/// <summary>
/// Adds access rule with an action of <see cref="AccessRuleViolationAction.Error"/>
/// </summary>
/// <param name="pageId">Id of the page to add the rule to.</param>
/// <param name="userAreaCode">
/// Unique 3 character code representing the user area to restrict
/// the page to. This cannot be the Cofoundry admin user area, as
/// access rules do not apply to admin panel users.
/// </param>
/// <param name="roleId">
/// Optionally restrict access to a specific role within the selected
/// user area.
/// </param>
/// <param name="configration">
/// Optional additional configuration action to run before the
/// command is executed.
/// </param>
public async Task AddAccessRuleAsync(
int pageId,
string userAreaCode,
int?roleId = null,
Action <UpdatePageAccessRuleSetCommand> configration = null
)
{
var command = new UpdatePageAccessRuleSetCommand()
{
PageId = pageId,
ViolationAction = AccessRuleViolationAction.Error
};
command.AccessRules.AddNew(userAreaCode, roleId);
if (configration != null)
{
configration(command);
}
using var scope = _serviceProvider.CreateScope();
var contentRepository = scope
.ServiceProvider
.GetRequiredService <IAdvancedContentRepository>()
.WithElevatedPermissions();
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(command);
}
public void Validate_WhenDuplicates_ReturnsError()
{
var command = new UpdatePageAccessRuleSetCommand();
command.PageId = 1;
command.AccessRules.AddNew("TST");
command.AccessRules.AddNew("TST");
command.AccessRules.AddNew("TST", 9);
command.AccessRules.AddNew("BLH");
command.AccessRules.AddNew("BLH", 6);
command.AccessRules.AddNew("BLH", 6);
var validationService = new ModelValidationService();
var errors = validationService.GetErrors(command);
using (new AssertionScope())
{
errors.Should().HaveCount(2);
var roleError = errors.Single(e => e.Message.Contains("role"));
roleError.Should().NotBeNull();
roleError.Properties.Single().Should().Be(nameof(command.AccessRules));
roleError.Message.Should().Match("Duplicate*role*");
var userAreaError = errors.Single(e => e.Message.Contains("user area"));
userAreaError.Should().NotBeNull();
userAreaError.Properties.Single().Should().Be(nameof(command.AccessRules));
userAreaError.Message.Should().Match("Duplicate*user area*");
}
}
public async Task WhenUpdated_SendsMessage()
{
var uniqueData = UNIQUE_PREFIX + nameof(WhenUpdated_SendsMessage);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId);
var command = new UpdatePageAccessRuleSetCommand()
{
PageId = pageId
};
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(command);
app.Mocks
.CountMessagesPublished <PageAccessRulesUpdatedMessage>(m => m.PageId == pageId)
.Should().Be(1);
}
public async Task CanChangeRole()
{
var uniqueData = UNIQUE_PREFIX + nameof(CanChangeRole);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId);
var userArea1 = app.SeededEntities.TestUserArea1;
var userArea2 = app.SeededEntities.TestUserArea2;
var command = new UpdatePageAccessRuleSetCommand()
{
PageId = pageId,
UserAreaCodeForSignInRedirect = userArea1.UserAreaCode
};
command.AccessRules.AddNew(userArea1.UserAreaCode, userArea1.RoleA.RoleId);
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(command);
var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageAccessRuleSetCommand>(pageId));
updateCommand.UserAreaCodeForSignInRedirect = userArea2.UserAreaCode;
var roleAccessRuleCommand = updateCommand.AccessRules.Single();
roleAccessRuleCommand.UserAreaCode = userArea2.UserAreaCode;
roleAccessRuleCommand.RoleId = userArea2.RoleA.RoleId;
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(updateCommand);
var page = await dbContext
.Pages
.AsNoTracking()
.Include(p => p.AccessRules)
.FilterById(pageId)
.SingleOrDefaultAsync();
using (new AssertionScope())
{
page.Should().NotBeNull();
page.UserAreaCodeForSignInRedirect.Should().Be(updateCommand.UserAreaCodeForSignInRedirect);
var userAreaAccessRule = page.AccessRules.Single();
userAreaAccessRule.Should().NotBeNull();
userAreaAccessRule.UserAreaCode.Should().Be(roleAccessRuleCommand.UserAreaCode);
userAreaAccessRule.RoleId.Should().Be(roleAccessRuleCommand.RoleId);
}
}
public async Task MapsBasicData()
{
var uniqueData = UNIQUE_PREFIX + nameof(MapsBasicData);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId);
var userArea1 = app.SeededEntities.TestUserArea1;
var userArea2 = app.SeededEntities.TestUserArea2;
var command = new UpdatePageAccessRuleSetCommand()
{
PageId = pageId,
UserAreaCodeForSignInRedirect = userArea1.UserAreaCode,
ViolationAction = AccessRuleViolationAction.NotFound
};
command.AccessRules.AddNew(userArea2.UserAreaCode, userArea2.RoleA.RoleId);
command.AccessRules.AddNew(userArea1.UserAreaCode, userArea1.RoleA.RoleId);
command.AccessRules.AddNew(userArea2.UserAreaCode);
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(command);
var accessDetails = await contentRepository
.Pages()
.AccessRules()
.GetByPageId(pageId)
.AsDetails()
.ExecuteAsync();
using (new AssertionScope())
{
accessDetails.Should().NotBeNull();
accessDetails.UserAreaForSignInRedirect.Should().NotBeNull();
accessDetails.UserAreaForSignInRedirect.UserAreaCode.Should().Be(userArea1.UserAreaCode);
accessDetails.UserAreaForSignInRedirect.Name.Should().Be(userArea1.Definition.Name);
accessDetails.ViolationAction.Should().Be(command.ViolationAction);
accessDetails.InheritedAccessRules.Should().NotBeNull().And.BeEmpty();
accessDetails.AccessRules.Should().HaveCount(3);
var rule1 = accessDetails.AccessRules.FirstOrDefault();
ValidateRuleMapping(rule1, userArea1, pageId, true);
var rule2 = accessDetails.AccessRules.Skip(1).FirstOrDefault();
ValidateRuleMapping(rule2, userArea2, pageId, false);
var rule3 = accessDetails.AccessRules.Skip(2).FirstOrDefault();
ValidateRuleMapping(rule3, userArea2, pageId, true);
}
public async Task CanUpdateWithSameData()
{
var uniqueData = UNIQUE_PREFIX + nameof(CanUpdateWithSameData);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId);
var userArea = app.SeededEntities.TestUserArea1;
var command = new UpdatePageAccessRuleSetCommand()
{
PageId = pageId,
UserAreaCodeForSignInRedirect = userArea.UserAreaCode,
ViolationAction = AccessRuleViolationAction.NotFound
};
command.AccessRules.AddNew(userArea.UserAreaCode);
command.AccessRules.AddNew(userArea.UserAreaCode, userArea.RoleA.RoleId);
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(command);
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(command);
var page = await dbContext
.Pages
.AsNoTracking()
.Include(p => p.AccessRules)
.FilterById(pageId)
.SingleOrDefaultAsync();
using (new AssertionScope())
{
page.Should().NotBeNull();
page.AccessRuleViolationActionId.Should().Be((int)command.ViolationAction);
page.UserAreaCodeForSignInRedirect.Should().Be(command.UserAreaCodeForSignInRedirect);
var userAreaAccessRule = page.AccessRules.Single(a => !a.RoleId.HasValue);
userAreaAccessRule.Should().NotBeNull();
var roleAccessArea = page.AccessRules.Single(a => a.RoleId.HasValue);
roleAccessArea.Should().NotBeNull();
roleAccessArea.UserAreaCode.Should().Be(userArea.UserAreaCode);
}
}
public async Task CanDelete()
{
var uniqueData = UNIQUE_PREFIX + nameof(CanDelete);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId);
var command = new UpdatePageAccessRuleSetCommand()
{
PageId = pageId
};
command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId);
command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode);
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(command);
var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageAccessRuleSetCommand>(pageId));
var accessRuleCommand = updateCommand.AccessRules.Single(r => r.RoleId == app.SeededEntities.TestUserArea1.RoleA.RoleId);
updateCommand.AccessRules.Remove(accessRuleCommand);
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(updateCommand);
var accessRules = await dbContext
.PageAccessRules
.AsNoTracking()
.FilterByPageId(pageId)
.ToListAsync();
using (new AssertionScope())
{
accessRules.Should().HaveCount(1);
var accessRule = accessRules.Single();
accessRule.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea2.UserAreaCode);
accessRule.RoleId.Should().BeNull();
}
}
public void Validate_WhenBadEnum_ReturnsError()
{
var command = new UpdatePageAccessRuleSetCommand();
command.PageId = 1;
command.AccessRules.AddNew("TST");
command.ViolationAction = (AccessRuleViolationAction)Int32.MinValue;
var validationService = new ModelValidationService();
var errors = validationService.GetErrors(command);
using (new AssertionScope())
{
errors.Should().HaveCount(1);
var error = errors.Single(e => e.Properties.Contains(nameof(command.ViolationAction)));
error.Should().NotBeNull();
error.Properties.Should().HaveCount(1);
}
}
public async Task WithUserArea_CanAdd()
{
var uniqueData = UNIQUE_PREFIX + nameof(WithUserArea_CanAdd);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId);
var command = new UpdatePageAccessRuleSetCommand()
{
PageId = pageId
};
command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode);
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(command);
var accessRules = await dbContext
.PageAccessRules
.AsNoTracking()
.FilterByPageId(pageId)
.ToListAsync();
using (new AssertionScope())
{
accessRules.Should().HaveCount(1);
var accessRule = accessRules.Single();
accessRule.CreateDate.Should().NotBeDefault();
accessRule.CreatorId.Should().BePositive();
accessRule.PageAccessRuleId.Should().BePositive();
accessRule.PageId.Should().Be(pageId);
accessRule.RoleId.Should().BeNull();
accessRule.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea1.UserAreaCode);
}
}
public void Validate_WhenRedirectAreaIsNotInAccessRules_ReturnsError()
{
var command = new UpdatePageAccessRuleSetCommand();
command.PageId = 1;
command.UserAreaCodeForSignInRedirect = "NON";
command.AccessRules.AddNew("TST");
var validationService = new ModelValidationService();
var errors = validationService.GetErrors(command);
using (new AssertionScope())
{
errors.Should().HaveCount(1);
var error = errors.Single(e => e.Properties.Contains(nameof(command.UserAreaCodeForSignInRedirect)));
error.Should().NotBeNull();
error.Properties.Should().HaveCount(1);
error.Message.Should().Match("*redirect*sign in*access rules*");
}
}
public void Validate_WhenAccessRuleIsCofoundryUserArea_ReturnsError()
{
var command = new UpdatePageAccessRuleSetCommand();
command.PageId = 1;
command.AccessRules
.AddNew("TST")
.AddNew(CofoundryAdminUserArea.Code);
var validationService = new ModelValidationService();
var errors = validationService.GetErrors(command);
using (new AssertionScope())
{
errors.Should().HaveCount(1);
var error = errors.Single();
error.Properties.Should().HaveCount(1);
error.Properties.First().Should().Be("UserAreaCode");
error.Message.Should().Match("*added*admin user area*");
}
}
public async Task CanAddViolationAction(AccessRuleViolationAction action)
{
var uniqueData = UNIQUE_PREFIX + nameof(CanAddViolationAction) + action.ToString().Substring(0, 2);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId);
var command = new UpdatePageAccessRuleSetCommand()
{
PageId = pageId,
ViolationAction = action
};
command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode, app.SeededEntities.TestUserArea2.RoleA.RoleId);
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(command);
var page = await dbContext
.Pages
.AsNoTracking()
.FilterById(pageId)
.SingleOrDefaultAsync();
using (new AssertionScope())
{
page.Should().NotBeNull();
page.AccessRuleViolationActionId.Should().Be((int)action);
}
}
public async Task WhenRoleNotInUserArea_Throws()
{
var uniqueData = UNIQUE_PREFIX + nameof(WhenRoleNotInUserArea_Throws);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId);
var command = new UpdatePageAccessRuleSetCommand()
{
PageId = pageId,
};
command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId);
await contentRepository
.Awaiting(r => r.Pages().AccessRules().UpdateAsync(command))
.Should()
.ThrowAsync <ValidationException>()
.WithMemberNames("RoleId");
}
public Task UpdateAsync(UpdatePageAccessRuleSetCommand command)
{
return(ExtendableContentRepository.ExecuteCommandAsync(command));
}
public async Task CanCombineMultipleOperations()
{
var uniqueData = UNIQUE_PREFIX + nameof(CanCombineMultipleOperations);
using var app = _appFactory.Create();
var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions();
var dbContext = app.Services.GetRequiredService <CofoundryDbContext>();
var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData);
var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId);
var command = new UpdatePageAccessRuleSetCommand()
{
PageId = pageId,
UserAreaCodeForSignInRedirect = app.SeededEntities.TestUserArea1.UserAreaCode,
ViolationAction = AccessRuleViolationAction.NotFound
};
command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId);
command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode);
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(command);
var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageAccessRuleSetCommand>(pageId));
updateCommand.UserAreaCodeForSignInRedirect = null;
updateCommand.ViolationAction = AccessRuleViolationAction.Error;
var ruleToRemove = updateCommand.AccessRules.Single(r => r.UserAreaCode == app.SeededEntities.TestUserArea2.UserAreaCode);
updateCommand.AccessRules.Remove(ruleToRemove);
var ruleToUpdate = updateCommand.AccessRules.Single(r => r.RoleId == app.SeededEntities.TestUserArea1.RoleA.RoleId);
ruleToUpdate.RoleId = null;
updateCommand.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode, app.SeededEntities.TestUserArea2.RoleA.RoleId);
await contentRepository
.Pages()
.AccessRules()
.UpdateAsync(updateCommand);
var page = await dbContext
.Pages
.AsNoTracking()
.Include(p => p.AccessRules)
.FilterById(pageId)
.SingleOrDefaultAsync();
using (new AssertionScope())
{
page.Should().NotBeNull();
page.UserAreaCodeForSignInRedirect.Should().BeNull();
page.AccessRuleViolationActionId.Should().Be((int)updateCommand.ViolationAction);
page.AccessRules.Should().HaveCount(2);
var userArea1AccessRule = page.AccessRules.Single(r => r.UserAreaCode == app.SeededEntities.TestUserArea1.UserAreaCode);
userArea1AccessRule.Should().NotBeNull();
userArea1AccessRule.RoleId.Should().BeNull();
var userArea2AccessRule = page.AccessRules.Single(r => r.UserAreaCode == app.SeededEntities.TestUserArea2.UserAreaCode);
userArea2AccessRule.Should().NotBeNull();
userArea2AccessRule.RoleId.Should().Be(app.SeededEntities.TestUserArea2.RoleA.RoleId);
}
}
