public void Role_Flatten() { Role a = new Role { Name = "A" }; Role b = new Role { Name = "B" }; Role c = new Role { Name = "C" }; Role d = new Role { Name = "D" }; MakeMember(a, b); MakeMember(b, c); MakeMember(a, d); MakeMember(c, d); var flat = a.Flatten().Distinct().ToArray(); Assert.AreEqual(4, flat.Length, "Should have 4 roles total"); foreach (var name in new[] { "A", "B", "C", "D" }) { Assert.IsNotNull(flat.SingleOrDefault(f => f.Name == name)); } }
public void AuthIdentity_HasPermission_1() { TestStore store = ((TestStore)DevWebsiteDataInitializer.FillDefaultDevSet(new TestStore())).FixupReferences(); User user = PopulateAuthData(store); // Find a member and their organization SarMember member = store.Members.First(f => f.Memberships.Count > 0); var orgId = member.Memberships.First().OrganizationId; // Create a new role and put our test user in that role Role testRole = new Role { Name = "testrole" }; RoleUserMembership ru = new RoleUserMembership { Role = testRole, User = user }; testRole.Users.Add(ru); user.Roles.Add(ru); store.Roles.Add(testRole); var tmp = member.Memberships.Select(f => f.OrganizationId).ToArray(); // Give the role permissions to edit members in org Authorization auth = new Authorization { Role = testRole, RoleId = testRole.Id, Permission = PermissionType.EditMember, Scope = orgId }; store.Authorization.Add(auth); AuthIdentityTestService service = new AuthIdentityTestService(user.Username, store); Assert.IsTrue(service.HasPermission(PermissionType.EditMember, member.Id)); }
private User PopulateAuthData(TestStore store) { User user = new User { Username = "******" }; store.Users.Add(user); Role parent = new Role { Name = "Parent" }; Role child = new Role { Name = "Child" }; store.Roles.Add(parent); store.Roles.Add(child); RoleTests.MakeMember(parent, child); RoleUserMembership ru = new RoleUserMembership { User = user, Role = parent }; parent.Users.Add(ru); user.Roles.Add(ru); Authorization auth = new Authorization { Permission = PermissionType.EditMember, Role = child, RoleId = child.Id }; store.Authorization.Add(auth); return user; }
public virtual void CreateRole(RoleKey role, bool system, RoleKey? parent) { if (string.IsNullOrWhiteSpace(role.Name)) { throw new ArgumentException("role", "Role name cannot be null or empty"); } using (var ctx = storeFactory.Create(this.UserLogin)) { Role newRole = ctx.Roles.SingleOrDefault(f => f.Name == role.Name && f.OrganizationId == role.OrgId); if (newRole != null) throw new InvalidOperationException("Role " + role.Name + " already exists"); newRole = new Role { Name = role.Name, OrganizationId = role.OrgId, SystemRole = system, }; if (parent != null) { if (string.IsNullOrWhiteSpace(parent.Value.Name)) { throw new ArgumentException("parent", "Parent role name cannot be null or empty"); } RoleKey p = parent.Value; var query = ctx.Roles.Where(f => f.Name == p.Name && f.OrganizationId == p.OrgId); //if (parent.Value.OrgId.HasValue) //{ // Guid workaround = parent.Value.OrgId.Value; // query = query.Where(f => f.Organization.Id == workaround); //} //else //{ // query = query.Where(f => f.Organization == null); //} Role parentRole = query.SingleOrDefault(); if (parentRole == null) { throw new InvalidOperationException("Parent role does not exist"); } else { newRole.MemberOfRoles.Add(new RoleRoleMembership { Parent = parentRole, Child = newRole, IsSystem = system }); } } ctx.Roles.Add(newRole); ctx.SaveChanges(); } }
public static string InitializeSystemSecurity(this IDataStoreService ctx) { string adminGroup = AuthIdentityService.ADMIN_ROLE; string password = null; Role adminRole = ctx.Roles.IncludePaths("Users").SingleOrDefault(f => f.Name == adminGroup && f.Organization == null); if (adminRole == null) { adminRole = new Role { Name = adminGroup, SystemRole = true }; ctx.Roles.Add(adminRole); } User admin = ctx.Users.SingleOrDefault(f => f.Username == "admin"); if (admin == null) { password = Membership.GeneratePassword(8, 2); admin = AuthIdentityService.CreateAdminUser(password); ctx.Users.Add(admin); } else { password = AuthIdentityService.ResetPassword(admin); } if (!adminRole.Users.Any(f => f.User.Username == admin.Username)) { adminRole.Users.Add(new RoleUserMembership { User = admin, Role = adminRole, IsSystem = true }); } foreach (string name in new[] { AuthIdentityService.EVERYONE_ROLE, AuthIdentityService.USERS_ROLE, AuthIdentityService.MISSION_VIEWERS_ROLE }) { Role role = ctx.Roles.SingleOrDefault(f => f.Name == name); if (role == null) { role = new Role { Name = name, SystemRole = true }; ctx.Roles.Add(role); } } ctx.Authorization.Add(new Authorization { Permission = PermissionType.SiteAdmin, Role = adminRole }); ctx.SaveChanges(); return password; }
public static void InitializeOrganizationSecurity(this IDataStoreService ctx, Organization org, User admin) { org.AdminAccount = (admin == null) ? "setup" : admin.Username; var usersRole = new Role { Name = "Members", OrganizationId = org.Id, SystemRole = true }; var adminRole = new Role { Name = "Administrators", OrganizationId = org.Id, SystemRole = true }; adminRole.MemberOfRoles.Add(new RoleRoleMembership { Parent = usersRole, Child = adminRole, IsSystem = true }); var siteAdmin = ctx.Roles.Single(f => f.Name == AuthIdentityService.ADMIN_ROLE && f.OrganizationId == null); siteAdmin.MemberOfRoles.Add(new RoleRoleMembership { Parent = adminRole, Child = siteAdmin, IsSystem = true }); if (admin != null) { adminRole.Users.Add(new RoleUserMembership { Role = adminRole, User = admin }); } ctx.Roles.Add(adminRole); ctx.Roles.Add(usersRole); ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.AdminOrganization, IsSystem = true }); ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.AddOrganizationMembers, IsSystem = true }); ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.EditMember, IsSystem = true }); ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.EditMemberContacts, IsSystem = true }); ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.ViewMemberDetail, IsSystem = true }); ctx.Authorization.Add(new Authorization { Role = adminRole, Scope = org.Id, Permission = PermissionType.ViewMemberStandard, IsSystem = true }); ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewOrganizationBasic, IsSystem = true }); ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewOrganizationDetail, IsSystem = true }); ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ListOrganization, IsSystem = true }); ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewMemberStandard, IsSystem = false }); ctx.Authorization.Add(new Authorization { Role = usersRole, Scope = org.Id, Permission = PermissionType.ViewMemberBasic, IsSystem = false }); }
public static void MakeMember(Role aMemberOf, Role isAlsoAMemberOf) { RoleRoleMembership ab = new RoleRoleMembership { Parent = isAlsoAMemberOf, Child = aMemberOf }; isAlsoAMemberOf.MemberRoles.Add(ab); aMemberOf.MemberOfRoles.Add(ab); }