/// <summary> /// Adds access rule with an action of <see cref="AccessRuleViolationAction.Error"/> /// </summary> /// <param name="pageId">Id of the page to add the rule to.</param> /// <param name="userAreaCode"> /// Unique 3 character code representing the user area to restrict /// the page to. This cannot be the Cofoundry admin user area, as /// access rules do not apply to admin panel users. /// </param> /// <param name="roleId"> /// Optionally restrict access to a specific role within the selected /// user area. /// </param> /// <param name="configration"> /// Optional additional configuration action to run before the /// command is executed. /// </param> public async Task AddAccessRuleAsync( int pageId, string userAreaCode, int?roleId = null, Action <UpdatePageAccessRuleSetCommand> configration = null ) { var command = new UpdatePageAccessRuleSetCommand() { PageId = pageId, ViolationAction = AccessRuleViolationAction.Error }; command.AccessRules.AddNew(userAreaCode, roleId); if (configration != null) { configration(command); } using var scope = _serviceProvider.CreateScope(); var contentRepository = scope .ServiceProvider .GetRequiredService <IAdvancedContentRepository>() .WithElevatedPermissions(); await contentRepository .Pages() .AccessRules() .UpdateAsync(command); }
public void Validate_WhenDuplicates_ReturnsError() { var command = new UpdatePageAccessRuleSetCommand(); command.PageId = 1; command.AccessRules.AddNew("TST"); command.AccessRules.AddNew("TST"); command.AccessRules.AddNew("TST", 9); command.AccessRules.AddNew("BLH"); command.AccessRules.AddNew("BLH", 6); command.AccessRules.AddNew("BLH", 6); var validationService = new ModelValidationService(); var errors = validationService.GetErrors(command); using (new AssertionScope()) { errors.Should().HaveCount(2); var roleError = errors.Single(e => e.Message.Contains("role")); roleError.Should().NotBeNull(); roleError.Properties.Single().Should().Be(nameof(command.AccessRules)); roleError.Message.Should().Match("Duplicate*role*"); var userAreaError = errors.Single(e => e.Message.Contains("user area")); userAreaError.Should().NotBeNull(); userAreaError.Properties.Single().Should().Be(nameof(command.AccessRules)); userAreaError.Message.Should().Match("Duplicate*user area*"); } }
public async Task WhenUpdated_SendsMessage() { var uniqueData = UNIQUE_PREFIX + nameof(WhenUpdated_SendsMessage); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId); var command = new UpdatePageAccessRuleSetCommand() { PageId = pageId }; await contentRepository .Pages() .AccessRules() .UpdateAsync(command); app.Mocks .CountMessagesPublished <PageAccessRulesUpdatedMessage>(m => m.PageId == pageId) .Should().Be(1); }
public async Task CanChangeRole() { var uniqueData = UNIQUE_PREFIX + nameof(CanChangeRole); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId); var userArea1 = app.SeededEntities.TestUserArea1; var userArea2 = app.SeededEntities.TestUserArea2; var command = new UpdatePageAccessRuleSetCommand() { PageId = pageId, UserAreaCodeForSignInRedirect = userArea1.UserAreaCode }; command.AccessRules.AddNew(userArea1.UserAreaCode, userArea1.RoleA.RoleId); await contentRepository .Pages() .AccessRules() .UpdateAsync(command); var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageAccessRuleSetCommand>(pageId)); updateCommand.UserAreaCodeForSignInRedirect = userArea2.UserAreaCode; var roleAccessRuleCommand = updateCommand.AccessRules.Single(); roleAccessRuleCommand.UserAreaCode = userArea2.UserAreaCode; roleAccessRuleCommand.RoleId = userArea2.RoleA.RoleId; await contentRepository .Pages() .AccessRules() .UpdateAsync(updateCommand); var page = await dbContext .Pages .AsNoTracking() .Include(p => p.AccessRules) .FilterById(pageId) .SingleOrDefaultAsync(); using (new AssertionScope()) { page.Should().NotBeNull(); page.UserAreaCodeForSignInRedirect.Should().Be(updateCommand.UserAreaCodeForSignInRedirect); var userAreaAccessRule = page.AccessRules.Single(); userAreaAccessRule.Should().NotBeNull(); userAreaAccessRule.UserAreaCode.Should().Be(roleAccessRuleCommand.UserAreaCode); userAreaAccessRule.RoleId.Should().Be(roleAccessRuleCommand.RoleId); } }
public async Task MapsBasicData() { var uniqueData = UNIQUE_PREFIX + nameof(MapsBasicData); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId); var userArea1 = app.SeededEntities.TestUserArea1; var userArea2 = app.SeededEntities.TestUserArea2; var command = new UpdatePageAccessRuleSetCommand() { PageId = pageId, UserAreaCodeForSignInRedirect = userArea1.UserAreaCode, ViolationAction = AccessRuleViolationAction.NotFound }; command.AccessRules.AddNew(userArea2.UserAreaCode, userArea2.RoleA.RoleId); command.AccessRules.AddNew(userArea1.UserAreaCode, userArea1.RoleA.RoleId); command.AccessRules.AddNew(userArea2.UserAreaCode); await contentRepository .Pages() .AccessRules() .UpdateAsync(command); var accessDetails = await contentRepository .Pages() .AccessRules() .GetByPageId(pageId) .AsDetails() .ExecuteAsync(); using (new AssertionScope()) { accessDetails.Should().NotBeNull(); accessDetails.UserAreaForSignInRedirect.Should().NotBeNull(); accessDetails.UserAreaForSignInRedirect.UserAreaCode.Should().Be(userArea1.UserAreaCode); accessDetails.UserAreaForSignInRedirect.Name.Should().Be(userArea1.Definition.Name); accessDetails.ViolationAction.Should().Be(command.ViolationAction); accessDetails.InheritedAccessRules.Should().NotBeNull().And.BeEmpty(); accessDetails.AccessRules.Should().HaveCount(3); var rule1 = accessDetails.AccessRules.FirstOrDefault(); ValidateRuleMapping(rule1, userArea1, pageId, true); var rule2 = accessDetails.AccessRules.Skip(1).FirstOrDefault(); ValidateRuleMapping(rule2, userArea2, pageId, false); var rule3 = accessDetails.AccessRules.Skip(2).FirstOrDefault(); ValidateRuleMapping(rule3, userArea2, pageId, true); }
public async Task CanUpdateWithSameData() { var uniqueData = UNIQUE_PREFIX + nameof(CanUpdateWithSameData); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId); var userArea = app.SeededEntities.TestUserArea1; var command = new UpdatePageAccessRuleSetCommand() { PageId = pageId, UserAreaCodeForSignInRedirect = userArea.UserAreaCode, ViolationAction = AccessRuleViolationAction.NotFound }; command.AccessRules.AddNew(userArea.UserAreaCode); command.AccessRules.AddNew(userArea.UserAreaCode, userArea.RoleA.RoleId); await contentRepository .Pages() .AccessRules() .UpdateAsync(command); await contentRepository .Pages() .AccessRules() .UpdateAsync(command); var page = await dbContext .Pages .AsNoTracking() .Include(p => p.AccessRules) .FilterById(pageId) .SingleOrDefaultAsync(); using (new AssertionScope()) { page.Should().NotBeNull(); page.AccessRuleViolationActionId.Should().Be((int)command.ViolationAction); page.UserAreaCodeForSignInRedirect.Should().Be(command.UserAreaCodeForSignInRedirect); var userAreaAccessRule = page.AccessRules.Single(a => !a.RoleId.HasValue); userAreaAccessRule.Should().NotBeNull(); var roleAccessArea = page.AccessRules.Single(a => a.RoleId.HasValue); roleAccessArea.Should().NotBeNull(); roleAccessArea.UserAreaCode.Should().Be(userArea.UserAreaCode); } }
public async Task CanDelete() { var uniqueData = UNIQUE_PREFIX + nameof(CanDelete); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId); var command = new UpdatePageAccessRuleSetCommand() { PageId = pageId }; command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId); command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode); await contentRepository .Pages() .AccessRules() .UpdateAsync(command); var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageAccessRuleSetCommand>(pageId)); var accessRuleCommand = updateCommand.AccessRules.Single(r => r.RoleId == app.SeededEntities.TestUserArea1.RoleA.RoleId); updateCommand.AccessRules.Remove(accessRuleCommand); await contentRepository .Pages() .AccessRules() .UpdateAsync(updateCommand); var accessRules = await dbContext .PageAccessRules .AsNoTracking() .FilterByPageId(pageId) .ToListAsync(); using (new AssertionScope()) { accessRules.Should().HaveCount(1); var accessRule = accessRules.Single(); accessRule.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea2.UserAreaCode); accessRule.RoleId.Should().BeNull(); } }
public void Validate_WhenBadEnum_ReturnsError() { var command = new UpdatePageAccessRuleSetCommand(); command.PageId = 1; command.AccessRules.AddNew("TST"); command.ViolationAction = (AccessRuleViolationAction)Int32.MinValue; var validationService = new ModelValidationService(); var errors = validationService.GetErrors(command); using (new AssertionScope()) { errors.Should().HaveCount(1); var error = errors.Single(e => e.Properties.Contains(nameof(command.ViolationAction))); error.Should().NotBeNull(); error.Properties.Should().HaveCount(1); } }
public async Task WithUserArea_CanAdd() { var uniqueData = UNIQUE_PREFIX + nameof(WithUserArea_CanAdd); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId); var command = new UpdatePageAccessRuleSetCommand() { PageId = pageId }; command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode); await contentRepository .Pages() .AccessRules() .UpdateAsync(command); var accessRules = await dbContext .PageAccessRules .AsNoTracking() .FilterByPageId(pageId) .ToListAsync(); using (new AssertionScope()) { accessRules.Should().HaveCount(1); var accessRule = accessRules.Single(); accessRule.CreateDate.Should().NotBeDefault(); accessRule.CreatorId.Should().BePositive(); accessRule.PageAccessRuleId.Should().BePositive(); accessRule.PageId.Should().Be(pageId); accessRule.RoleId.Should().BeNull(); accessRule.UserAreaCode.Should().Be(app.SeededEntities.TestUserArea1.UserAreaCode); } }
public void Validate_WhenRedirectAreaIsNotInAccessRules_ReturnsError() { var command = new UpdatePageAccessRuleSetCommand(); command.PageId = 1; command.UserAreaCodeForSignInRedirect = "NON"; command.AccessRules.AddNew("TST"); var validationService = new ModelValidationService(); var errors = validationService.GetErrors(command); using (new AssertionScope()) { errors.Should().HaveCount(1); var error = errors.Single(e => e.Properties.Contains(nameof(command.UserAreaCodeForSignInRedirect))); error.Should().NotBeNull(); error.Properties.Should().HaveCount(1); error.Message.Should().Match("*redirect*sign in*access rules*"); } }
public void Validate_WhenAccessRuleIsCofoundryUserArea_ReturnsError() { var command = new UpdatePageAccessRuleSetCommand(); command.PageId = 1; command.AccessRules .AddNew("TST") .AddNew(CofoundryAdminUserArea.Code); var validationService = new ModelValidationService(); var errors = validationService.GetErrors(command); using (new AssertionScope()) { errors.Should().HaveCount(1); var error = errors.Single(); error.Properties.Should().HaveCount(1); error.Properties.First().Should().Be("UserAreaCode"); error.Message.Should().Match("*added*admin user area*"); } }
public async Task CanAddViolationAction(AccessRuleViolationAction action) { var uniqueData = UNIQUE_PREFIX + nameof(CanAddViolationAction) + action.ToString().Substring(0, 2); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId); var command = new UpdatePageAccessRuleSetCommand() { PageId = pageId, ViolationAction = action }; command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode, app.SeededEntities.TestUserArea2.RoleA.RoleId); await contentRepository .Pages() .AccessRules() .UpdateAsync(command); var page = await dbContext .Pages .AsNoTracking() .FilterById(pageId) .SingleOrDefaultAsync(); using (new AssertionScope()) { page.Should().NotBeNull(); page.AccessRuleViolationActionId.Should().Be((int)action); } }
public async Task WhenRoleNotInUserArea_Throws() { var uniqueData = UNIQUE_PREFIX + nameof(WhenRoleNotInUserArea_Throws); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId); var command = new UpdatePageAccessRuleSetCommand() { PageId = pageId, }; command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId); await contentRepository .Awaiting(r => r.Pages().AccessRules().UpdateAsync(command)) .Should() .ThrowAsync <ValidationException>() .WithMemberNames("RoleId"); }
public Task UpdateAsync(UpdatePageAccessRuleSetCommand command) { return(ExtendableContentRepository.ExecuteCommandAsync(command)); }
public async Task CanCombineMultipleOperations() { var uniqueData = UNIQUE_PREFIX + nameof(CanCombineMultipleOperations); using var app = _appFactory.Create(); var contentRepository = app.Services.GetContentRepositoryWithElevatedPermissions(); var dbContext = app.Services.GetRequiredService <CofoundryDbContext>(); var directoryId = await app.TestData.PageDirectories().AddAsync(uniqueData); var pageId = await app.TestData.Pages().AddAsync(uniqueData, directoryId); var command = new UpdatePageAccessRuleSetCommand() { PageId = pageId, UserAreaCodeForSignInRedirect = app.SeededEntities.TestUserArea1.UserAreaCode, ViolationAction = AccessRuleViolationAction.NotFound }; command.AccessRules.AddNew(app.SeededEntities.TestUserArea1.UserAreaCode, app.SeededEntities.TestUserArea1.RoleA.RoleId); command.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode); await contentRepository .Pages() .AccessRules() .UpdateAsync(command); var updateCommand = await contentRepository.ExecuteQueryAsync(new GetPatchableCommandByIdQuery <UpdatePageAccessRuleSetCommand>(pageId)); updateCommand.UserAreaCodeForSignInRedirect = null; updateCommand.ViolationAction = AccessRuleViolationAction.Error; var ruleToRemove = updateCommand.AccessRules.Single(r => r.UserAreaCode == app.SeededEntities.TestUserArea2.UserAreaCode); updateCommand.AccessRules.Remove(ruleToRemove); var ruleToUpdate = updateCommand.AccessRules.Single(r => r.RoleId == app.SeededEntities.TestUserArea1.RoleA.RoleId); ruleToUpdate.RoleId = null; updateCommand.AccessRules.AddNew(app.SeededEntities.TestUserArea2.UserAreaCode, app.SeededEntities.TestUserArea2.RoleA.RoleId); await contentRepository .Pages() .AccessRules() .UpdateAsync(updateCommand); var page = await dbContext .Pages .AsNoTracking() .Include(p => p.AccessRules) .FilterById(pageId) .SingleOrDefaultAsync(); using (new AssertionScope()) { page.Should().NotBeNull(); page.UserAreaCodeForSignInRedirect.Should().BeNull(); page.AccessRuleViolationActionId.Should().Be((int)updateCommand.ViolationAction); page.AccessRules.Should().HaveCount(2); var userArea1AccessRule = page.AccessRules.Single(r => r.UserAreaCode == app.SeededEntities.TestUserArea1.UserAreaCode); userArea1AccessRule.Should().NotBeNull(); userArea1AccessRule.RoleId.Should().BeNull(); var userArea2AccessRule = page.AccessRules.Single(r => r.UserAreaCode == app.SeededEntities.TestUserArea2.UserAreaCode); userArea2AccessRule.Should().NotBeNull(); userArea2AccessRule.RoleId.Should().Be(app.SeededEntities.TestUserArea2.RoleA.RoleId); } }