public void No_Access_By_Path()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
userMock.Setup(u => u.StartContentIds).Returns(new[] { 9876 });
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <EntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") });
var entityService = entityServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' });
//assert
Assert.IsFalse(result);
}
public void No_Access_To_Recycle_Bin_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20, new[] { 'B' });
//assert
Assert.IsFalse(result);
}
public void Throws_Exception_When_No_Content_Found()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(0)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act/assert
Assert.Throws <HttpResponseException>(() => ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' }));
}
public void Access_Allowed_By_Path()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) });
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var userService = userServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234);
//assert
Assert.IsTrue(result);
}
public void Access_To_Recycle_Bin_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) });
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(-20, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20, new[] { 'A' });
//assert
Assert.IsTrue(result);
}
public void No_Access_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A", "B", "C" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' });
//assert
Assert.IsFalse(result);
}
public void No_Access_By_Path()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
userMock.Setup(u => u.StartContentId).Returns(9876);
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new List <EntityPermission>();
userServiceMock.Setup(x => x.GetPermissions(user, 1234)).Returns(permissions);
var userService = userServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, 1234, new[] { 'F' });
//assert
Assert.IsFalse(result);
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (UmbracoContext.Current.Security.CurrentUser == null)
{
//not logged in
throw new HttpResponseException(System.Net.HttpStatusCode.Unauthorized);
}
int nodeId;
if (_nodeId.HasValue == false)
{
var parts = _paramName.Split(new char[] { '.' }, StringSplitOptions.RemoveEmptyEntries);
if (actionContext.ActionArguments[parts[0]] == null)
{
throw new InvalidOperationException("No argument found for the current action with the name: " + _paramName);
}
if (parts.Length == 1)
{
nodeId = (int)actionContext.ActionArguments[parts[0]];
}
else
{
//now we need to see if we can get the property of whatever object it is
var pType = actionContext.ActionArguments[parts[0]].GetType();
var prop = pType.GetProperty(parts[1]);
if (prop == null)
{
throw new InvalidOperationException("No argument found for the current action with the name: " + _paramName);
}
nodeId = (int)prop.GetValue(actionContext.ActionArguments[parts[0]]);
}
}
else
{
nodeId = _nodeId.Value;
}
if (ContentController.CheckPermissions(
actionContext.Request.Properties,
UmbracoContext.Current.Security.CurrentUser,
ApplicationContext.Current.Services.UserService,
ApplicationContext.Current.Services.ContentService,
ApplicationContext.Current.Services.EntityService,
nodeId, _permissionToCheck.HasValue ? new[] { _permissionToCheck.Value }: null))
{
base.OnActionExecuting(actionContext);
}
else
{
throw new HttpResponseException(actionContext.Request.CreateUserNoAccessResponse());
}
}
public void No_Access_To_Root_By_Path()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
userMock.Setup(u => u.StartContentId).Returns(1234);
var user = userMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, null, null, -1);
//assert
Assert.IsFalse(result);
}
public void Access_To_Recycle_Bin_By_Path()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) });
var user = userMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20);
//assert
Assert.IsTrue(result);
}
public void Access_Allowed_By_Path()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
userMock.Setup(u => u.StartContentId).Returns(-1);
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, null, contentService, 1234);
//assert
Assert.IsTrue(result);
}
public void No_Access_To_Root_By_Path()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
userMock.Setup(u => u.StartContentIds).Returns(new [] { 1234 });
var user = userMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <EntityPath>(entity => entity.Id == 1234 && entity.Path == "-1,1234") });
var entityService = entityServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -1);
//assert
Assert.IsFalse(result);
}
public void No_Access_To_Recycle_Bin_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
userMock.Setup(u => u.StartContentId).Returns(-1);
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new List <EntityPermission>
{
new EntityPermission(9, 1234, new string[] { "A" })
};
userServiceMock.Setup(x => x.GetPermissions(user, -20)).Returns(permissions);
var userService = userServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, null, -20, new[] { 'B' });
//assert
Assert.IsFalse(result);
}
