protected override bool AuthorizeCore(HttpContextBase httpContext) { var pdp = new PDP(); string action = httpContext.Request.HttpMethod; string username = httpContext.User.Identity.Name; string resource = httpContext.Request.Url.AbsolutePath; if (!_caseSensitive) { action = action.ToLower(); resource = resource.ToLower(); } try { return pdp.IsUserAuthorized(username, action, resource); } catch (Exception e) { if (!(e is ActionNotFoundException) && !(e is ResourceNotFoundException)) { throw; } // Action or resource unknown to the policy repository. Forward to default AuthorizeAttribute implementation. System.Diagnostics.Debug.WriteLine(e.Message); return base.AuthorizeCore(httpContext); } }
static void isActionAllowedOfUserWithResourceTest(PDP lib) { String userName = "******"; String resourceName = "/folder/file1.txt"; String actionName = "Criar ficheiros e pastas"; if (!lib.IsUserAuthorized(userName, actionName, resourceName)) Console.WriteLine("O utilizador {0} não tem permissão {1} sobre o recurso {2}.", userName, actionName, resourceName); else Console.WriteLine("O utilizador {0} tem permissão {1} sobre o recurso {2}.", userName, actionName, resourceName); }
public void IsUserAuthorizedForUnknownUserReturnsFalse() { var pdp = new PDP(); Assert.That(pdp.IsUserAuthorized("Unknown user", "Executar ficheiros", "/folder"), Is.False); }
public void IsUserAuthorizedForUnknownResourceThrowsResourceNotFoundException() { var pdp = new PDP(); Assert.That(() => pdp.IsUserAuthorized("Ricardo", "Executar ficheiros", "unknown resource"), Throws.TypeOf<ResourceNotFoundException>()); }
public void IsUserAuthorizedForUnknownActionThrowsActionNotFoundException() { var pdp = new PDP(); Assert.That(() => pdp.IsUserAuthorized("Ricardo", "unknown action", "/folder"), Throws.TypeOf<ActionNotFoundException>()); }