public void Role_Flatten()
{
Role a = new Role { Name = "A" };
Role b = new Role { Name = "B" };
Role c = new Role { Name = "C" };
Role d = new Role { Name = "D" };
MakeMember(a, b);
MakeMember(b, c);
MakeMember(a, d);
MakeMember(c, d);
var flat = a.Flatten().Distinct().ToArray();
Assert.AreEqual(4, flat.Length, "Should have 4 roles total");
foreach (var name in new[] { "A", "B", "C", "D" })
{
Assert.IsNotNull(flat.SingleOrDefault(f => f.Name == name));
}
}
public void AuthIdentity_HasPermission_1()
{
TestStore store = ((TestStore)DevWebsiteDataInitializer.FillDefaultDevSet(new TestStore())).FixupReferences();
User user = PopulateAuthData(store);
// Find a member and their organization
SarMember member = store.Members.First(f => f.Memberships.Count > 0);
var orgId = member.Memberships.First().OrganizationId;
// Create a new role and put our test user in that role
Role testRole = new Role { Name = "testrole" };
RoleUserMembership ru = new RoleUserMembership { Role = testRole, User = user };
testRole.Users.Add(ru);
user.Roles.Add(ru);
store.Roles.Add(testRole);
var tmp = member.Memberships.Select(f => f.OrganizationId).ToArray();
// Give the role permissions to edit members in org
Authorization auth = new Authorization { Role = testRole, RoleId = testRole.Id, Permission = PermissionType.EditMember, Scope = orgId };
store.Authorization.Add(auth);
AuthIdentityTestService service = new AuthIdentityTestService(user.Username, store);
Assert.IsTrue(service.HasPermission(PermissionType.EditMember, member.Id));
}
private User PopulateAuthData(TestStore store)
{
User user = new User { Username = "******" };
store.Users.Add(user);
Role parent = new Role { Name = "Parent" };
Role child = new Role { Name = "Child" };
store.Roles.Add(parent);
store.Roles.Add(child);
RoleTests.MakeMember(parent, child);
RoleUserMembership ru = new RoleUserMembership { User = user, Role = parent };
parent.Users.Add(ru);
user.Roles.Add(ru);
Authorization auth = new Authorization { Permission = PermissionType.EditMember, Role = child, RoleId = child.Id };
store.Authorization.Add(auth);
return user;
}
public virtual void CreateRole(RoleKey role, bool system, RoleKey? parent)
{
if (string.IsNullOrWhiteSpace(role.Name))
{
throw new ArgumentException("role", "Role name cannot be null or empty");
}
using (var ctx = storeFactory.Create(this.UserLogin))
{
Role newRole = ctx.Roles.SingleOrDefault(f => f.Name == role.Name && f.OrganizationId == role.OrgId);
if (newRole != null) throw new InvalidOperationException("Role " + role.Name + " already exists");
newRole = new Role
{
Name = role.Name,
OrganizationId = role.OrgId,
SystemRole = system,
};
if (parent != null)
{
if (string.IsNullOrWhiteSpace(parent.Value.Name))
{
throw new ArgumentException("parent", "Parent role name cannot be null or empty");
}
RoleKey p = parent.Value;
var query = ctx.Roles.Where(f => f.Name == p.Name && f.OrganizationId == p.OrgId);
//if (parent.Value.OrgId.HasValue)
//{
// Guid workaround = parent.Value.OrgId.Value;
// query = query.Where(f => f.Organization.Id == workaround);
//}
//else
//{
// query = query.Where(f => f.Organization == null);
//}
Role parentRole = query.SingleOrDefault();
if (parentRole == null)
{
throw new InvalidOperationException("Parent role does not exist");
}
else
{
newRole.MemberOfRoles.Add(new RoleRoleMembership { Parent = parentRole, Child = newRole, IsSystem = system });
}
}
ctx.Roles.Add(newRole);
ctx.SaveChanges();
}
}
public static string InitializeSystemSecurity(this IDataStoreService ctx)
{
string adminGroup = AuthIdentityService.ADMIN_ROLE;
string password = null;
Role adminRole = ctx.Roles.IncludePaths("Users").SingleOrDefault(f => f.Name == adminGroup && f.Organization == null);
if (adminRole == null)
{
adminRole = new Role { Name = adminGroup, SystemRole = true };
ctx.Roles.Add(adminRole);
}
User admin = ctx.Users.SingleOrDefault(f => f.Username == "admin");
if (admin == null)
{
password = Membership.GeneratePassword(8, 2);
admin = AuthIdentityService.CreateAdminUser(password);
ctx.Users.Add(admin);
}
else
{
password = AuthIdentityService.ResetPassword(admin);
}
if (!adminRole.Users.Any(f => f.User.Username == admin.Username))
{
adminRole.Users.Add(new RoleUserMembership { User = admin, Role = adminRole, IsSystem = true });
}
foreach (string name in new[] { AuthIdentityService.EVERYONE_ROLE, AuthIdentityService.USERS_ROLE, AuthIdentityService.MISSION_VIEWERS_ROLE })
{
Role role = ctx.Roles.SingleOrDefault(f => f.Name == name);
if (role == null)
{
role = new Role { Name = name, SystemRole = true };
ctx.Roles.Add(role);
}
}
ctx.Authorization.Add(new Authorization { Permission = PermissionType.SiteAdmin, Role = adminRole });
ctx.SaveChanges();
return password;
}
public static void InitializeOrganizationSecurity(this IDataStoreService ctx, Organization org, User admin)
{
org.AdminAccount = (admin == null) ? "setup" : admin.Username;
var usersRole = new Role { Name = "Members", OrganizationId = org.Id, SystemRole = true };
var adminRole = new Role { Name = "Administrators", OrganizationId = org.Id, SystemRole = true };
adminRole.MemberOfRoles.Add(new RoleRoleMembership { Parent = usersRole, Child = adminRole, IsSystem = true });
var siteAdmin = ctx.Roles.Single(f => f.Name == AuthIdentityService.ADMIN_ROLE && f.OrganizationId == null);
siteAdmin.MemberOfRoles.Add(new RoleRoleMembership { Parent = adminRole, Child = siteAdmin, IsSystem = true });
if (admin != null)
{
adminRole.Users.Add(new RoleUserMembership { Role = adminRole, User = admin });
}
ctx.Roles.Add(adminRole);
ctx.Roles.Add(usersRole);
ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.AdminOrganization, IsSystem = true });
ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.AddOrganizationMembers, IsSystem = true });
ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.EditMember, IsSystem = true });
ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.EditMemberContacts, IsSystem = true });
ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.ViewMemberDetail, IsSystem = true });
ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.ViewMemberStandard, IsSystem = true });
ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewOrganizationBasic, IsSystem = true });
ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewOrganizationDetail, IsSystem = true });
ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ListOrganization, IsSystem = true });
ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewMemberStandard, IsSystem = false });
ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewMemberBasic, IsSystem = false });
}
public static void MakeMember(Role aMemberOf, Role isAlsoAMemberOf)
{
RoleRoleMembership ab = new RoleRoleMembership { Parent = isAlsoAMemberOf, Child = aMemberOf };
isAlsoAMemberOf.MemberRoles.Add(ab);
aMemberOf.MemberOfRoles.Add(ab);
}
