public void TestDeletePermission_PermissionAssignmentDoesNotExist()
{
var foreignResourceId = 1;
var user = new UserAccount
{
PrincipalId = 2
};
var permissionAssignment = new PermissionAssignment
{
PermissionId = 1,
PrincipalId = user.PrincipalId,
ResourceId = 3
};
var foreignResourceCache = new ForeignResourceCache(foreignResourceId, permissionAssignment.ResourceId, 0, null, null, null);
context.PermissionAssignments.Add(permissionAssignment);
context.UserAccounts.Add(user);
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var deletedPermission = new DeletedPermission(user.PrincipalId, 0, 0, ResourceType.Project.Value);
Func <Task> f = async() =>
{
await service.DeletePermissionAsync(deletedPermission);
};
service.Invoking(x => x.DeletePermission(deletedPermission)).ShouldThrow <ModelNotFoundException>()
.WithMessage("The permission assignment was not found.");
f.ShouldThrow <ModelNotFoundException>()
.WithMessage("The permission assignment was not found.");
}
public void UpdateRolePermissions(string[] selectedPermissions, Role roleToUpdate)
{
if (selectedPermissions == null)
{
roleToUpdate.PermissionAssignments = new List <PermissionAssignment>();
return;
}
var selectedPermissionsHS = new HashSet <string>(selectedPermissions);
var rolePermissions = new HashSet <int>
(roleToUpdate.PermissionAssignments.Select(c => c.PermissionID));
foreach (var permissions in _context.Permissions)
{
if (selectedPermissionsHS.Contains(permissions.PermissionID.ToString()))
{
if (!rolePermissions.Contains(permissions.PermissionID))
{
roleToUpdate.PermissionAssignments.Add(new PermissionAssignment {
RoleID = roleToUpdate.ID, PermissionID = permissions.PermissionID
});
}
}
else
{
if (rolePermissions.Contains(permissions.PermissionID))
{
PermissionAssignment courseToRemove = roleToUpdate.PermissionAssignments.SingleOrDefault(i => i.PermissionID == permissions.PermissionID);
_context.Remove(courseToRemove);
}
}
}
}
public void TestRevokePermission_MultiplePermissionsExist()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
var permissionAssignment1 = new PermissionAssignment
{
PrincipalId = grantee.PrincipalId,
PermissionId = permission.PermissionId,
ResourceId = resource.ResourceId,
IsAllowed = false
};
var permissionAssignment2 = new PermissionAssignment
{
PrincipalId = grantee.PrincipalId,
PermissionId = permission.PermissionId,
ResourceId = resource.ResourceId,
IsAllowed = false
};
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
context.PermissionAssignments.Add(permissionAssignment1);
context.PermissionAssignments.Add(permissionAssignment2);
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var revokedPermission = new RevokedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
Func <Task> revokeAction = async() =>
{
await service.RevokePermissionAsync(revokedPermission);
};
service.Invoking(x => x.RevokePermission(revokedPermission)).ShouldThrow <NotSupportedException>()
.WithMessage("There should not be more than one permission assignment to set is allowed true.");
revokeAction.ShouldThrow <NotSupportedException>()
.WithMessage("There should not be more than one permission assignment to set is allowed true.");
}
public bool CreateNewPermissionAssignment(PermissionAssignment permissionassignment)
{
return(ExecuteProcedureNonQuery("CREATE_NEW_PERMISSION_ASSIGNMENT",
new List <SqlParameter>()
{
new SqlParameter("@PermissionId", permissionassignment.PermissionId),
new SqlParameter("@UserId", permissionassignment.UserId),
},
iCommandTimeout: 60));
}
public void TestCreateGetSimpleResourceAuthorizationsByPrincipalId_HasPermissionAssignment_CheckProperties()
{
var principalId = 1;
var principal = new Principal
{
PrincipalId = principalId,
};
var resourceType = new ResourceType
{
ResourceTypeId = ResourceType.Project.Id,
ResourceTypeName = ResourceType.Project.Value
};
var resource = new Resource
{
ResourceId = 1,
ForeignResourceId = 2,
ResourceTypeId = resourceType.ResourceTypeId,
ResourceType = resourceType,
};
var permission = new Permission
{
PermissionId = 1,
PermissionName = "Permission"
};
var permissionAssignment = new PermissionAssignment
{
IsAllowed = true,
Permission = permission,
PermissionId = permission.PermissionId,
Principal = principal,
PrincipalId = principal.PrincipalId,
Resource = resource,
ResourceId = resource.ResourceId
};
context.Principals.Add(principal);
context.ResourceTypes.Add(resourceType);
context.Resources.Add(resource);
context.Permissions.Add(permission);
context.PermissionAssignments.Add(permissionAssignment);
var results = UserQueries.CreateGetSimpleResourceAuthorizationsByPrincipalId(context, principalId).ToList();
Assert.AreEqual(1, results.Count);
var firstResult = results.First();
Assert.AreEqual(principal.PrincipalId, firstResult.PrincipalId);
Assert.AreEqual(permission.PermissionId, firstResult.PermissionId);
Assert.AreEqual(resource.ResourceId, firstResult.ResourceId);
Assert.AreEqual(resource.ForeignResourceId, firstResult.ForeignResourceId);
Assert.IsTrue(firstResult.IsAllowed);
}
public PermissionAssignment ViewPermissionAssignmentById(Int64 PermissionAssignmentId)
{
PermissionAssignment response = null;
DataTable lQueryResult = ExecuteProcedureQuery("VIEW_PERMISSION_ASSIGNMENT_BY_ID",
new SqlParameter("@PermissionAssignmentId", PermissionAssignmentId),
iCommandTimeout: 30);
if (lQueryResult.Rows.Count > 0)
{
response = AutoMap <PermissionAssignment> .FromDataRow(lQueryResult.Rows[0]);
}
return(response);
}
private static void CombineToAccessRightsMap(
IDictionary <string, AccessRight> map,
References references,
PermissionAssignment assignment)
{
if (map == null)
{
throw new ArgumentNullException(nameof(map));
}
if (references == null)
{
throw new ArgumentNullException(nameof(references));
}
if (assignment == null)
{
throw new ArgumentNullException(nameof(assignment));
}
var permission = assignment.Permission;
foreach (var reference in references)
{
string codeName = reference.CodeName;
AccessRight accessRight;
if (!map.TryGetValue(codeName, out accessRight))
{
accessRight = new AccessRight();
map[codeName] = accessRight;
}
foreach (var entityAccess in permission.EntityAccesses)
{
accessRight.CombineEntityAccess(entityAccess);
}
foreach (var managerAccess in permission.ManagerAccesses)
{
accessRight.CombineManagerAccess(managerAccess.ManagerType);
}
accessRight.CombinePermission(permission.CodeName);
foreach (var statePathAccess in permission.StatePathAccesses)
{
accessRight.CombineStatePathAccess(statePathAccess.StatePathCodeName);
}
}
}
public async Task TestDeletePermission_PrincipalIsUserAccount()
{
var foreignResourceId = 1;
var user = new UserAccount
{
PrincipalId = 2
};
var permissionAssignment = new PermissionAssignment
{
PermissionId = 1,
PrincipalId = user.PrincipalId,
ResourceId = 3
};
var foreignResourceCache = new ForeignResourceCache(foreignResourceId, permissionAssignment.ResourceId, 0, null, null, null);
context.SetupActions.Add(() =>
{
user.PermissionsRevisedOn = null;
context.PermissionAssignments.Add(permissionAssignment);
context.UserAccounts.Add(user);
});
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var deletedPermission = new DeletedPermission(permissionAssignment.PrincipalId, foreignResourceId, permissionAssignment.PermissionId, ResourceType.Project.Value);
context.Revert();
Assert.AreEqual(1, context.PermissionAssignments.Count());
service.DeletePermission(deletedPermission);
Assert.AreEqual(0, context.PermissionAssignments.Count());
DateTimeOffset.UtcNow.Should().BeCloseTo(user.PermissionsRevisedOn.Value, 2000);
context.Revert();
Assert.AreEqual(1, context.PermissionAssignments.Count());
await service.DeletePermissionAsync(deletedPermission);
Assert.AreEqual(0, context.PermissionAssignments.Count());
DateTimeOffset.UtcNow.Should().BeCloseTo(user.PermissionsRevisedOn.Value, 2000);
}
//[ValidateAntiForgeryToken]
public async Task <IActionResult> Create([FromBody] RoleViewModel role)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
Role newRole = new Role
{
RoleName = role.RoleName
};
// One-to-Many
if (role.SelectedPermissions != null)
{
newRole.PermissionAssignments = new List <PermissionAssignment>();
foreach (var permission in role.SelectedPermissions)
{
var permissionToAdd = new PermissionAssignment {
RoleID = role.ID, PermissionID = int.Parse(permission)
};
newRole.PermissionAssignments.Add(permissionToAdd);
}
}
await _rolesRepository.AddAsync(newRole);
await _rolesRepository.CommitAsync();
// Need to grab Course (.ThenInclude(ca => ca.Course)) since newInstructor does not retrieve Course entity after CommitAsync()
// when InstructorViewModel maps (Title = ca.Course.Title)
Role RoleWithPermission = await _rolesRepository.GetRolePermissions(newRole.ID);
role = Mapper.Map <Role, RoleViewModel>(RoleWithPermission);
return(CreatedAtRoute("GetRole", new { controller = "Role", id = role.ID }, role));
}
private PermissionAssignment DoInsertPermissionAssignment(
Principal grantee,
Principal grantor,
int resourceId,
GrantedPermission grantedPermission)
{
Contract.Requires(grantedPermission != null, "The granted permission must not be null.");
Contract.Requires(grantee != null, "The grantee must not be null.");
Contract.Requires(grantor != null, "The grantor must not be null.");
logger.Info("Inserting permission assignment for granted permission [{0}].", grantedPermission);
var permissionAssignment = new PermissionAssignment
{
AssignedBy = grantedPermission.Audit.UserId,
AssignedOn = grantedPermission.Audit.Date,
IsAllowed = grantedPermission.IsAllowed,
PermissionId = grantedPermission.PermissionId,
PrincipalId = grantedPermission.GranteePrincipalId,
ResourceId = resourceId
};
Context.PermissionAssignments.Add(permissionAssignment);
return(permissionAssignment);
}
public async Task TestDeletePermission_PrincipalIsNotUserAccount()
{
var foreignResourceId = 1;
var principal = new Principal
{
PrincipalId = 2
};
var permissionAssignment = new PermissionAssignment
{
PermissionId = 1,
PrincipalId = principal.PrincipalId,
ResourceId = 3
};
var foreignResourceCache = new ForeignResourceCache(foreignResourceId, permissionAssignment.ResourceId, 0, null, null, null);
context.SetupActions.Add(() =>
{
context.PermissionAssignments.Add(permissionAssignment);
context.Principals.Add(principal);
});
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var deletedPermission = new DeletedPermission(permissionAssignment.PrincipalId, foreignResourceId, permissionAssignment.PermissionId, ResourceType.Project.Value);
context.Revert();
Assert.AreEqual(1, context.PermissionAssignments.Count());
service.DeletePermission(deletedPermission);
Assert.AreEqual(0, context.PermissionAssignments.Count());
context.Revert();
Assert.AreEqual(1, context.PermissionAssignments.Count());
await service.DeletePermissionAsync(deletedPermission);
Assert.AreEqual(0, context.PermissionAssignments.Count());
}
internal void Fill(HashSet <PermissionAssignment> perms, Role role, IPermissionProvider prov)
{
NpgsqlCommand cmd = Db.GetCmd(Db.RoleConnectionString);
cmd.CommandText = Db.SelectRolePermissions + Db.SelectRoleByRoleId;
cmd.Parameters.AddWithValue("rid", role.Id);
NpgsqlDataReader rdr = Db.ExecuteReader(cmd);
if (rdr != null)
{
try
{
while (rdr.Read())
{
Guid pid = DbReaderUtils.GetGuid(rdr, 1);
bool isGrant = DbReaderUtils.GetBoolean(rdr, 2);
Permission p = prov.Get(pid);
if (p != null)
{
PermissionAssignment pa = new PermissionAssignment(p, isGrant ? GrantType.Grant : GrantType.Deny);
perms.Add(pa);
}
}
if (cmd.Connection.State == System.Data.ConnectionState.Open)
{
cmd.Connection.Close();
}
}
catch
{ }
finally
{
cmd.Dispose();
}
}
}
private void DoDeletePermissionAssignment(PermissionAssignment permissionAssignment, UserAccount user)
{
Contract.Requires(permissionAssignment != null, "The permission assignment must not be null.");
UpdatePermissionsRevisedOn(user);
this.Context.PermissionAssignments.Remove(permissionAssignment);
}
public void TestCreateGetSimpleResourceAuthorizationsByPrincipalId_PrincipalHasRoleAndPermissionAssignment_RoleIsInactive_PermissionIsNotAllowed()
{
var principalId = 1;
var principal = new Principal
{
PrincipalId = principalId,
};
var resourceType = new ResourceType
{
ResourceTypeId = ResourceType.Project.Id,
ResourceTypeName = ResourceType.Project.Value
};
var resource = new Resource
{
ResourceId = 1,
ForeignResourceId = 2,
ResourceTypeId = resourceType.ResourceTypeId,
ResourceType = resourceType,
};
var permission = new Permission
{
PermissionId = 1,
PermissionName = "Permission"
};
var role = new Role
{
IsActive = false,
RoleId = 1,
RoleName = "role name"
};
var principalRole = new PrincipalRole
{
RoleId = role.RoleId,
Role = role,
Principal = principal,
PrincipalId = principal.PrincipalId
};
var roleResourcePermission = new RoleResourcePermission
{
Permission = permission,
PermissionId = permission.PermissionId,
Resource = resource,
ResourceId = resource.ResourceId,
Role = role,
RoleId = role.RoleId
};
var permissionAssignment = new PermissionAssignment
{
IsAllowed = false,
Permission = permission,
PermissionId = permission.PermissionId,
Principal = principal,
Resource = resource,
ResourceId = resource.ResourceId,
PrincipalId = principal.PrincipalId,
};
context.Principals.Add(principal);
context.ResourceTypes.Add(resourceType);
context.Resources.Add(resource);
context.Permissions.Add(permission);
context.Roles.Add(role);
context.PrincipalRoles.Add(principalRole);
context.RoleResourcePermissions.Add(roleResourcePermission);
context.PermissionAssignments.Add(permissionAssignment);
var results = UserQueries.CreateGetSimpleResourceAuthorizationsByPrincipalId(context, principalId).ToList();
Assert.AreEqual(1, results.Count);
var firstResult = results.First();
Assert.AreEqual(principal.PrincipalId, firstResult.PrincipalId);
Assert.AreEqual(permission.PermissionId, firstResult.PermissionId);
Assert.AreEqual(resource.ResourceId, firstResult.ResourceId);
Assert.AreEqual(resource.ForeignResourceId, firstResult.ForeignResourceId);
Assert.IsFalse(firstResult.IsAllowed);
}
public async Task TestRevokePermission_PermissionIsAlreadyGrantedButAllowed()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
var permissionAssignment = new PermissionAssignment
{
PrincipalId = grantee.PrincipalId,
PermissionId = permission.PermissionId,
ResourceId = resource.ResourceId,
IsAllowed = true
};
context.SetupActions.Add(() =>
{
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
context.PermissionAssignments.Add(permissionAssignment);
permissionAssignment.IsAllowed = true;
Assert.AreEqual(1, context.PermissionAssignments.Count());
});
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList(permission));
resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList(permission));
Action tester = () =>
{
Assert.AreEqual(1, context.PermissionAssignments.Count());
Assert.IsFalse(context.PermissionAssignments.First().IsAllowed);
};
context.Revert();
var revokedPermission = new RevokedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
service.RevokePermission(revokedPermission);
context.Revert();
await service.RevokePermissionAsync(revokedPermission);
tester();
}