Access_To_Recycle_Bin_By_Permission() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(0); var user = userMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1234, new string[] { "A" }) }; var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; var contentServiceMock = new Mock <IContentService>(); var contentService = contentServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20, new[] { 'B' }); //assert Assert.IsFalse(result); }
public void Throws_Exception_When_No_Content_Found() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(0)).Returns(content); var contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection(); var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; //act/assert Assert.Throws <HttpResponseException>(() => ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' })); }
public void Access_Allowed_By_Path() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) }); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); var contentService = contentServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var userService = userServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234); //assert Assert.IsTrue(result); }
public void Access_To_Recycle_Bin_By_Permission() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(0); userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) }); var user = userMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1234, new string[] { "A" }) }; var permissionSet = new EntityPermissionSet(-20, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; var contentServiceMock = new Mock <IContentService>(); var contentService = contentServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20, new[] { 'A' }); //assert Assert.IsTrue(result); }
public void No_Access_By_Permission() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); var contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1234, new string[] { "A", "B", "C" }) }; var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' }); //assert Assert.IsFalse(result); }
public void No_Access_By_Path() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); userMock.Setup(u => u.StartContentId).Returns(9876); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); var contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new List <EntityPermission>(); userServiceMock.Setup(x => x.GetPermissions(user, 1234)).Returns(permissions); var userService = userServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, 1234, new[] { 'F' }); //assert Assert.IsFalse(result); }
public override void OnActionExecuting(HttpActionContext actionContext) { if (UmbracoContext.Current.Security.CurrentUser == null) { //not logged in throw new HttpResponseException(System.Net.HttpStatusCode.Unauthorized); } int nodeId; if (_nodeId.HasValue == false) { var parts = _paramName.Split(new char[] { '.' }, StringSplitOptions.RemoveEmptyEntries); if (actionContext.ActionArguments[parts[0]] == null) { throw new InvalidOperationException("No argument found for the current action with the name: " + _paramName); } if (parts.Length == 1) { nodeId = (int)actionContext.ActionArguments[parts[0]]; } else { //now we need to see if we can get the property of whatever object it is var pType = actionContext.ActionArguments[parts[0]].GetType(); var prop = pType.GetProperty(parts[1]); if (prop == null) { throw new InvalidOperationException("No argument found for the current action with the name: " + _paramName); } nodeId = (int)prop.GetValue(actionContext.ActionArguments[parts[0]]); } } else { nodeId = _nodeId.Value; } if (ContentController.CheckPermissions( actionContext.Request.Properties, UmbracoContext.Current.Security.CurrentUser, ApplicationContext.Current.Services.UserService, ApplicationContext.Current.Services.ContentService, ApplicationContext.Current.Services.EntityService, nodeId, _permissionToCheck.HasValue ? new[] { _permissionToCheck.Value }: null)) { base.OnActionExecuting(actionContext); } else { throw new HttpResponseException(actionContext.Request.CreateUserNoAccessResponse()); } }
public void No_Access_To_Root_By_Path() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(0); userMock.Setup(u => u.StartContentId).Returns(1234); var user = userMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, null, null, -1); //assert Assert.IsFalse(result); }
public void Access_To_Recycle_Bin_By_Path() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(0); userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) }); var user = userMock.Object; var contentServiceMock = new Mock <IContentService>(); var contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20); //assert Assert.IsTrue(result); }
public void Access_Allowed_By_Path() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); userMock.Setup(u => u.StartContentId).Returns(-1); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); var contentService = contentServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, null, contentService, 1234); //assert Assert.IsTrue(result); }
public void No_Access_To_Root_By_Path() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(0); userMock.Setup(u => u.StartContentIds).Returns(new [] { 1234 }); var user = userMock.Object; var contentServiceMock = new Mock <IContentService>(); var contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>())) .Returns(new[] { Mock.Of <EntityPath>(entity => entity.Id == 1234 && entity.Path == "-1,1234") }); var entityService = entityServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -1); //assert Assert.IsFalse(result); }
public void No_Access_To_Recycle_Bin_By_Permission() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(0); userMock.Setup(u => u.StartContentId).Returns(-1); var user = userMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new List <EntityPermission> { new EntityPermission(9, 1234, new string[] { "A" }) }; userServiceMock.Setup(x => x.GetPermissions(user, -20)).Returns(permissions); var userService = userServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, null, -20, new[] { 'B' }); //assert Assert.IsFalse(result); }