public void MoveToLaterPosition() { var accessType0 = AccessTypeDefinition.NewObject(); var accessType1 = AccessTypeDefinition.NewObject(); var accessType2 = AccessTypeDefinition.NewObject(); var accessType3 = AccessTypeDefinition.NewObject(); var accessType4 = AccessTypeDefinition.NewObject(); var securableClassDefinition = SecurableClassDefinition.NewObject(); securableClassDefinition.AddAccessType(accessType0); securableClassDefinition.AddAccessType(accessType1); securableClassDefinition.AddAccessType(accessType2); securableClassDefinition.AddAccessType(accessType3); securableClassDefinition.AddAccessType(accessType4); securableClassDefinition.MoveAccessType(3, accessType1); Assert.That(securableClassDefinition.AccessTypes, Is.EqualTo(new[] { accessType0, accessType2, accessType3, accessType1, accessType4 })); var references = new SecurableClassDefinitionWrapper(securableClassDefinition).AccessTypeReferences; for (int i = 0; i < references.Count; i++) { Assert.That(((AccessTypeReference)references[i]).Index, Is.EqualTo(i)); } }
public void RemovesPermissionsForRemovedAccessType() { var accessType0 = AccessTypeDefinition.NewObject(); var accessType1 = AccessTypeDefinition.NewObject(); var accessType2 = AccessTypeDefinition.NewObject(); var securableClassDefinition = SecurableClassDefinition.NewObject(); securableClassDefinition.AddAccessType(accessType0); securableClassDefinition.AddAccessType(accessType1); securableClassDefinition.AddAccessType(accessType2); var testHelper = new AccessControlTestHelper(ClientTransaction.Current); var acls = new List <AccessControlList>(); acls.Add(testHelper.CreateStatefulAcl(securableClassDefinition)); acls.Add(testHelper.CreateStatelessAcl(securableClassDefinition)); foreach (var acl in acls) { acl.CreateAccessControlEntry(); } securableClassDefinition.RemoveAccessType(accessType1); foreach (var acl in acls) { var permissions = acl.AccessControlEntries[0].GetPermissions(); Assert.That(permissions.Count, Is.EqualTo(2)); Assert.That(permissions[0].AccessType, Is.SameAs(accessType0)); Assert.That(permissions[1].AccessType, Is.SameAs(accessType2)); } }
public void LeavesPermissionsUntouched() { var accessType0 = AccessTypeDefinition.NewObject(); var accessType1 = AccessTypeDefinition.NewObject(); var securableClassDefinition = SecurableClassDefinition.NewObject(); securableClassDefinition.AddAccessType(accessType0); securableClassDefinition.AddAccessType(accessType1); var testHelper = new AccessControlTestHelper(ClientTransaction.Current); var acls = new List <AccessControlList>(); acls.Add(testHelper.CreateStatefulAcl(securableClassDefinition)); acls.Add(testHelper.CreateStatelessAcl(securableClassDefinition)); foreach (var acl in acls) { var ace = acl.CreateAccessControlEntry(); ace.DenyAccess(accessType0); ace.AllowAccess(accessType1); } securableClassDefinition.MoveAccessType(0, accessType1); foreach (var acl in acls) { var permissions = acl.AccessControlEntries[0].GetPermissions(); Assert.That(permissions.Count, Is.EqualTo(2)); Assert.That(permissions[0].AccessType, Is.SameAs(accessType1)); Assert.That(permissions[0].Allowed, Is.True); Assert.That(permissions[1].AccessType, Is.SameAs(accessType0)); Assert.That(permissions[1].Allowed, Is.False); } }
public void RemovesAccessType() { var accessType0 = AccessTypeDefinition.NewObject(); var accessType1 = AccessTypeDefinition.NewObject(); var accessType2 = AccessTypeDefinition.NewObject(); var accessType3 = AccessTypeDefinition.NewObject(); var accessType4 = AccessTypeDefinition.NewObject(); var securableClassDefinition = SecurableClassDefinition.NewObject(); securableClassDefinition.AddAccessType(accessType0); securableClassDefinition.AddAccessType(accessType1); securableClassDefinition.AddAccessType(accessType2); securableClassDefinition.AddAccessType(accessType3); securableClassDefinition.AddAccessType(accessType4); securableClassDefinition.RemoveAccessType(accessType2); Assert.That(securableClassDefinition.AccessTypes, Is.EqualTo(new[] { accessType0, accessType1, accessType3, accessType4 })); var references = new SecurableClassDefinitionWrapper(securableClassDefinition).AccessTypeReferences; Assert.That(((AccessTypeReference)references[0]).Index, Is.EqualTo(0)); Assert.That(((AccessTypeReference)references[1]).Index, Is.EqualTo(1)); Assert.That(((AccessTypeReference)references[2]).Index, Is.EqualTo(2)); Assert.That(((AccessTypeReference)references[3]).Index, Is.EqualTo(3)); }
public void Import_3AccessTypes() { string metadataXml = @" <securityMetadata xmlns=""http://www.re-motion.org/Security/Metadata/1.0""> <classes /> <stateProperties /> <accessTypes> <accessType id=""1d6d25bc-4e85-43ab-a42d-fb5a829c30d5"" name=""Create|Remotion.Security.GeneralAccessTypes, Remotion.Security"" value=""0"" /> <accessType id=""62dfcd92-a480-4d57-95f1-28c0f5996b3a"" name=""Read|Remotion.Security.GeneralAccessTypes, Remotion.Security"" value=""1"" /> <accessType id=""11186122-6de0-4194-b434-9979230c41fd"" name=""Edit|Remotion.Security.GeneralAccessTypes, Remotion.Security"" value=""2"" /> </accessTypes> <abstractRoles /> </securityMetadata> "; _importer.Import(GetXmlDocument(metadataXml)); using (_testHelper.Transaction.EnterNonDiscardingScope()) { Assert.AreEqual(0, _importer.Classes.Count, "Class count"); Assert.AreEqual(0, _importer.StateProperties.Count, "State property count"); Assert.AreEqual(0, _importer.AbstractRoles.Count, "Abstract role count"); Assert.AreEqual(3, _importer.AccessTypes.Count, "Access type count"); AccessTypeDefinition expectedAccessType1 = _testHelper.CreateAccessTypeCreate(0); MetadataObjectAssert.AreEqual(expectedAccessType1, _importer.AccessTypes[expectedAccessType1.MetadataItemID], "Access Type Create"); AccessTypeDefinition expectedAccessType2 = _testHelper.CreateAccessTypeRead(1); MetadataObjectAssert.AreEqual(expectedAccessType2, _importer.AccessTypes[expectedAccessType2.MetadataItemID], "Access Type Read"); AccessTypeDefinition expectedAccessType3 = _testHelper.CreateAccessTypeEdit(2); MetadataObjectAssert.AreEqual(expectedAccessType3, _importer.AccessTypes[expectedAccessType3.MetadataItemID], "Access Type Edit"); } }
public AccessTypeDefinition CreateJournalizeAccessType() { using (_transaction.EnterNonDiscardingScope()) { return(AccessTypeDefinition.NewObject(Guid.NewGuid(), "Journalize", 42)); } }
public AccessTypeDefinition CreateAccessType(Guid metadataItemID, string name, int value) { using (_transaction.EnterNonDiscardingScope()) { AccessTypeDefinition accessType = AccessTypeDefinition.NewObject(metadataItemID, name, value); return(accessType); } }
public void RemoveAccess(AccessTypeDefinition accessType) { ArgumentUtility.CheckNotNull("accessType", accessType); var permission = GetPermission(accessType); permission.Allowed = null; }
private AccessTypeDefinition CreateAccessType(Guid metadataItemID, string name) { AccessTypeDefinition accessType = AccessTypeDefinition.NewObject(); accessType.MetadataItemID = metadataItemID; accessType.Name = name; return(accessType); }
public void GetAccessTypes_WithMultipleMatchingAces() { AbstractRoleDefinition role1 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "QualityManager", 0); AccessControlEntry ace1 = AccessControlEntry.NewObject(); ace1.SpecificAbstractRole = role1; AccessTypeDefinition readAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Read", 0); AccessTypeDefinition copyAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Copy", 1); AccessTypeDefinition indexAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Index", 2); AccessTypeDefinition moveAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Move", 3); AccessTypeDefinition appendAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Append", 4); AccessTypeDefinition renameAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Rename", 5); AccessTypeDefinition writeAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Write", 6); AccessTypeDefinition deleteAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Delete", 7); AccessTypeDefinition findAccessType = _testHelper.CreateAccessTypeForAce(ace1, null, Guid.NewGuid(), "Find", 8); AbstractRoleDefinition role2 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "SoftwareDeveloper", 1); AccessControlEntry ace2 = AccessControlEntry.NewObject(); ace2.SpecificAbstractRole = role2; _testHelper.AttachAccessType(ace2, readAccessType, true); _testHelper.AttachAccessType(ace2, copyAccessType, false); _testHelper.AttachAccessType(ace2, indexAccessType, null); _testHelper.AttachAccessType(ace2, moveAccessType, true); _testHelper.AttachAccessType(ace2, appendAccessType, false); _testHelper.AttachAccessType(ace2, renameAccessType, null); _testHelper.AttachAccessType(ace2, writeAccessType, true); _testHelper.AttachAccessType(ace2, deleteAccessType, false); _testHelper.AttachAccessType(ace2, findAccessType, null); AccessControlList acl = _testHelper.CreateStatefulAcl(ace1, ace2); SecurityToken token = _testHelper.CreateTokenWithAbstractRole(role1, role2); AccessInformation accessInformation = acl.GetAccessTypes(token); //read y y y //copy y n n //index y - y //move n y n //append n n n //rename n - n //write - y y //delete - n n //find - - - Assert.That( accessInformation.AllowedAccessTypes, Is.EquivalentTo(new[] { readAccessType, indexAccessType, writeAccessType })); Assert.That( accessInformation.DeniedAccessTypes, Is.EquivalentTo(new[] { copyAccessType, moveAccessType, appendAccessType, renameAccessType, deleteAccessType })); }
public AccessTypeDefinition CreateAccessTypeForAce(AccessControlEntry ace, bool?allowAccess, Guid metadataItemID, string name, int value) { using (_transaction.EnterNonDiscardingScope()) { AccessTypeDefinition accessType = AccessTypeDefinition.NewObject(metadataItemID, name, value); AttachAccessType(ace, accessType, allowAccess); return(accessType); } }
public AccessTypeDefinition CreateDeleteAccessTypeAndAttachToAce(AccessControlEntry ace, bool?allowAccess) { using (_transaction.EnterNonDiscardingScope()) { AccessTypeDefinition accessType = CreateDeleteAccessType(); AttachAccessType(ace, accessType, allowAccess); return(accessType); } }
public AccessTypeDefinition AttachJournalizeAccessType(SecurableClassDefinition classDefinition) { using (_transaction.EnterNonDiscardingScope()) { AccessTypeDefinition accessType = CreateJournalizeAccessType(); classDefinition.AddAccessType(accessType); return(accessType); } }
public AccessTypeDefinition AttachAccessType(SecurableClassDefinition classDefinition, Guid metadataItemID, string name, int value) { using (_transaction.EnterNonDiscardingScope()) { AccessTypeDefinition accessType = AccessTypeDefinition.NewObject(metadataItemID, name, value); classDefinition.AddAccessType(accessType); return(accessType); } }
private Permission GetPermission(AccessTypeDefinition accessType) { var permission = FindPermission(accessType); if (permission == null) { throw new ArgumentException( string.Format("The access type '{0}' is not assigned to this access control entry.", accessType.Name), "accessType"); } return(permission); }
public void FailsForIndexGreaterThanNumberOfItems() { var securableClassDefinition = SecurableClassDefinition.NewObject(); securableClassDefinition.Name = "Class"; securableClassDefinition.AddAccessType(AccessTypeDefinition.NewObject()); Assert.That( () => securableClassDefinition.InsertAccessType(2, AccessTypeDefinition.NewObject()), Throws.TypeOf <ArgumentOutOfRangeException>() .And.Message.StartsWith( "The index must not be less than 0 or greater than the total number of access types for the securable class definition.")); }
public void FailsForNonExistentAccessType() { var securableClassDefinition = SecurableClassDefinition.NewObject(); securableClassDefinition.Name = "Class"; securableClassDefinition.AddAccessType(AccessTypeDefinition.NewObject()); securableClassDefinition.AddAccessType(AccessTypeDefinition.NewObject()); Assert.That( () => securableClassDefinition.RemoveAccessType(AccessTypeDefinition.NewObject(Guid.NewGuid(), "Test", 42)), Throws.ArgumentException .And.Message.StartsWith("The access type 'Test' is not associated with the securable class definition.")); }
public AccessTypeDefinition CreateAccessTypeCreate(int index) { using (_transaction.EnterNonDiscardingScope()) { AccessTypeDefinition type = AccessTypeDefinition.NewObject( new Guid("1d6d25bc-4e85-43ab-a42d-fb5a829c30d5"), "Create|Remotion.Security.GeneralAccessTypes, Remotion.Security", 0); type.Index = index; return(type); } }
public void FailsForExistingAccessType() { var accessType = AccessTypeDefinition.NewObject(Guid.NewGuid(), "Test", 42); var securableClassDefinition = SecurableClassDefinition.NewObject(); securableClassDefinition.Name = "Class"; securableClassDefinition.AddAccessType(accessType); Assert.That( () => securableClassDefinition.AddAccessType(accessType), Throws.ArgumentException .And.Message.StartsWith("The access type 'Test' has already been added to the securable class definition.")); }
private SecurableClassDefinition CreateSecurableClassDefinitionWithAccessTypes(int accessTypes) { SecurableClassDefinition classDefinition = CreateOrderSecurableClassDefinition(); for (int i = 0; i < accessTypes; i++) { AccessTypeDefinition accessType = CreateAccessType(Guid.NewGuid(), string.Format("Access Type {0}", i)); accessType.Index = i; classDefinition.AddAccessType(accessType); } return(classDefinition); }
public AccessTypeDefinition CreateAccessTypeEdit(int index) { using (_transaction.EnterNonDiscardingScope()) { AccessTypeDefinition type = AccessTypeDefinition.NewObject( new Guid("11186122-6de0-4194-b434-9979230c41fd"), "Edit|Remotion.Security.GeneralAccessTypes, Remotion.Security", 2); type.Index = index; return(type); } }
public AccessTypeDefinition CreateAccessTypeRead(int index) { using (_transaction.EnterNonDiscardingScope()) { AccessTypeDefinition type = AccessTypeDefinition.NewObject( new Guid("62dfcd92-a480-4d57-95f1-28c0f5996b3a"), "Read|Remotion.Security.GeneralAccessTypes, Remotion.Security", 1); type.Index = index; return(type); } }
public void TouchesSecurableClassDefinition() { var securableClassDefinition = SecurableClassDefinition.NewObject(); using (ClientTransaction.Current.CreateSubTransaction().EnterDiscardingScope()) { securableClassDefinition.EnsureDataAvailable(); Assert.That(securableClassDefinition.State, Is.EqualTo(StateType.Unchanged)); securableClassDefinition.AddAccessType(AccessTypeDefinition.NewObject()); Assert.That(securableClassDefinition.State, Is.EqualTo(StateType.Changed)); } }
public void FailsForIndexLessThanZero() { var accessType = AccessTypeDefinition.NewObject(); var securableClassDefinition = SecurableClassDefinition.NewObject(); securableClassDefinition.Name = "Class"; securableClassDefinition.AddAccessType(AccessTypeDefinition.NewObject()); securableClassDefinition.AddAccessType(accessType); Assert.That( () => securableClassDefinition.MoveAccessType(-1, accessType), Throws.TypeOf <ArgumentOutOfRangeException>() .And.Message.StartsWith( "The index must not be less than 0 or greater than the top index of the access types for the securable class definition.")); }
public void RemoveAccessType(AccessTypeDefinition accessType) { ArgumentUtility.CheckNotNull("accessType", accessType); var permission = FindPermission(accessType); if (permission == null) { throw new ArgumentException( string.Format("The access type '{0}' is not associated with the access control entry.", accessType.Name), "accessType"); } permission.Delete(); }
public void AddsAccessTypes() { var accessType0 = AccessTypeDefinition.NewObject(); var accessType1 = AccessTypeDefinition.NewObject(); var securableClassDefinition = SecurableClassDefinition.NewObject(); securableClassDefinition.AddAccessType(accessType0); securableClassDefinition.AddAccessType(accessType1); Assert.That(securableClassDefinition.AccessTypes, Is.EqualTo(new[] { accessType0, accessType1 })); var references = new SecurableClassDefinitionWrapper(securableClassDefinition).AccessTypeReferences; Assert.That(((AccessTypeReference)references[0]).Index, Is.EqualTo(0)); Assert.That(((AccessTypeReference)references[1]).Index, Is.EqualTo(1)); }
public void AddAccessType(AccessTypeDefinition accessType) { ArgumentUtility.CheckNotNull("accessType", accessType); if (FindPermission(accessType) != null) { throw new ArgumentException( string.Format("The access type '{0}' has already been added to this access control entry.", accessType.Name), "accessType"); } var permission = Permission.NewObject(); permission.AccessType = accessType; permission.Allowed = null; PermissionsInternal.Add(permission); }
public void Import_1ClassAnd8AccessTypes() { string metadataXml = @" <securityMetadata xmlns=""http://www.re-motion.org/Security/Metadata/1.0""> <classes> <class id=""00000000-0000-0000-0001-000000000000"" name=""Remotion.Security.UnitTests.TestDomain.File""> <accessTypes> <accessTypeRef>62dfcd92-a480-4d57-95f1-28c0f5996b3a</accessTypeRef> </accessTypes> </class> </classes> <stateProperties /> <accessTypes> <accessType id=""1d6d25bc-4e85-43ab-a42d-fb5a829c30d5"" name=""Create|Remotion.Security.GeneralAccessTypes, Remotion.Security"" value=""0"" /> <accessType id=""62dfcd92-a480-4d57-95f1-28c0f5996b3a"" name=""Read|Remotion.Security.GeneralAccessTypes, Remotion.Security"" value=""1"" /> <accessType id=""11186122-6de0-4194-b434-9979230c41fd"" name=""Edit|Remotion.Security.GeneralAccessTypes, Remotion.Security"" value=""2"" /> <accessType id=""305fbb40-75c8-423a-84b2-b26ea9e7cae7"" name=""Delete|Remotion.Security.GeneralAccessTypes, Remotion.Security"" value=""3"" /> <accessType id=""67cea479-0be7-4e2f-b2e0-bb1fcc9ea1d6"" name=""Search|Remotion.Security.GeneralAccessTypes, Remotion.Security"" value=""4"" /> <accessType id=""203b7478-96f1-4bf1-b4ea-5bdd1206252c"" name=""Find|Remotion.Security.GeneralAccessTypes, Remotion.Security"" value=""5"" /> <accessType id=""00000002-0001-0000-0000-000000000000"" name=""Journalize|Remotion.Security.UnitTests.TestDomain.DomainAccessTypes, Remotion.Security.UnitTests.TestDomain"" value=""0"" /> <accessType id=""00000002-0002-0000-0000-000000000000"" name=""Archive|Remotion.Security.UnitTests.TestDomain.DomainAccessTypes, Remotion.Security.UnitTests.TestDomain"" value=""1"" /> </accessTypes> <abstractRoles /> </securityMetadata>"; _importer.Import(GetXmlDocument(metadataXml)); using (_testHelper.Transaction.EnterNonDiscardingScope()) { Assert.AreEqual(1, _importer.Classes.Count, "Class count"); Assert.AreEqual(0, _importer.StateProperties.Count, "State property count"); Assert.AreEqual(0, _importer.AbstractRoles.Count, "Abstract role count"); Assert.AreEqual(8, _importer.AccessTypes.Count, "Access type count"); SecurableClassDefinition classDefinition = _importer.Classes[new Guid("00000000-0000-0000-0001-000000000000")]; AccessTypeDefinition accessType = _importer.AccessTypes[new Guid("62dfcd92-a480-4d57-95f1-28c0f5996b3a")]; Assert.AreEqual(1, classDefinition.AccessTypes.Count, "Access type count"); Assert.That(classDefinition.AccessTypes[0], Is.SameAs(accessType)); } }
public void GetAccessTypes_WithMatchingAce() { AccessControlEntry ace = AccessControlEntry.NewObject(); AccessTypeDefinition readAccessType = _testHelper.CreateReadAccessTypeAndAttachToAce(ace, true); _testHelper.CreateWriteAccessTypeAndAttachToAce(ace, null); AccessTypeDefinition deleteAccessType = _testHelper.CreateDeleteAccessTypeAndAttachToAce(ace, false); AccessTypeDefinition copyAccessType = _testHelper.CreateAccessTypeForAce(ace, true, Guid.NewGuid(), "Copy", 3); AccessTypeDefinition moveAccessType = _testHelper.CreateAccessTypeForAce(ace, false, Guid.NewGuid(), "Move", 4); AccessControlList acl = _testHelper.CreateStatefulAcl(ace); SecurityToken token = _testHelper.CreateTokenWithoutUser(); AccessInformation accessInformation = acl.GetAccessTypes(token); Assert.That(accessInformation.AllowedAccessTypes, Is.EquivalentTo(new[] { readAccessType, copyAccessType })); Assert.That(accessInformation.DeniedAccessTypes, Is.EquivalentTo(new[] { deleteAccessType, moveAccessType })); }
public void AttachAccessType(AccessControlEntry ace, AccessTypeDefinition accessType, bool?allowAccess) { using (_transaction.EnterNonDiscardingScope()) { ace.AddAccessType(accessType); if (!allowAccess.HasValue) { ace.RemoveAccess(accessType); } else if (allowAccess.Value) { ace.AllowAccess(accessType); } else { ace.DenyAccess(accessType); } } }