コード例 #1
0
ファイル: OrganisationTests.cs プロジェクト: Allors/apps
        public void GivenOrganisation_WhenCurrentUserIsContactForOrganisation_ThenCustomerPermissionsAreGranted()
        {
            var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
            var organisation = new OrganisationBuilder(this.DatabaseSession).WithName("organisation").Build();
            var customer = new PersonBuilder(this.DatabaseSession).WithLastName("Customer").WithUserName("customer").Build();

            new CustomerRelationshipBuilder(this.DatabaseSession).WithCustomer(organisation).WithInternalOrganisation(internalOrganisation).Build();
            new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customer).WithOrganisation(organisation).WithFromDate(DateTime.UtcNow).Build();

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customer", "Forms"), new string[0]);
            var acl = new AccessControlList(organisation, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanRead(Organisations.Meta.Name));
            Assert.IsTrue(acl.CanWrite(Organisations.Meta.Name));
            Assert.IsTrue(acl.CanRead(Organisations.Meta.LegalForm));
            Assert.IsTrue(acl.CanWrite(Organisations.Meta.LegalForm));
            Assert.IsTrue(acl.CanRead(Organisations.Meta.LogoImage));
            Assert.IsTrue(acl.CanWrite(Organisations.Meta.LogoImage));
            Assert.IsTrue(acl.CanRead(Organisations.Meta.Locale));
            Assert.IsTrue(acl.CanWrite(Organisations.Meta.Locale));

            Assert.IsFalse(acl.CanRead(Organisations.Meta.OwnerSecurityToken));
            Assert.IsFalse(acl.CanWrite(Organisations.Meta.OwnerSecurityToken));
        }
コード例 #2
0
ファイル: AccountantTests.cs プロジェクト: Allors/demo
        public void TestInvoices()
        {
            var departmentA = new DepartmentBuilder(this.Session).Build();
            var departmentB = new DepartmentBuilder(this.Session).Build();

            var accountantA = new PersonBuilder(this.Session).WithFirstName("Accountant").WithLastName("A").Build();
            var accountantB = new PersonBuilder(this.Session).WithFirstName("Accountant").WithLastName("B").Build();

            departmentA.AddAccountant(accountantA);
            departmentB.AddAccountant(accountantB);

            var invoiceA = new InvoiceBuilder(this.Session).Build();
            var invoiceB = new InvoiceBuilder(this.Session).Build();

            departmentA.AddInvoice(invoiceA);
            departmentB.AddInvoice(invoiceB);

            this.Session.Derive();

            // Accountant A
            var aclAccountatAInvoiceA = new AccessControlList(invoiceA, accountantA);
            var aclAccountatAInvoiceB = new AccessControlList(invoiceB, accountantA);

            aclAccountatAInvoiceA.CanWrite(Invoice.Meta.Total).ShouldBeTrue();
            aclAccountatAInvoiceB.CanWrite(Invoice.Meta.Total).ShouldBeFalse();

            // Accountant B
            var aclAccountatBInvoiceA = new AccessControlList(invoiceA, accountantB);
            var aclAccountatBInvoiceB = new AccessControlList(invoiceB, accountantB);

            aclAccountatBInvoiceA.CanWrite(Invoice.Meta.Total).ShouldBeFalse();
            aclAccountatBInvoiceB.CanWrite(Invoice.Meta.Total).ShouldBeTrue();
        }
コード例 #3
0
ファイル: AccountantTests.cs プロジェクト: Allors/demo
        public void TestEmployeesCanRead()
        {
            var employeeRole = new Roles(this.Session).Employee;

            var employees = new UserGroupBuilder(this.Session)
                .WithName("Employees")
                .Build();

            var john = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build();
            employees.AddMember(john);

            var invoice = new InvoiceBuilder(this.Session).Build();

            var singleton = Singleton.Instance(this.Session);
            var defaultSecurityToken = singleton.DefaultSecurityToken;

            var accessControl = new AccessControlBuilder(this.Session)
                .WithRole(employeeRole)
                .WithObject(defaultSecurityToken)
                .WithSubjectGroup(employees)
                .Build();

            var acl = new AccessControlList(invoice, john);

            acl.CanRead(Invoice.Meta.Total).ShouldBeTrue();
        }
コード例 #4
0
        public void GivenOrderItem_WhenObjectStateIsCompleted_ThenItemMayNotBeCancelledOrRejectedOrDeleted()
        {
            var administrator  = new PersonBuilder(this.Session).WithFirstName("Koen").WithUserName("admin").Build();
            var administrators = new UserGroups(this.Session).Administrators;

            administrators.AddMember(administrator);

            this.Session.Derive();
            this.Session.Commit();

            this.InstantiateObjects(this.Session);

            this.SetIdentity("admin");

            var item = new PurchaseOrderItemBuilder(this.Session)
                       .WithPart(this.finishedGood)
                       .WithQuantityOrdered(3)
                       .WithActualUnitPrice(5)
                       .Build();

            this.order.AddPurchaseOrderItem(item);

            this.order.Confirm();

            this.Session.Derive();

            var shipment     = new PurchaseShipmentBuilder(this.Session).WithShipFromParty(this.supplier).WithShipmentMethod(new ShipmentMethods(this.Session).Ground).Build();
            var shipmentItem = new ShipmentItemBuilder(this.Session).WithPart(this.finishedGood).Build();

            shipment.AddShipmentItem(shipmentItem);

            new ShipmentReceiptBuilder(this.Session)
            .WithQuantityAccepted(3)
            .WithShipmentItem(shipmentItem)
            .WithOrderItem(item)
            .Build();

            this.Session.Derive();

            shipment.AppsComplete();

            this.Session.Derive();

            Assert.Equal(new PurchaseOrderItemStates(this.Session).Completed, item.PurchaseOrderItemState);
            var acl = new AccessControlList(item, this.Session.GetUser());

            Assert.False(acl.CanExecute(M.PurchaseOrderItem.Cancel));
            Assert.False(acl.CanExecute(M.PurchaseOrderItem.Reject));
            Assert.False(acl.CanExecute(M.PurchaseOrderItem.Delete));
        }
コード例 #5
0
        public void GivenPickList_WhenObjectStateIsCreated_ThenCheckTransitions()
        {
            var store = this.Session.Extent <Store>().First;

            store.IsImmediatelyPicked = false;

            this.SetIdentity("orderProcessor");

            var pickList = new PickListBuilder(this.Session).Build();

            this.Session.Derive();

            var acl = new AccessControlList(pickList, this.Session.GetUser());

            Assert.True(acl.CanExecute(M.PickList.Cancel));
        }
コード例 #6
0
ファイル: SalesOrderTests.cs プロジェクト: Allors/apps
        public void GivenSalesOrderCreatedBySalesRep_WhenCurrentUserInSameSalesRepUserGroup_ThenAccessIsGranted()
        {
            var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").WithUserName("customer").Build();
            var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;

            new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();

            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
            var salesrep2 = new PersonBuilder(this.DatabaseSession).WithLastName("salesRep2").WithUserName("salesRep2").Build();

            new EmploymentBuilder(this.DatabaseSession)
                .WithFromDate(DateTime.UtcNow)
                .WithEmployee(salesrep2)
                .WithEmployer(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
                .Build();

            new SalesRepRelationshipBuilder(this.DatabaseSession)
                .WithFromDate(DateTime.UtcNow)
                .WithCustomer(customer)
                .WithSalesRepresentative(salesrep2)
                .Build();

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);

            var order = new SalesOrderBuilder(this.DatabaseSession)
                .WithBillToCustomer(customer)
                .WithShipToCustomer(customer)
                .WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
                .Build();

            this.DatabaseSession.Derive(true);

            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep2", "Forms"), new string[0]);
            acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
        }
コード例 #7
0
ファイル: PickListTests.cs プロジェクト: Allors/apps
        public void GivenPickListCreatedByOrderProcessor_WhenCurrentUserInAnotherOrderProcessorUserGroup_ThenAccessIsDenied()
        {
            var belgium = new Countries(this.DatabaseSession).CountryByIsoCode["BE"];
            var euro = belgium.Currency;

            var bank = new BankBuilder(this.DatabaseSession).WithCountry(belgium).WithName("ING België").WithBic("BBRUBEBB").Build();

            var ownBankAccount = new OwnBankAccountBuilder(this.DatabaseSession)
                .WithDescription("own account")
                .WithBankAccount(new BankAccountBuilder(this.DatabaseSession).WithBank(bank).WithCurrency(euro).WithIban("BE23 3300 6167 6391").WithNameOnAccount("Koen").Build())
                .Build();

            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
            var address1 = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();

            var billingAddress = new PartyContactMechanismBuilder(this.DatabaseSession)
                .WithContactMechanism(address1)
                .WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).BillingAddress)
                .WithUseAsDefault(true)
                .Build();

            var orderProcessor2 = new PersonBuilder(this.DatabaseSession).WithLastName("orderProcessor2").WithUserName("orderProcessor2").Build();
            var internalOrganisation = new InternalOrganisationBuilder(this.DatabaseSession)
                .WithName("employer2")
                .WithLocale(new Locales(this.DatabaseSession).EnglishGreatBritain)
                .WithEmployeeRole(new Roles(this.DatabaseSession).Administrator)
                .WithEmployeeRole(new Roles(this.DatabaseSession).Operations)
                .WithDefaultPaymentMethod(ownBankAccount)
                .WithPreferredCurrency(euro)
                .WithPartyContactMechanism(billingAddress)
                .Build();

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            var usergroups = internalOrganisation.UserGroupsWhereParty;
            usergroups.Filter.AddEquals(UserGroups.Meta.Parent, new Roles(this.DatabaseSession).Operations.UserGroupWhereRole);
            var orderProcessorUserGroup = usergroups.First;

            new EmploymentBuilder(this.DatabaseSession)
                .WithFromDate(DateTime.UtcNow)
                .WithEmployee(orderProcessor2)
                .WithEmployer(internalOrganisation)
                .Build();

            orderProcessorUserGroup.AddMember(orderProcessor2);

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
            var pickList = new PickListBuilder(this.DatabaseSession).Build();

            this.DatabaseSession.Derive(true);

            var acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(PickLists.Meta.Picker));
            Assert.IsTrue(acl.CanRead(PickLists.Meta.Picker));
            Assert.IsTrue(acl.CanExecute(PickLists.Meta.Cancel));

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor2", "Forms"), new string[0]);
            acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.HasReadOperation);
        }
コード例 #8
0
ファイル: SalesInvoiceTests.cs プロジェクト: Allors/apps
        public void GivenSalesInvoiceCreatedBySalesRep_WhenCurrentUserIsSupplier_ThenAccessIsDenied()
        {
            var customer = new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer");
            var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
                .WithAddress1("Haverwerf 15")
                .WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
                                        .WithLocality("Mechelen")
                                        .WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
                                        .Build())

                .Build();

            var supplierContact = new PersonBuilder(this.DatabaseSession).WithUserName("suppliercontact").WithLastName("suppliercontact").Build();
            var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();

            new SupplierRelationshipBuilder(this.DatabaseSession)
                .WithSupplier(supplier)
                .WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
                .WithFromDate(DateTime.UtcNow)
                .Build();

            new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(supplierContact).WithOrganisation(supplier).WithFromDate(DateTime.UtcNow).Build();

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);

            var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
                .WithBilledFromInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
                .WithBillToCustomer(customer)
                .WithBillToContactMechanism(contactMechanism)
                .Build();

            new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation).Build();

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact", "Forms"), new string[0]);
            var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.HasReadOperation);
        }
コード例 #9
0
ファイル: SalesOrderTests.cs プロジェクト: Allors/apps
        public void GivenSalesOrderCreatedByCustomer_WhenCurrentUserIsSalesRepOfOrganisationThatTakesTheOrder_ThenAccessIsGranted()
        {
            var customer = new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer");
            var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;

            new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();

            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
            var customerContact = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("customerContact").Build();
            new OrganisationContactRelationshipBuilder(this.DatabaseSession)
                .WithContact(customerContact)
                .WithOrganisation(new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer"))
                .Build();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customerContact", "Forms"), new string[0]);

            var order = new SalesOrderBuilder(this.DatabaseSession)
                .WithTakenByInternalOrganisation(internalOrganisation)
                .WithBillToCustomer(customer)
                .WithShipToCustomer(customer)
                .WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
                .Build();

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
        }
コード例 #10
0
ファイル: PurchaseOrderItemTests.cs プロジェクト: Allors/apps
        public void GivenOrderItem_WhenObjectStateIsPartiallyReceived_ThenProductChangeIsNotAllowed()
        {
            var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
            var administrators = new UserGroups(this.DatabaseSession).Administrators;
            administrators.AddMember(administrator);

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            this.InstantiateObjects(this.DatabaseSession);

            var good = new GoodBuilder(this.DatabaseSession)
                .WithSku("10101")
                .WithName("good")
                .WithUnitOfMeasure(new UnitsOfMeasure(this.DatabaseSession).Piece)
                .WithInventoryItemKind(new InventoryItemKinds(this.DatabaseSession).NonSerialized)
                .WithVatRate(new VatRates(this.DatabaseSession).FindBy(VatRates.Meta.Rate,21))
                .Build();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);

            var item = new PurchaseOrderItemBuilder(this.DatabaseSession)
                .WithProduct(good)
                .WithQuantityOrdered(3)
                .WithActualUnitPrice(5)
                .Build();

            this.order.AddPurchaseOrderItem(item);

            this.order.Confirm();

            this.DatabaseSession.Derive(true);

            var shipment = new PurchaseShipmentBuilder(this.DatabaseSession).WithShipFromParty(this.supplier).Build();
            var shipmentItem = new ShipmentItemBuilder(this.DatabaseSession).WithGood(good).Build();
            shipment.AddShipmentItem(shipmentItem);

            new ShipmentReceiptBuilder(this.DatabaseSession)
                .WithQuantityAccepted(1)
                .WithShipmentItem(shipmentItem)
                .WithOrderItem(item)
                .Build();

            shipment.AppsComplete();

            this.DatabaseSession.Derive(true);

            Assert.AreEqual(new PurchaseOrderItemObjectStates(this.DatabaseSession).PartiallyReceived, item.CurrentObjectState);
            var acl = new AccessControlList(item, new Users(this.DatabaseSession).GetCurrentUser());
            Assert.IsFalse(acl.CanWrite(PurchaseOrderItems.Meta.Product));
        }
コード例 #11
0
ファイル: SalesOrderItemTests.cs プロジェクト: Allors/apps
        public void GivenOrderItem_WhenObjectStateIsPartiallyShipped_ThenProductChangeIsNotAllowed()
        {
            var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
            var administrators = new UserGroups(this.DatabaseSession).Administrators;
            administrators.AddMember(administrator);

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            this.InstantiateObjects(this.DatabaseSession);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);

            var inventoryItem = (NonSerializedInventoryItem)this.part.InventoryItemsWherePart[0];
            inventoryItem.AddInventoryItemVariance(new InventoryItemVarianceBuilder(this.DatabaseSession).WithQuantity(1).WithReason(new VarianceReasons(this.DatabaseSession).Unknown).Build());

            this.DatabaseSession.Derive(true);

            var item = new SalesOrderItemBuilder(this.DatabaseSession)
                .WithProduct(this.good)
                .WithQuantityOrdered(3)
                .WithActualUnitPrice(5)
                .Build();

            this.order.AddSalesOrderItem(item);

            this.DatabaseSession.Derive(true);

            this.order.Confirm();

            this.DatabaseSession.Derive(true);

            var shipment = (CustomerShipment)this.order.ShipToAddress.ShipmentsWhereShipToAddress[0];

            var pickList = shipment.ShipmentItems[0].ItemIssuancesWhereShipmentItem[0].PickListItem.PickListWherePickListItem;
            pickList.Picker = new Persons(this.DatabaseSession).FindBy(Persons.Meta.LastName, "orderProcessor");
            pickList.SetPicked();

            this.DatabaseSession.Derive(true);

            var package = new ShipmentPackageBuilder(this.DatabaseSession).Build();
            shipment.AddShipmentPackage(package);

            foreach (ShipmentItem shipmentItem in shipment.ShipmentItems)
            {
                package.AddPackagingContent(new PackagingContentBuilder(this.DatabaseSession).WithShipmentItem(shipmentItem).WithQuantity(shipmentItem.Quantity).Build());
            }

            this.DatabaseSession.Derive(true);

            shipment.Ship();

            this.DatabaseSession.Derive(true);

            Assert.AreEqual(new SalesOrderItemObjectStates(this.DatabaseSession).PartiallyShipped, item.CurrentObjectState);
            var acl = new AccessControlList(item, new Users(this.DatabaseSession).GetCurrentUser());
            Assert.IsFalse(acl.CanWrite(SalesOrderItems.Meta.Product));
        }
コード例 #12
0
ファイル: PurchaseOrderTests.cs プロジェクト: Allors/apps
        public void GivenPurchaseOrderCreatedByProcurementLevel1Role_WhenCurrentUserIsCustomer_ThenAccessIsDenied()
        {
            new PersonBuilder(this.DatabaseSession).WithUserName("customer").WithLastName("customer").Build();
            var supplierContact = new PersonBuilder(this.DatabaseSession).WithUserName("suppliercontact").WithLastName("suppliercontact").Build();
            var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();

            new SupplierRelationshipBuilder(this.DatabaseSession)
                .WithSupplier(supplier)
                .WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
                .WithFromDate(DateTime.UtcNow)
                .Build();

            new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(supplierContact).WithOrganisation(supplier).WithFromDate(DateTime.UtcNow).Build();

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);

            var order = new PurchaseOrderBuilder(this.DatabaseSession).WithTakenViaSupplier(supplier).Build();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customer", "Forms"), new string[0]);
            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.HasReadOperation);
        }
コード例 #13
0
ファイル: PurchaseOrderTests.cs プロジェクト: Allors/apps
        public void GivenPurchaseOrder_WhenTakenViaSupplierChangesValue_ThenAccessPreviousSupplierIsDenied()
        {
            var supplierContact = new PersonBuilder(this.DatabaseSession).WithUserName("suppliercontact").WithLastName("suppliercontact").Build();
            var supplierContact2 = new PersonBuilder(this.DatabaseSession).WithUserName("suppliercontact2").WithLastName("suppliercontact2").Build();
            var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
            var supplier2 = new OrganisationBuilder(this.DatabaseSession).WithName("supplier2").Build();

            new SupplierRelationshipBuilder(this.DatabaseSession)
                .WithSupplier(supplier)
                .WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
                .WithFromDate(DateTime.UtcNow)
                .Build();

            new SupplierRelationshipBuilder(this.DatabaseSession)
                .WithSupplier(supplier2)
                .WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
                .WithFromDate(DateTime.UtcNow)
                .Build();

            new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(supplierContact).WithOrganisation(supplier).WithFromDate(DateTime.UtcNow).Build();
            new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(supplierContact2).WithOrganisation(supplier2).WithFromDate(DateTime.UtcNow).Build();

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);
            var order = new PurchaseOrderBuilder(this.DatabaseSession)
                .WithTakenViaSupplier(supplier)
                .Build();

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact", "Forms"), new string[0]);
            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.CanWrite(PurchaseOrders.Meta.OrderDate));
            Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderDate));
            Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderNumber));
            Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.TotalExVat));
            Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Confirm));

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact2", "Forms"), new string[0]);
            acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.HasReadOperation);

            order.TakenViaSupplier = supplier2;

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact", "Forms"), new string[0]);
            acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.HasReadOperation);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact2", "Forms"), new string[0]);
            acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.CanWrite(PurchaseOrders.Meta.OrderDate));
            Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderDate));
            Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.OrderNumber));
            Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.TotalExVat));
            Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Confirm));
        }
コード例 #14
0
ファイル: SalesInvoiceTests.cs プロジェクト: Allors/apps
        public void GivenSalesInvoice_WhenBillToCustomerChangesValue_ThenAccessPreviousCustomerIsDenied()
        {
            var customer = new Organisations(this.DatabaseSession).FindBy(Organisations.Meta.Name, "customer");
            var customer2 = new OrganisationBuilder(this.DatabaseSession).WithName("customer2").Build();
            var customerContact = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact").WithLastName("customercontact").Build();
            var customerContact2 = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact2").WithLastName("customercontact2").Build();
            var contactMechanism = new PostalAddressBuilder(this.DatabaseSession)
                .WithAddress1("Haverwerf 15")
                .WithPostalBoundary(new PostalBoundaryBuilder(this.DatabaseSession)
                                        .WithLocality("Mechelen")
                                        .WithCountry(new Countries(this.DatabaseSession).FindBy(Countries.Meta.IsoCode, "BE"))
                                        .Build())

                .Build();

            new CustomerRelationshipBuilder(this.DatabaseSession)
                .WithCustomer(customer2)
                .WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
                .WithFromDate(DateTime.UtcNow.Date)
                .Build();

            new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact).WithOrganisation(customer).WithFromDate(DateTime.UtcNow).Build();
            new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact2).WithOrganisation(customer2).WithFromDate(DateTime.UtcNow).Build();

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("salesRep", "Forms"), new string[0]);
            var invoice = new SalesInvoiceBuilder(this.DatabaseSession)
                .WithBillToCustomer(customer)
                .WithBillToContactMechanism(contactMechanism)
                .WithBilledFromInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
                .Build();

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact", "Forms"), new string[0]);
            var acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.CanWrite(SalesInvoices.Meta.InvoiceDate));
            Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceDate));
            Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceNumber));
            Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.TotalExVat));
            Assert.IsFalse(acl.CanExecute(SalesInvoices.Meta.Send));

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
            acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.HasReadOperation);

            invoice.BillToCustomer = customer2;

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact", "Forms"), new string[0]);
            acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.HasReadOperation);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
            acl = new AccessControlList(invoice, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.CanWrite(SalesInvoices.Meta.InvoiceDate));
            Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceDate));
            Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.InvoiceNumber));
            Assert.IsTrue(acl.CanRead(SalesInvoices.Meta.TotalExVat));
            Assert.IsFalse(acl.CanExecute(SalesInvoices.Meta.Send));
        }
コード例 #15
0
ファイル: PurchaseOrderTests.cs プロジェクト: Allors/apps
        public void GivenPurchaseOrderCreatedByProcurementLevel1Role_WhenCurrentUserInAnotherProcurementLevel1RoleUserGroup_ThenAccessIsDenied()
        {
            var belgium = new Countries(this.DatabaseSession).CountryByIsoCode["BE"];
            var euro = belgium.Currency;

            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
            var mechelenAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();

            var billToMechelen = new PartyContactMechanismBuilder(this.DatabaseSession)
                .WithContactMechanism(mechelenAddress)
                .WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).BillingAddress)
                .WithUseAsDefault(true)
                .Build();

            var bank = new BankBuilder(this.DatabaseSession).WithCountry(belgium).WithName("ING België").WithBic("BBRUBEBB").Build();

            var ownBankAccount = new OwnBankAccountBuilder(this.DatabaseSession)
                .WithDescription("BE23 3300 6167 6391")
                .WithBankAccount(new BankAccountBuilder(this.DatabaseSession).WithBank(bank).WithCurrency(euro).WithIban("BE23 3300 6167 6391").WithNameOnAccount("Koen").Build())
                .Build();

            var purchaser2 = new PersonBuilder(this.DatabaseSession).WithLastName("purchaser2").WithUserName("purchaser2").Build();

            var internalOrganisation = new InternalOrganisationBuilder(this.DatabaseSession)
                .WithName("new internalOrganisation")
                .WithLocale(Singleton.Instance(this.DatabaseSession).DefaultLocale)
                .WithEmployeeRole(new Roles(this.DatabaseSession).Administrator)
                .WithDefaultPaymentMethod(ownBankAccount)
                .WithPreferredCurrency(euro)
                .WithPartyContactMechanism(billToMechelen)
                .Build();

            var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
            new SupplierRelationshipBuilder(this.DatabaseSession).WithSupplier(supplier).WithInternalOrganisation(internalOrganisation).Build();

            new EmploymentBuilder(this.DatabaseSession)
                .WithFromDate(DateTime.UtcNow)
                .WithEmployee(purchaser2)
                .WithEmployer(internalOrganisation)
                .Build();

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);
            var order = new PurchaseOrderBuilder(this.DatabaseSession).WithTakenViaSupplier(supplier).WithShipToBuyer(internalOrganisation).Build();

            this.DatabaseSession.Derive(true);

            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(PurchaseOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser2", "Forms"), new string[0]);
            acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.HasReadOperation);
        }
コード例 #16
0
ファイル: LoadResponseBuilder.cs プロジェクト: whesius/allors
        private object[][] GetRoles(IObject obj)
        {
            var composite = (Composite)obj.Strategy.Class;

            IList<RoleType> roleTypes;
            if (composite.RoleTypesByGroup.TryGetValue(@group, out roleTypes))
            {
                if (roleTypes.Count > 0)
                {
                    AccessControlList acl = null;
                    if (obj is AccessControlledObject)
                    {
                        acl = new AccessControlList(obj, this.user);
                    }

                    var roles = new List<object[]>();
                    foreach (var roleType in roleTypes)
                    {
                        var propertyName = roleType.SingularPropertyName;

                        var canRead = acl == null || acl.CanRead(roleType);
                        var canWrite = acl != null && acl.CanWrite(roleType);
                        var access = ((canRead ? "r" : string.Empty) + (canWrite ? "w" : string.Empty));

                        if (canRead)
                        {
                            if (roleType.ObjectType.IsUnit)
                            {
                                var role = obj.Strategy.GetUnitRole(roleType);
                                if (role != null)
                                {
                                    roles.Add(new[] { propertyName, access, role });
                                }

                            }
                            else
                            {
                                if (roleType.IsOne)
                                {
                                    var role = obj.Strategy.GetCompositeRole(roleType);
                                    if (role != null)
                                    {
                                        roles.Add(new object[] { propertyName, access, role.Id.ToString() });
                                    }
                                }
                                else
                                {
                                    var role = obj.Strategy.GetCompositeRoles(roleType);
                                    if (role.Count != 0)
                                    {
                                        var ids = role.Cast<IObject>().Select(roleObject => roleObject.Id.ToString()).ToList();
                                        roles.Add(new object[] { propertyName, access, ids });
                                    }
                                }

                            }
                        }
                        else
                        {
                            roles.Add(new object[] { propertyName, access });
                        }

                    }

                    return roles.ToArray();
                }
            }

            return EmptyRoles;
        }
コード例 #17
0
ファイル: CustomerShipmentTests.cs プロジェクト: Allors/apps
        public void GivenCustomerShipmentCreatedByOrderProcessor_WhenCurrentUserIsCustomerContact_ThenReadAccessIsGranted()
        {
            var customerContact = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact").WithLastName("customercontact").Build();
            var employee = new PersonBuilder(this.DatabaseSession).WithUserName("employee").WithLastName("employee").Build();
            var customer = new OrganisationBuilder(this.DatabaseSession).WithName("customer").Build();

            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
            var shipToAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();

            new CustomerRelationshipBuilder(this.DatabaseSession)
                .WithCustomer(customer)
                .WithInternalOrganisation(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
                .WithFromDate(DateTime.UtcNow)
                .Build();

            new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact).WithOrganisation(customer).WithFromDate(DateTime.UtcNow).Build();

            new EmploymentBuilder(this.DatabaseSession)
                .WithEmployee(employee)
                .WithEmployer(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
                .WithFromDate(DateTime.UtcNow)
                .Build();

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
            var shipment = new CustomerShipmentBuilder(this.DatabaseSession)
                .WithShipToParty(customer)
                .WithShipToAddress(shipToAddress)
                .WithShipmentMethod(new ShipmentMethods(this.DatabaseSession).Boat)
                .Build();

            this.DatabaseSession.Derive(true);

            var acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
            Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
            Assert.IsTrue(acl.CanExecute(CustomerShipments.Meta.Cancel));

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact", "Forms"), new string[0]);
            acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
            Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
            Assert.IsFalse(acl.CanExecute(CustomerShipments.Meta.Cancel));
        }
コード例 #18
0
ファイル: CustomerShipmentTests.cs プロジェクト: Allors/apps
        public void GivenCustomerShipmentCreatedByOrderProcessor_WhenCurrentUserInSameOrderProcessorUserGroup_ThenAccessIsGranted()
        {
            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
            var orderProcessor2 = new PersonBuilder(this.DatabaseSession).WithLastName("orderProcessor2").WithUserName("orderProcessor2").Build();
            var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");

            var shipToAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();

            var usergroups = internalOrganisation.UserGroupsWhereParty;
            var orderProcessorUserGroup = usergroups.First;

            new EmploymentBuilder(this.DatabaseSession)
                .WithFromDate(DateTime.UtcNow)
                .WithEmployee(orderProcessor2)
                .WithEmployer(internalOrganisation)
                .Build();

            orderProcessorUserGroup.AddMember(orderProcessor2);

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);

            var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").Build();
            var shipment = new CustomerShipmentBuilder(this.DatabaseSession)
                .WithShipToParty(customer)
                .WithShipToAddress(shipToAddress)
                .WithShipmentMethod(new ShipmentMethods(this.DatabaseSession).Boat)
                .Build();

            this.DatabaseSession.Derive(true);

            var acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
            Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
            Assert.IsTrue(acl.CanExecute(CustomerShipments.Meta.Cancel));

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor2", "Forms"), new string[0]);
            acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(CustomerShipments.Meta.ShipToParty));
            Assert.IsTrue(acl.CanRead(CustomerShipments.Meta.ShipToParty));
            Assert.IsTrue(acl.CanExecute(CustomerShipments.Meta.Cancel));
        }
コード例 #19
0
ファイル: CustomerShipmentTests.cs プロジェクト: Allors/apps
        public void GivenCustomerShipment_WhenObjectStateIsShipped_ThenCheckTransitions()
        {
            var assessable = new VatRegimes(this.DatabaseSession).Assessable;
            var vatRate21 = new VatRateBuilder(this.DatabaseSession).WithRate(0).Build();
            assessable.VatRate = vatRate21;

            var good1 = new GoodBuilder(this.DatabaseSession)
                .WithSku("10101")
                .WithVatRate(vatRate21)
                .WithName("good1")
                .WithInventoryItemKind(new InventoryItemKinds(this.DatabaseSession).NonSerialized)
                .WithUnitOfMeasure(new UnitsOfMeasure(this.DatabaseSession).Piece)
                .Build();

            var inventoryItem = new NonSerializedInventoryItemBuilder(this.DatabaseSession).WithGood(good1).Build();
            inventoryItem.AddInventoryItemVariance(new InventoryItemVarianceBuilder(this.DatabaseSession).WithQuantity(100).WithReason(new VarianceReasons(this.DatabaseSession).Ruined).Build());

            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
            var mechelenAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();

            var shipToMechelen = new PartyContactMechanismBuilder(this.DatabaseSession)
                .WithContactMechanism(mechelenAddress)
                .WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).ShippingAddress)
                .WithUseAsDefault(true)
                .Build();

            var billToMechelen = new PartyContactMechanismBuilder(this.DatabaseSession)
                .WithContactMechanism(mechelenAddress)
                .WithContactPurpose(new ContactMechanismPurposes(this.DatabaseSession).BillingAddress)
                .WithUseAsDefault(true)
                .Build();

            var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").WithPartyContactMechanism(shipToMechelen).WithPartyContactMechanism(billToMechelen).Build();
            var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
            new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();

            this.DatabaseSession.Derive(true);

            var order = new SalesOrderBuilder(this.DatabaseSession)
                .WithBillToCustomer(customer)
                .WithShipToCustomer(customer)
                .WithVatRegime(assessable)
                .Build();

            var item1 = new SalesOrderItemBuilder(this.DatabaseSession).WithProduct(good1).WithQuantityOrdered(1).WithActualUnitPrice(15).Build();
            order.AddSalesOrderItem(item1);

            this.DatabaseSession.Derive(true);

            order.Confirm();

            this.DatabaseSession.Derive(true);

            var shipment = (CustomerShipment)item1.OrderShipmentsWhereSalesOrderItem[0].ShipmentItem.ShipmentWhereShipmentItem;

            var pickList = shipment.ShipmentItems[0].ItemIssuancesWhereShipmentItem[0].PickListItem.PickListWherePickListItem;
            pickList.Picker = new Persons(this.DatabaseSession).FindBy(Persons.Meta.LastName, "orderProcessor");

            pickList.SetPicked();

            var package = new ShipmentPackageBuilder(this.DatabaseSession).Build();
            shipment.AddShipmentPackage(package);

            foreach (ShipmentItem shipmentItem in shipment.ShipmentItems)
            {
                package.AddPackagingContent(new PackagingContentBuilder(this.DatabaseSession).WithShipmentItem(shipmentItem).WithQuantity(shipmentItem.Quantity).Build());
            }

            this.DatabaseSession.Derive(true);

            shipment.Ship();

            var acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
            Assert.AreEqual(new CustomerShipmentObjectStates(this.DatabaseSession).Shipped, shipment.CurrentObjectState);
            Assert.IsFalse(acl.CanExecute(CustomerShipments.Meta.Cancel));
            Assert.IsFalse(acl.CanWrite(CustomerShipments.Meta.HandlingInstruction));
        }
コード例 #20
0
ファイル: CustomerShipmentTests.cs プロジェクト: Allors/apps
        public void GivenCustomerShipment_WhenObjectStateIsCreated_ThenCheckTransitions()
        {
            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
            var shipToAddress = new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);

            var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").Build();

            var shipment = new CustomerShipmentBuilder(this.DatabaseSession)
                .WithShipToParty(customer)
                .WithShipToAddress(shipToAddress)
                .WithShipmentMethod(new ShipmentMethods(this.DatabaseSession).Ground)
                .Build();

            this.DatabaseSession.Derive(true);

            var acl = new AccessControlList(shipment, new Users(this.DatabaseSession).GetCurrentUser());
            Assert.IsTrue(acl.CanExecute(CustomerShipments.Meta.Cancel));
        }
コード例 #21
0
ファイル: PurchaseOrderTests.cs プロジェクト: Allors/apps
        public void GivenPurchaseOrderCreatedByProcurementLevel1Role_WhenCurrentUserInAdministratorRole_ThenAccessIsGranted()
        {
            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);

            var order = new PurchaseOrderBuilder(this.DatabaseSession).Build();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("administrator", "Forms"), new string[0]);
            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(PurchaseOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));
        }
コード例 #22
0
ファイル: PickListTests.cs プロジェクト: Allors/apps
        public void GivenPickListCreatedByOrderProcessor_WhenCurrentUserInSameOrderProcessorUserGroup_ThenAccessIsGranted()
        {
            var orderProcessor2 = new PersonBuilder(this.DatabaseSession).WithLastName("orderProcessor2").WithUserName("orderProcessor2").Build();
            var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");

            var usergroups = internalOrganisation.UserGroupsWhereParty;
            usergroups.Filter.AddEquals(UserGroups.Meta.Parent, new Roles(this.DatabaseSession).Operations.UserGroupWhereRole);
            var orderProcessorUserGroup = usergroups.First;

            new EmploymentBuilder(this.DatabaseSession)
                .WithFromDate(DateTime.UtcNow)
                .WithEmployee(orderProcessor2)
                .WithEmployer(internalOrganisation)
                .Build();

            orderProcessorUserGroup.AddMember(orderProcessor2);

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);
            var pickList = new PickListBuilder(this.DatabaseSession).Build();

            this.DatabaseSession.Derive(true);

            var acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(PickLists.Meta.Picker));
            Assert.IsTrue(acl.CanRead(PickLists.Meta.Picker));
            Assert.IsTrue(acl.CanExecute(PickLists.Meta.Cancel));

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor2", "Forms"), new string[0]);
            acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(PickLists.Meta.Picker));
            Assert.IsTrue(acl.CanRead(PickLists.Meta.Picker));
            Assert.IsTrue(acl.CanExecute(PickLists.Meta.Cancel));
        }
コード例 #23
0
ファイル: PurchaseOrderTests.cs プロジェクト: Allors/apps
        public void GivenPurchaseOrderCreatedByProcurementLevel1Role_WhenCurrentUserInSameProcurementLevel1RoleUserGroup_ThenAccessIsGranted()
        {
            var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
            var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
            new SupplierRelationshipBuilder(this.DatabaseSession).WithSupplier(supplier).WithInternalOrganisation(internalOrganisation).Build();

            var purchaser2 = new PersonBuilder(this.DatabaseSession).WithLastName("purchaser2").WithUserName("purchaser2").Build();

            new EmploymentBuilder(this.DatabaseSession)
                .WithFromDate(DateTime.UtcNow)
                .WithEmployee(purchaser2)
                .WithEmployer(internalOrganisation)
                .Build();

            var usergroups = internalOrganisation.UserGroupsWhereParty;
            var userGroup = usergroups.First;

            userGroup.AddMember(purchaser2);

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser", "Forms"), new string[0]);
            var order = new PurchaseOrderBuilder(this.DatabaseSession).WithTakenViaSupplier(supplier).Build();

            this.DatabaseSession.Derive(true);

            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("purchaser2", "Forms"), new string[0]);
            acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(PurchaseOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(PurchaseOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Confirm));
        }
コード例 #24
0
ファイル: PickListTests.cs プロジェクト: Allors/apps
        public void GivenPickList_WhenObjectStateIsPicked_ThenCheckTransitions()
        {
            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);

            var pickList = new PickListBuilder(this.DatabaseSession).Build();

            this.DatabaseSession.Derive(true);

            pickList.SetPicked();

            this.DatabaseSession.Derive(true);

            var acl = new AccessControlList(pickList, new Users(this.DatabaseSession).GetCurrentUser());
            Assert.IsFalse(acl.CanExecute(PickLists.Meta.Cancel));
            Assert.IsFalse(acl.CanExecute(PickLists.Meta.SetPicked));
        }
コード例 #25
0
ファイル: PurchaseOrderTests.cs プロジェクト: Allors/apps
        public void GivenPurchaseOrder_WhenObjectStateIsOnHold_ThenCheckTransitions()
        {
            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("orderProcessor", "Forms"), new string[0]);

            var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();
            var internalOrganisation = new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation");
            new SupplierRelationshipBuilder(this.DatabaseSession).WithSupplier(supplier).WithInternalOrganisation(internalOrganisation).Build();

            var order = new PurchaseOrderBuilder(this.DatabaseSession)
                .WithTakenViaSupplier(supplier)
                .WithBillToPurchaser(internalOrganisation)
                .Build();

            order.Confirm();

            this.DatabaseSession.Derive(true);

            order.Hold();

            this.DatabaseSession.Derive(true);

            Assert.AreEqual(new PurchaseOrderObjectStates(this.DatabaseSession).OnHold, order.CurrentObjectState);
            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
            Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Cancel));
            Assert.IsTrue(acl.CanExecute(PurchaseOrders.Meta.Continue));
            Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Confirm));
            Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Reject));
            Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Approve));
            Assert.IsFalse(acl.CanExecute(PurchaseOrders.Meta.Hold));
        }
コード例 #26
0
ファイル: SalesOrderTests.cs プロジェクト: Allors/apps
        public void GivenSalesOrder_WhenCustomerChangesValue_ThenAccessPreviousCustomerIsDenied()
        {
            var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;
            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
            var customerContact1 = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact1").WithLastName("customercontact1").Build();
            var customerContact2 = new PersonBuilder(this.DatabaseSession).WithUserName("customercontact2").WithLastName("customercontact2").Build();
            var employee = new PersonBuilder(this.DatabaseSession).WithUserName("employee").WithLastName("employee").Build();
            var customer1 = new OrganisationBuilder(this.DatabaseSession).WithName("customer1").Build();
            var customer2 = new OrganisationBuilder(this.DatabaseSession).WithName("customer2").Build();

            new CustomerRelationshipBuilder(this.DatabaseSession)
                .WithCustomer(customer1)
                .WithInternalOrganisation(internalOrganisation)
                .WithFromDate(DateTime.UtcNow)
                .Build();

            new CustomerRelationshipBuilder(this.DatabaseSession)
                .WithCustomer(customer2)
                .WithInternalOrganisation(internalOrganisation)
                .WithFromDate(DateTime.UtcNow)
                .Build();

            new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact1).WithOrganisation(customer1).WithFromDate(DateTime.UtcNow).Build();
            new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(customerContact2).WithOrganisation(customer2).WithFromDate(DateTime.UtcNow).Build();

            new EmploymentBuilder(this.DatabaseSession)
                .WithEmployee(employee)
                .WithEmployer(new InternalOrganisations(this.DatabaseSession).FindBy(InternalOrganisations.Meta.Name, "internalOrganisation"))
                .WithFromDate(DateTime.UtcNow)
                .Build();

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("employee", "Forms"), new string[0]);
            var order = new SalesOrderBuilder(this.DatabaseSession)
                .WithTakenByInternalOrganisation(internalOrganisation)
                .WithShipToCustomer(customer1)
                .WithBillToCustomer(customer1)
                .WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
                .Build();

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact1", "Forms"), new string[0]);
            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
            acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.HasReadOperation);

            order.BillToCustomer = customer2;

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact1", "Forms"), new string[0]);
            acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
            acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));

            order.ShipToCustomer = customer2;

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact1", "Forms"), new string[0]);
            acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.HasReadOperation);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customercontact2", "Forms"), new string[0]);
            acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
        }
コード例 #27
0
ファイル: SaveResponseBuilder.cs プロジェクト: whesius/allors
        public SaveResponse Build()
        {
            if (this.saveRequest.Objects == null || this.saveRequest.Objects.Length == 0)
            {
                return new SaveResponse { HasErrors = false };
            }

            // bulk load all objects
            var objectIds = saveRequest.Objects.Select(v => v.I).ToArray();
            this.session.Instantiate(objectIds);

            var accessErrorRoleTypesByObject = new Dictionary<IObject, IList<RoleType>>();

            foreach (var saveRequestObject in saveRequest.Objects)
            {
                var obj = this.session.Instantiate(saveRequestObject.I);
                var composite = (Composite)obj.Strategy.Class;
                var roleTypes = composite.RoleTypesByGroup[@group];

                var acl = new AccessControlList(obj, this.user);

                foreach (var saveRequestRole in saveRequestObject.Roles)
                {
                    var roleTypeName = saveRequestRole.T;
                    var roleType = roleTypes.FirstOrDefault(v => v.SingularPropertyName.Equals(roleTypeName));

                    if (roleType != null)
                    {
                        if (acl.CanWrite(roleType))
                        {
                            if (roleType.ObjectType.IsUnit)
                            {
                                var role = saveRequestRole.S;
                                obj.Strategy.SetUnitRole(roleType, role);
                            }
                            else
                            {
                                if (roleType.IsOne)
                                {
                                    var roleId = (string)saveRequestRole.S;
                                    if (string.IsNullOrEmpty(roleId))
                                    {
                                        obj.Strategy.RemoveCompositeRole(roleType);
                                    }
                                    else
                                    {
                                        var role = this.session.Instantiate(roleId);
                                        // TODO: log error if role is null
                                        obj.Strategy.SetCompositeRole(roleType, role);
                                    }

                                }
                                else
                                {
                                    // Set
                                    if (saveRequestRole.S!=null)
                                    {
                                        var roleIds = (string[])saveRequestRole.S;
                                        if (roleIds.Length == 0)
                                        {
                                            obj.Strategy.RemoveCompositeRole(roleType);
                                        }
                                        else
                                        {
                                            var roles = this.session.Instantiate(roleIds);
                                            // TODO: log error if roles are missing
                                            obj.Strategy.SetCompositeRoles(roleType, roles);
                                        }
                                    }

                                    // Add
                                    if (saveRequestRole.A != null)
                                    {
                                        var roleIds = saveRequestRole.A;
                                        if (roleIds.Length != 0)
                                        {
                                            var roles = this.session.Instantiate(roleIds);
                                            // TODO: log error if roles are missing
                                            foreach (var role in roles)
                                            {
                                                obj.Strategy.AddCompositeRole(roleType, role);

                                            }

                                        }
                                    }

                                    // Remove
                                    if (saveRequestRole.R != null)
                                    {
                                        var roleIds = saveRequestRole.R;
                                        if (roleIds.Length != 0)
                                        {
                                            var roles = this.session.Instantiate(roleIds);
                                            // TODO: log error if roles are missing
                                            foreach (var role in roles)
                                            {
                                                obj.Strategy.RemoveCompositeRole(roleType, role);

                                            }

                                        }
                                    }
                                }
                            }

                        }
                        else
                        {
                            IList<RoleType> accessErrorRoleTypes;
                            if (!accessErrorRoleTypesByObject.TryGetValue(obj, out accessErrorRoleTypes))
                            {
                                accessErrorRoleTypes = new List<RoleType>();
                                accessErrorRoleTypesByObject.Add(obj, accessErrorRoleTypes);
                            }

                            accessErrorRoleTypes.Add(roleType);
                        }

                    }
                }
            }

            var derivationLog = this.session.Derive();

            var saveResponse = new SaveResponse
            {
                Errors = GetObjects(derivationLog, accessErrorRoleTypesByObject)
            };

            saveResponse.HasErrors = saveResponse.Errors.Count > 0;

            if (!saveResponse.HasErrors)
            {
                this.session.Commit();
            }

            return saveResponse;
        }
コード例 #28
0
ファイル: SalesOrderTests.cs プロジェクト: Allors/apps
        public void GivenSalesOrder_WhenObjectStateIsRejected_ThenCheckTransitions()
        {
            var customer = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("customer").Build();
            var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;

            new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();

            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customer", "Forms"), new string[0]);

            var order = new SalesOrderBuilder(this.DatabaseSession)
                .WithBillToCustomer(customer)
                .WithShipToCustomer(customer)
                .WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
                .Build();

            this.DatabaseSession.Derive(true);

            order.Reject();

            this.DatabaseSession.Derive(true);

            Assert.AreEqual(new SalesOrderObjectStates(this.DatabaseSession).Rejected, order.CurrentObjectState);
            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());
            Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Confirm));
            Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Cancel));
            Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Reject));
            Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Approve));
            Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Continue));
            Assert.IsFalse(acl.CanExecute(SalesOrders.Meta.Hold));
        }
コード例 #29
0
ファイル: PurchaseOrderItemTests.cs プロジェクト: Allors/apps
        public void GivenOrderItem_WhenObjectStateIsRejected_ThenItemMayNotBeCancelledOrRejectedOrDeleted()
        {
            var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
            var administrators = new UserGroups(this.DatabaseSession).Administrators;
            administrators.AddMember(administrator);

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            this.InstantiateObjects(this.DatabaseSession);

            var good = new GoodBuilder(this.DatabaseSession)
                .WithSku("10101")
                .WithName("good")
                .WithUnitOfMeasure(new UnitsOfMeasure(this.DatabaseSession).Piece)
                .WithInventoryItemKind(new InventoryItemKinds(this.DatabaseSession).NonSerialized)
                .WithVatRate(new VatRates(this.DatabaseSession).FindBy(VatRates.Meta.Rate,21))
                .Build();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);

            var item = new PurchaseOrderItemBuilder(this.DatabaseSession)
                .WithProduct(good)
                .WithQuantityOrdered(3)
                .WithActualUnitPrice(5)
                .Build();

            this.order.AddPurchaseOrderItem(item);

            this.DatabaseSession.Derive(true);

            item.Reject();

            this.DatabaseSession.Derive(true);

            Assert.AreEqual(new PurchaseOrderItemObjectStates(this.DatabaseSession).Rejected, item.CurrentObjectState);
            var acl = new AccessControlList(item, new Users(this.DatabaseSession).GetCurrentUser());
            Assert.IsFalse(acl.CanExecute(PurchaseOrderItems.Meta.Cancel));
            Assert.IsFalse(acl.CanExecute(PurchaseOrderItems.Meta.Reject));
            Assert.IsFalse(acl.CanExecute(PurchaseOrderItems.Meta.Delete));
        }
コード例 #30
0
ファイル: SalesOrderTests.cs プロジェクト: Allors/apps
        public void GivenSalesOrderCreatedByCustomer_WhenCurrentUserInAdministratorRole_ThenAccessIsGranted()
        {
            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
            var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").WithUserName("customer").Build();
            var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;

            new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();

            var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
            var administrators = new UserGroups(this.DatabaseSession).Administrators;
            administrators.AddMember(administrator);
            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customer", "Forms"), new string[0]);

            var order = new SalesOrderBuilder(this.DatabaseSession)
                .WithBillToCustomer(customer)
                .WithShipToCustomer(customer)
                .WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
                .Build();

            this.DatabaseSession.Derive(true);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);
            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsTrue(acl.CanWrite(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanRead(SalesOrders.Meta.Comment));
            Assert.IsTrue(acl.CanExecute(SalesOrders.Meta.Confirm));
        }
コード例 #31
0
ファイル: SalesOrderItemTests.cs プロジェクト: Allors/apps
        public void GivenOrderItem_WhenObjectStateIsRejected_ThenItemMayNotBeCancelledOrRejectedOrDeleted()
        {
            var administrator = new PersonBuilder(this.DatabaseSession).WithFirstName("Koen").WithUserName("admin").Build();
            var administrators = new UserGroups(this.DatabaseSession).Administrators;
            administrators.AddMember(administrator);

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            this.InstantiateObjects(this.DatabaseSession);

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin", "Forms"), new string[0]);

            var item = new SalesOrderItemBuilder(this.DatabaseSession)
                .WithProduct(this.good)
                .WithQuantityOrdered(3)
                .WithActualUnitPrice(5)
                .Build();

            this.order.AddSalesOrderItem(item);

            this.DatabaseSession.Derive(true);

            item.Reject();

            this.DatabaseSession.Derive(true);

            Assert.AreEqual(new SalesOrderItemObjectStates(this.DatabaseSession).Rejected, item.CurrentObjectState);
            var acl = new AccessControlList(item, new Users(this.DatabaseSession).GetCurrentUser());
            Assert.IsFalse(acl.CanExecute(SalesOrderItems.Meta.Cancel));
            Assert.IsFalse(acl.CanExecute(SalesOrderItems.Meta.Reject));
        }
コード例 #32
0
ファイル: SalesOrderTests.cs プロジェクト: Allors/apps
        public void GivenSalesOrderCreatedByCustomer_WhenCurrentUserInSupplierRole_ThenAccessIsDenied()
        {
            var customer = new PersonBuilder(this.DatabaseSession).WithLastName("customer").WithUserName("customer").Build();
            var internalOrganisation = Singleton.Instance(this.DatabaseSession).DefaultInternalOrganisation;

            new CustomerRelationshipBuilder(this.DatabaseSession).WithFromDate(DateTime.UtcNow).WithCustomer(customer).WithInternalOrganisation(internalOrganisation).Build();

            var mechelen = new CityBuilder(this.DatabaseSession).WithName("Mechelen").Build();
            var supplierContact = new PersonBuilder(this.DatabaseSession).WithLastName("suppliercontact").WithUserName("suppliercontact").Build();
            var supplier = new OrganisationBuilder(this.DatabaseSession).WithName("supplier").Build();

            new SupplierRelationshipBuilder(this.DatabaseSession)
                .WithSupplier(supplier)
                .WithInternalOrganisation(internalOrganisation)
                .WithFromDate(DateTime.UtcNow)
                .Build();

            new OrganisationContactRelationshipBuilder(this.DatabaseSession).WithContact(supplierContact).WithOrganisation(supplier).WithFromDate(DateTime.UtcNow).Build();

            this.DatabaseSession.Derive(true);
            this.DatabaseSession.Commit();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("customer", "Forms"), new string[0]);
            var order = new SalesOrderBuilder(this.DatabaseSession)
                .WithBillToCustomer(customer)
                .WithShipToCustomer(customer)
                .WithShipToAddress(new PostalAddressBuilder(this.DatabaseSession).WithGeographicBoundary(mechelen).WithAddress1("Haverwerf 15").Build())
                .Build();

            Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("suppliercontact", "Forms"), new string[0]);
            var acl = new AccessControlList(order, new Users(this.DatabaseSession).GetCurrentUser());

            Assert.IsFalse(acl.HasReadOperation);
        }