private static void AddUserLevelPermissionMessage(
string operation,
AuthorizationInformation info,
IUser user,
Permission permission,
string entityDescription,
string entitiesGroupsDescription)
{
if (permission.User != null)
{
string target = GetPermissionTarget(permission, entityDescription, entitiesGroupsDescription);
if (permission.Allow)
{
info.AddAllow(Resources.PermissionGrantedForUser,
operation,
user.SecurityInfo.Name,
target,
permission.Level);
}
else
{
info.AddDeny(Resources.PermissionDeniedForUser,
operation,
user.SecurityInfo.Name,
target,
permission.Level);
}
}
}
private void AddUserGroupLevelPermissionMessage(string operation, AuthorizationInformation info,
IUser user, Permission permission,
string entityDescription,
string entitiesGroupsDescription)
{
if (permission.UsersGroup != null)
{
UsersGroup[] ancestryAssociation =
authorizationRepository.GetAncestryAssociation(user, permission.UsersGroup.Name);
string groupAncestry = Strings.Join(ancestryAssociation, " -> ");
if (permission.Allow)
{
info.AddAllow(Resources.PermissionGrantedForUsersGroup,
operation,
permission.UsersGroup.Name,
GetPermissionTarget(permission, entityDescription, entitiesGroupsDescription),
user.SecurityInfo.Name,
permission.Level,
groupAncestry);
}
else
{
info.AddDeny(Resources.PermissionDeniedForUsersGroup,
operation,
permission.UsersGroup.Name,
GetPermissionTarget(permission, entityDescription, entitiesGroupsDescription),
user.SecurityInfo.Name,
permission.Level,
groupAncestry);
}
}
}
/// <inheritdoc/>
public string ToDelimitedString()
{
CultureInfo culture = CultureInfo.CurrentCulture;
return(string.Format(
culture,
StringHelper.StringFormatSequence(0, 50, Configuration.FieldSeparator),
Id,
SetIdIn1.HasValue ? SetIdIn1.Value.ToString(culture) : null,
HealthPlanId?.ToDelimitedString(),
InsuranceCompanyId != null ? string.Join(Configuration.FieldRepeatSeparator, InsuranceCompanyId.Select(x => x.ToDelimitedString())) : null,
InsuranceCompanyName != null ? string.Join(Configuration.FieldRepeatSeparator, InsuranceCompanyName.Select(x => x.ToDelimitedString())) : null,
InsuranceCompanyAddress != null ? string.Join(Configuration.FieldRepeatSeparator, InsuranceCompanyAddress.Select(x => x.ToDelimitedString())) : null,
InsuranceCoContactPerson != null ? string.Join(Configuration.FieldRepeatSeparator, InsuranceCoContactPerson.Select(x => x.ToDelimitedString())) : null,
InsuranceCoPhoneNumber != null ? string.Join(Configuration.FieldRepeatSeparator, InsuranceCoPhoneNumber.Select(x => x.ToDelimitedString())) : null,
GroupNumber,
GroupName != null ? string.Join(Configuration.FieldRepeatSeparator, GroupName.Select(x => x.ToDelimitedString())) : null,
InsuredsGroupEmpId != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsGroupEmpId.Select(x => x.ToDelimitedString())) : null,
InsuredsGroupEmpName != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsGroupEmpName.Select(x => x.ToDelimitedString())) : null,
PlanEffectiveDate.HasValue ? PlanEffectiveDate.Value.ToString(Consts.DateFormatPrecisionDay, culture) : null,
PlanExpirationDate.HasValue ? PlanExpirationDate.Value.ToString(Consts.DateFormatPrecisionDay, culture) : null,
AuthorizationInformation?.ToDelimitedString(),
PlanType,
NameOfInsured != null ? string.Join(Configuration.FieldRepeatSeparator, NameOfInsured.Select(x => x.ToDelimitedString())) : null,
InsuredsRelationshipToPatient?.ToDelimitedString(),
InsuredsDateOfBirth.HasValue ? InsuredsDateOfBirth.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null,
InsuredsAddress != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsAddress.Select(x => x.ToDelimitedString())) : null,
AssignmentOfBenefits,
CoordinationOfBenefits,
CoordOfBenPriority,
NoticeOfAdmissionFlag,
NoticeOfAdmissionDate.HasValue ? NoticeOfAdmissionDate.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null,
ReportOfEligibilityFlag,
ReportOfEligibilityDate.HasValue ? ReportOfEligibilityDate.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null,
ReleaseInformationCode,
PreAdmitCertPac,
VerificationDateTime.HasValue ? VerificationDateTime.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null,
VerificationBy != null ? string.Join(Configuration.FieldRepeatSeparator, VerificationBy.Select(x => x.ToDelimitedString())) : null,
TypeOfAgreementCode,
BillingStatus,
LifetimeReserveDays.HasValue ? LifetimeReserveDays.Value.ToString(Consts.NumericFormat, culture) : null,
DelayBeforeLRDay.HasValue ? DelayBeforeLRDay.Value.ToString(Consts.NumericFormat, culture) : null,
CompanyPlanCode,
PolicyNumber,
PolicyDeductible?.ToDelimitedString(),
PolicyLimitAmount?.ToDelimitedString(),
PolicyLimitDays.HasValue ? PolicyLimitDays.Value.ToString(Consts.NumericFormat, culture) : null,
RoomRateSemiPrivate?.ToDelimitedString(),
RoomRatePrivate?.ToDelimitedString(),
InsuredsEmploymentStatus?.ToDelimitedString(),
InsuredsAdministrativeSex,
InsuredsEmployersAddress != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsEmployersAddress.Select(x => x.ToDelimitedString())) : null,
VerificationStatus,
PriorInsurancePlanId,
CoverageType,
Handicap,
InsuredsIdNumber != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsIdNumber.Select(x => x.ToDelimitedString())) : null
).TrimEnd(Configuration.FieldSeparator.ToCharArray()));
}
public void ExplainWhyNotAllowedIfNoPermissionGranted()
{
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, "/Account/Edit");
Assert.Equal(
"Permission for operation '/Account/Edit' was not granted to user 'Ayende' or to the groups 'Ayende' is associated with ('Administrators')".TrimAndFixLineEndings(),
information.ToString().TrimAndFixLineEndings());
}
public void ExplainWhyDeniedOnAccountIfNoPermissionIsDefined()
{
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit");
string expected =
@"Permission for operation '/Account/Edit' was not granted to user 'Ayende' or to the groups 'Ayende' is associated with ('Administrators') on 'Account: south sand' or any of the groups 'Account: south sand' is associated with ('Important Accounts')
";
Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings());
}
private bool InitializeAuthorizationInfo(string operation, out AuthorizationInformation info)
{
info = new AuthorizationInformation();
Operation op = authorizationRepository.GetOperationByName(operation);
if (op == null)
{
info.AddDeny(Resources.OperationNotDefined, operation);
return(true);
}
return(false);
}
public void ToDelimitedString_WithAllProperties_ReturnsCorrectlySequencedFields()
{
IType hl7Type = new AuthorizationInformation
{
AuthorizationNumber = "1",
Date = new DateTime(2020, 2, 1),
Source = "3"
};
string expected = "1^20200201^3";
string actual = hl7Type.ToDelimitedString();
Assert.Equal(expected, actual);
}
public void ExplainWhyDeniedOnAccountWhenHaveNoGroupsOnUserOrEntity()
{
authorizationRepository.DetachUserFromGroup(user, "Administrators");
authorizationRepository.DetachEntityFromGroup(account, "Important Accounts");
session.Flush();
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit");
string expected =
@"Permission for operation '/Account/Edit' was not granted to user 'Ayende' or to the groups 'Ayende' is associated with ('not assoicated with any group') on 'Account: south sand' or any of the groups 'Account: south sand' is associated with ('not assoicated with any group')
";
Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings());
}
public void FromDelimitedString_WithAllProperties_ReturnsCorrectlyInitializedFields()
{
IType expected = new AuthorizationInformation
{
AuthorizationNumber = "1",
Date = new DateTime(2020, 2, 1),
Source = "3"
};
IType actual = new AuthorizationInformation();
actual.FromDelimitedString("1^20200201^3");
expected.Should().BeEquivalentTo(actual);
}
public void ExplainWhyDeniedIfPermissionWasGrantedToEntitiesGroupButNotToGlobal()
{
permissionsBuilderService
.Allow("/Account/Edit")
.For("Administrators")
.On("Important Accounts")
.DefaultLevel()
.Save();
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, "/Account/Edit");
string expected =
@"Permission for operation '/Account/Edit' was not granted to user 'Ayende' or to the groups 'Ayende' is associated with ('Administrators')
";
Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings());
}
private void AddPermissionDescriptionToAuthorizationInformation <TEntity>(string operation,
AuthorizationInformation info,
IUser user, Permission[] permissions,
TEntity entity)
where TEntity : class
{
string entityDescription = "";
string entitiesGroupsDescription = "";
if (entity != null)
{
EntitiesGroup[] entitiesGroups = authorizationRepository.GetAssociatedEntitiesGroupsFor(entity);
entityDescription = Security.GetDescription(entity);
entitiesGroupsDescription = Strings.Join(entitiesGroups);
}
if (permissions.Length == 0)
{
UsersGroup[] usersGroups = authorizationRepository.GetAssociatedUsersGroupFor(user);
if (entity == null) //not on specific entity
{
info.AddDeny(Resources.PermissionForOperationNotGrantedToUser,
operation,
user.SecurityInfo.Name,
Strings.Join(usersGroups)
);
}
else
{
info.AddDeny(Resources.PermissionForOperationNotGrantedToUserOnEntity,
operation,
user.SecurityInfo.Name,
Strings.Join(usersGroups),
entityDescription,
entitiesGroupsDescription);
}
return;
}
foreach (Permission permission in permissions)
{
AddUserLevelPermissionMessage(operation, info, user, permission, entityDescription,
entitiesGroupsDescription);
AddUserGroupLevelPermissionMessage(operation, info, user, permission, entityDescription,
entitiesGroupsDescription);
}
}
public void ExplainWhyNotAllowedIfDenyPermissionWasDefined()
{
permissionsBuilderService
.Deny("/Account/Edit")
.For(user)
.OnEverything()
.DefaultLevel()
.Save();
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, "/Account/Edit");
Assert.Equal(
"Permission (level 1) for operation '/Account/Edit' was denied to 'Ayende' on 'everything'".TrimAndFixLineEndings(),
information.ToString().TrimAndFixLineEndings());
}
public void ExplainWhyAllowedIfAllowPermissionWasDefinedOnGroup()
{
permissionsBuilderService
.Allow("/Account/Edit")
.For("Administrators")
.OnEverything()
.DefaultLevel()
.Save();
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, "/Account/Edit");
Assert.Equal(
"Permission (level 1) for operation '/Account/Edit' was granted to group 'Administrators' on 'everything' ('Ayende' is a member of 'Administrators')".TrimAndFixLineEndings(),
information.ToString().TrimAndFixLineEndings());
}
public void ExplainWhyAllowedOnEntityGroupIfPermissionWasGrantedToUsersGroupAssociatedWithUser()
{
permissionsBuilderService
.Allow("/Account/Edit")
.For("Administrators")
.On("Important Accounts")
.DefaultLevel()
.Save();
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit");
string expected =
@"Permission (level 1) for operation '/Account/Edit' was granted to group 'Administrators' on ''Important Accounts' ('Account: south sand' is a member of 'Important Accounts')' ('Ayende' is a member of 'Administrators')
";
Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings());
}
public void ExplainWhyDeniedOnAccountIfPermissionWasDeniedToUserOnTheGroupTheEntityIsAssociatedWith()
{
permissionsBuilderService
.Deny("/Account/Edit")
.For(user)
.On("Important Accounts")
.DefaultLevel()
.Save();
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit");
string expected =
@"Permission (level 1) for operation '/Account/Edit' was denied to 'Ayende' on ''Important Accounts' ('Account: south sand' is a member of 'Important Accounts')'
";
Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings());
}
public void ExplainWhyAllowedOnAccountIfPermissionWasGrantedOnAnything()
{
permissionsBuilderService
.Allow("/Account/Edit")
.For(user)
.OnEverything()
.DefaultLevel()
.Save();
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit");
string expected =
@"Permission (level 1) for operation '/Account/Edit' was granted to 'Ayende' on 'everything'
";
Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings());
}
public void ExplainWhyDeniedOnAccountIfPermissionWasDeniedOnGroupAssociatedWithUser()
{
permissionsBuilderService
.Deny("/Account/Edit")
.For("Administrators")
.On(account)
.DefaultLevel()
.Save();
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit");
string expected =
@"Permission (level 1) for operation '/Account/Edit' was denied to group 'Administrators' on 'Account: south sand' ('Ayende' is a member of 'Administrators')
";
Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings());
}
public void ExplainWhyDeniedOnAccountIfPermissionWasDeniedToUser()
{
permissionsBuilderService
.Deny("/Account/Edit")
.For(user)
.On(account)
.DefaultLevel()
.Save();
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit");
string expected =
@"Permission (level 1) for operation '/Account/Edit' was denied to 'Ayende' on 'Account: south sand'
";
Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings());
}
public void ExplainWhyDeniedIfPermissionWasAllowedToChildGroupUserIsAssociatedWith()
{
authorizationRepository.CreateChildUserGroupOf("Administrators", "Helpdesk");
permissionsBuilderService
.Allow("/Account/Edit")
.For("Helpdesk")
.On("Important Accounts")
.DefaultLevel()
.Save();
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit");
string expected =
@"Permission for operation '/Account/Edit' was not granted to user 'Ayende' or to the groups 'Ayende' is associated with ('Administrators') on 'Account: south sand' or any of the groups 'Account: south sand' is associated with ('Important Accounts')
";
Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings());
}
public void ExplainWhyAllowedIfPermissionWasAllowedToParentGroupUserIsAssociatedWith()
{
authorizationRepository.CreateChildUserGroupOf("Administrators", "Helpdesk");
authorizationRepository.DetachUserFromGroup(user, "Administrators");
authorizationRepository.AssociateUserWith(user, "Helpdesk");
permissionsBuilderService
.Allow("/Account/Edit")
.For("Administrators")
.On("Important Accounts")
.DefaultLevel()
.Save();
AuthorizationInformation information =
authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit");
string expected =
@"Permission (level 1) for operation '/Account/Edit' was granted to group 'Administrators' on ''Important Accounts' ('Account: south sand' is a member of 'Important Accounts')' ('Ayende' is a member of 'Helpdesk -> Administrators')";
Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings());
}
private void AddPermissionDescriptionToAuthorizationInformation(string operation,
AuthorizationInformation info,
IUser user, Permission[] permissions)
{
if (permissions.Length == 0)
{
UsersGroup[] usersGroups = authorizationRepository.GetAssociatedUsersGroupFor(user);
info.AddDeny(Resources.PermissionForOperationNotGrantedToUser,
operation,
user.SecurityInfo.Name,
Strings.Join(usersGroups)
);
return;
}
foreach (Permission permission in permissions)
{
AddUserLevelPermissionMessage(operation, info, user, permission);
AddUserGroupLevelPermissionMessage(operation, info, user, permission);
}
}
private void AddUserGroupLevelPermissionMessage(string operation, AuthorizationInformation info,
IUser user, Permission permission)
{
if (permission.UsersGroup != null)
{
UsersGroup[] ancestryAssociation =
authorizationRepository.GetAncestryAssociation(user, permission.UsersGroup.Name);
string groupAncestry = Strings.Join(ancestryAssociation, " -> ");
if (permission.Allow)
{
info.AddAllow(Resources.PermissionGrantedForUsersGroup,
operation,
permission.UsersGroup.Name,
GetPermissionTarget(permission),
user.SecurityInfo.Name,
permission.Level,
groupAncestry);
}
else
{
info.AddDeny(Resources.PermissionDeniedForUsersGroup,
operation,
permission.UsersGroup.Name,
GetPermissionTarget(permission),
user.SecurityInfo.Name,
permission.Level,
groupAncestry);
}
}
}
private static void AddUserLevelPermissionMessage(
string operation,
AuthorizationInformation info,
IUser user,
Permission permission)
{
if (permission.User != null)
{
string target = GetPermissionTarget(permission);
if (permission.Allow)
{
info.AddAllow(Resources.PermissionGrantedForUser,
operation,
user.SecurityInfo.Name,
target,
permission.Level);
}
else
{
info.AddDeny(Resources.PermissionDeniedForUser,
operation,
user.SecurityInfo.Name,
target,
permission.Level);
}
}
}
public IActionResult Authorization(AuthorizationInformation authorizationInformation)
{
return(Redirect(""));
}
private bool InitializeAuthorizationInfo(string operation, out AuthorizationInformation info)
{
info = new AuthorizationInformation();
Operation op = authorizationRepository.GetOperationByName(operation);
if (op == null)
{
info.AddDeny(Resources.OperationNotDefined, operation);
return true;
}
return false;
}
