public void will_enforce_single_role() { var singleRolePolicy = new Policy("single", true, new Role("role1"), new Role("role2")); var multiRolePolicy = new Policy("multi", false, new Role("role1"), new Role("role2")); var map = new PolicyMap(singleRolePolicy); map.AddAdditionalPolicy(multiRolePolicy); var user = new UserDetails() { UserId = Guid.NewGuid(), RoleNames = new[] { "role1", "role2" } }; var userPolicy = map.GetUserPolicy(user); //default single role policy Assert.Collection(userPolicy.Roles, r => string.Equals("role1", r)); user.PolicyName = "single"; var userPolicy2 = map.GetUserPolicy(user); //explict single role policy Assert.Collection(userPolicy2.Roles, r => string.Equals("role1", r)); user.PolicyName = "multi"; var userPolicy3 = map.GetUserPolicy(user);//explict multi role policy Assert.Collection(userPolicy3.Roles, r => string.Equals("role1", r), r => string.Equals("role2", r)); }
public void policy_map_has_correct_roles_and_permisssions() { //get policies for users var systemUserpolicy = _policyMap.GetUserPolicy(_systemUser); Assert.NotNull(systemUserpolicy); //check permissions Assert.True(systemUserpolicy.HasPermission(typeof(AddItem))); Assert.True(systemUserpolicy.HasPermission(typeof(AddItem).FullName)); Assert.True(systemUserpolicy.HasPermission(new Permission(typeof(AddItem)))); Assert.True(systemUserpolicy.HasPermission(typeof(DisplayItem))); Assert.False(systemUserpolicy.HasPermission(typeof(DeleteItem))); Assert.False(systemUserpolicy.HasPermission(typeof(DeleteItem).FullName)); Assert.False(systemUserpolicy.HasPermission(new Permission(typeof(DeleteItem)))); Assert.False(systemUserpolicy.HasPermission(typeof(ExportItem))); //check roles Assert.True(systemUserpolicy.HasRole(_userRoleName)); Assert.True(systemUserpolicy.HasRole(_customRoleName)); var customRole = new Role(_customRoleName); Assert.True(systemUserpolicy.HasRole(customRole)); Assert.False(systemUserpolicy.HasRole(_adminRoleName)); Assert.False(systemUserpolicy.HasRole(_backupRoleName)); Assert.False(systemUserpolicy.HasRole(_backupRole)); var adminUserPolicy = _policyMap.GetUserPolicy(_adminUser); Assert.NotNull(adminUserPolicy); //check permissions Assert.True(adminUserPolicy.HasPermission(typeof(AddItem))); Assert.True(adminUserPolicy.HasPermission(typeof(DisplayItem))); Assert.True(adminUserPolicy.HasPermission(typeof(DeleteItem))); Assert.True(adminUserPolicy.HasPermission(_customPermissionName)); Assert.False(adminUserPolicy.HasPermission(typeof(ExportItem))); //check roles Assert.True(adminUserPolicy.HasRole(_adminRoleName)); Assert.False(adminUserPolicy.HasRole(_customRoleName)); Assert.False(adminUserPolicy.HasRole(_backupRoleName)); var backupAgentUserPolicy = _policyMap.GetUserPolicy(_backupAgent); Assert.NotNull(backupAgentUserPolicy); //check permissions Assert.False(backupAgentUserPolicy.HasPermission(typeof(AddItem))); Assert.False(backupAgentUserPolicy.HasPermission(typeof(DisplayItem))); Assert.False(backupAgentUserPolicy.HasPermission(typeof(DeleteItem))); Assert.True(backupAgentUserPolicy.HasPermission(typeof(ExportItem))); //check roles Assert.False(backupAgentUserPolicy.HasRole(_adminRoleName)); Assert.False(backupAgentUserPolicy.HasRole(_customRoleName)); Assert.True(backupAgentUserPolicy.HasRole(_backupRoleName)); }