private static void AddUserLevelPermissionMessage( string operation, AuthorizationInformation info, IUser user, Permission permission, string entityDescription, string entitiesGroupsDescription) { if (permission.User != null) { string target = GetPermissionTarget(permission, entityDescription, entitiesGroupsDescription); if (permission.Allow) { info.AddAllow(Resources.PermissionGrantedForUser, operation, user.SecurityInfo.Name, target, permission.Level); } else { info.AddDeny(Resources.PermissionDeniedForUser, operation, user.SecurityInfo.Name, target, permission.Level); } } }
private void AddUserGroupLevelPermissionMessage(string operation, AuthorizationInformation info, IUser user, Permission permission, string entityDescription, string entitiesGroupsDescription) { if (permission.UsersGroup != null) { UsersGroup[] ancestryAssociation = authorizationRepository.GetAncestryAssociation(user, permission.UsersGroup.Name); string groupAncestry = Strings.Join(ancestryAssociation, " -> "); if (permission.Allow) { info.AddAllow(Resources.PermissionGrantedForUsersGroup, operation, permission.UsersGroup.Name, GetPermissionTarget(permission, entityDescription, entitiesGroupsDescription), user.SecurityInfo.Name, permission.Level, groupAncestry); } else { info.AddDeny(Resources.PermissionDeniedForUsersGroup, operation, permission.UsersGroup.Name, GetPermissionTarget(permission, entityDescription, entitiesGroupsDescription), user.SecurityInfo.Name, permission.Level, groupAncestry); } } }
/// <inheritdoc/> public string ToDelimitedString() { CultureInfo culture = CultureInfo.CurrentCulture; return(string.Format( culture, StringHelper.StringFormatSequence(0, 50, Configuration.FieldSeparator), Id, SetIdIn1.HasValue ? SetIdIn1.Value.ToString(culture) : null, HealthPlanId?.ToDelimitedString(), InsuranceCompanyId != null ? string.Join(Configuration.FieldRepeatSeparator, InsuranceCompanyId.Select(x => x.ToDelimitedString())) : null, InsuranceCompanyName != null ? string.Join(Configuration.FieldRepeatSeparator, InsuranceCompanyName.Select(x => x.ToDelimitedString())) : null, InsuranceCompanyAddress != null ? string.Join(Configuration.FieldRepeatSeparator, InsuranceCompanyAddress.Select(x => x.ToDelimitedString())) : null, InsuranceCoContactPerson != null ? string.Join(Configuration.FieldRepeatSeparator, InsuranceCoContactPerson.Select(x => x.ToDelimitedString())) : null, InsuranceCoPhoneNumber != null ? string.Join(Configuration.FieldRepeatSeparator, InsuranceCoPhoneNumber.Select(x => x.ToDelimitedString())) : null, GroupNumber, GroupName != null ? string.Join(Configuration.FieldRepeatSeparator, GroupName.Select(x => x.ToDelimitedString())) : null, InsuredsGroupEmpId != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsGroupEmpId.Select(x => x.ToDelimitedString())) : null, InsuredsGroupEmpName != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsGroupEmpName.Select(x => x.ToDelimitedString())) : null, PlanEffectiveDate.HasValue ? PlanEffectiveDate.Value.ToString(Consts.DateFormatPrecisionDay, culture) : null, PlanExpirationDate.HasValue ? PlanExpirationDate.Value.ToString(Consts.DateFormatPrecisionDay, culture) : null, AuthorizationInformation?.ToDelimitedString(), PlanType, NameOfInsured != null ? string.Join(Configuration.FieldRepeatSeparator, NameOfInsured.Select(x => x.ToDelimitedString())) : null, InsuredsRelationshipToPatient?.ToDelimitedString(), InsuredsDateOfBirth.HasValue ? InsuredsDateOfBirth.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null, InsuredsAddress != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsAddress.Select(x => x.ToDelimitedString())) : null, AssignmentOfBenefits, CoordinationOfBenefits, CoordOfBenPriority, NoticeOfAdmissionFlag, NoticeOfAdmissionDate.HasValue ? NoticeOfAdmissionDate.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null, ReportOfEligibilityFlag, ReportOfEligibilityDate.HasValue ? ReportOfEligibilityDate.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null, ReleaseInformationCode, PreAdmitCertPac, VerificationDateTime.HasValue ? VerificationDateTime.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null, VerificationBy != null ? string.Join(Configuration.FieldRepeatSeparator, VerificationBy.Select(x => x.ToDelimitedString())) : null, TypeOfAgreementCode, BillingStatus, LifetimeReserveDays.HasValue ? LifetimeReserveDays.Value.ToString(Consts.NumericFormat, culture) : null, DelayBeforeLRDay.HasValue ? DelayBeforeLRDay.Value.ToString(Consts.NumericFormat, culture) : null, CompanyPlanCode, PolicyNumber, PolicyDeductible?.ToDelimitedString(), PolicyLimitAmount?.ToDelimitedString(), PolicyLimitDays.HasValue ? PolicyLimitDays.Value.ToString(Consts.NumericFormat, culture) : null, RoomRateSemiPrivate?.ToDelimitedString(), RoomRatePrivate?.ToDelimitedString(), InsuredsEmploymentStatus?.ToDelimitedString(), InsuredsAdministrativeSex, InsuredsEmployersAddress != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsEmployersAddress.Select(x => x.ToDelimitedString())) : null, VerificationStatus, PriorInsurancePlanId, CoverageType, Handicap, InsuredsIdNumber != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsIdNumber.Select(x => x.ToDelimitedString())) : null ).TrimEnd(Configuration.FieldSeparator.ToCharArray())); }
public void ExplainWhyNotAllowedIfNoPermissionGranted() { AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, "/Account/Edit"); Assert.Equal( "Permission for operation '/Account/Edit' was not granted to user 'Ayende' or to the groups 'Ayende' is associated with ('Administrators')".TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
public void ExplainWhyDeniedOnAccountIfNoPermissionIsDefined() { AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit"); string expected = @"Permission for operation '/Account/Edit' was not granted to user 'Ayende' or to the groups 'Ayende' is associated with ('Administrators') on 'Account: south sand' or any of the groups 'Account: south sand' is associated with ('Important Accounts') "; Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
private bool InitializeAuthorizationInfo(string operation, out AuthorizationInformation info) { info = new AuthorizationInformation(); Operation op = authorizationRepository.GetOperationByName(operation); if (op == null) { info.AddDeny(Resources.OperationNotDefined, operation); return(true); } return(false); }
public void ToDelimitedString_WithAllProperties_ReturnsCorrectlySequencedFields() { IType hl7Type = new AuthorizationInformation { AuthorizationNumber = "1", Date = new DateTime(2020, 2, 1), Source = "3" }; string expected = "1^20200201^3"; string actual = hl7Type.ToDelimitedString(); Assert.Equal(expected, actual); }
public void ExplainWhyDeniedOnAccountWhenHaveNoGroupsOnUserOrEntity() { authorizationRepository.DetachUserFromGroup(user, "Administrators"); authorizationRepository.DetachEntityFromGroup(account, "Important Accounts"); session.Flush(); AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit"); string expected = @"Permission for operation '/Account/Edit' was not granted to user 'Ayende' or to the groups 'Ayende' is associated with ('not assoicated with any group') on 'Account: south sand' or any of the groups 'Account: south sand' is associated with ('not assoicated with any group') "; Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
public void FromDelimitedString_WithAllProperties_ReturnsCorrectlyInitializedFields() { IType expected = new AuthorizationInformation { AuthorizationNumber = "1", Date = new DateTime(2020, 2, 1), Source = "3" }; IType actual = new AuthorizationInformation(); actual.FromDelimitedString("1^20200201^3"); expected.Should().BeEquivalentTo(actual); }
public void ExplainWhyDeniedIfPermissionWasGrantedToEntitiesGroupButNotToGlobal() { permissionsBuilderService .Allow("/Account/Edit") .For("Administrators") .On("Important Accounts") .DefaultLevel() .Save(); AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, "/Account/Edit"); string expected = @"Permission for operation '/Account/Edit' was not granted to user 'Ayende' or to the groups 'Ayende' is associated with ('Administrators') "; Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
private void AddPermissionDescriptionToAuthorizationInformation <TEntity>(string operation, AuthorizationInformation info, IUser user, Permission[] permissions, TEntity entity) where TEntity : class { string entityDescription = ""; string entitiesGroupsDescription = ""; if (entity != null) { EntitiesGroup[] entitiesGroups = authorizationRepository.GetAssociatedEntitiesGroupsFor(entity); entityDescription = Security.GetDescription(entity); entitiesGroupsDescription = Strings.Join(entitiesGroups); } if (permissions.Length == 0) { UsersGroup[] usersGroups = authorizationRepository.GetAssociatedUsersGroupFor(user); if (entity == null) //not on specific entity { info.AddDeny(Resources.PermissionForOperationNotGrantedToUser, operation, user.SecurityInfo.Name, Strings.Join(usersGroups) ); } else { info.AddDeny(Resources.PermissionForOperationNotGrantedToUserOnEntity, operation, user.SecurityInfo.Name, Strings.Join(usersGroups), entityDescription, entitiesGroupsDescription); } return; } foreach (Permission permission in permissions) { AddUserLevelPermissionMessage(operation, info, user, permission, entityDescription, entitiesGroupsDescription); AddUserGroupLevelPermissionMessage(operation, info, user, permission, entityDescription, entitiesGroupsDescription); } }
public void ExplainWhyNotAllowedIfDenyPermissionWasDefined() { permissionsBuilderService .Deny("/Account/Edit") .For(user) .OnEverything() .DefaultLevel() .Save(); AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, "/Account/Edit"); Assert.Equal( "Permission (level 1) for operation '/Account/Edit' was denied to 'Ayende' on 'everything'".TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
public void ExplainWhyAllowedIfAllowPermissionWasDefinedOnGroup() { permissionsBuilderService .Allow("/Account/Edit") .For("Administrators") .OnEverything() .DefaultLevel() .Save(); AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, "/Account/Edit"); Assert.Equal( "Permission (level 1) for operation '/Account/Edit' was granted to group 'Administrators' on 'everything' ('Ayende' is a member of 'Administrators')".TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
public void ExplainWhyAllowedOnEntityGroupIfPermissionWasGrantedToUsersGroupAssociatedWithUser() { permissionsBuilderService .Allow("/Account/Edit") .For("Administrators") .On("Important Accounts") .DefaultLevel() .Save(); AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit"); string expected = @"Permission (level 1) for operation '/Account/Edit' was granted to group 'Administrators' on ''Important Accounts' ('Account: south sand' is a member of 'Important Accounts')' ('Ayende' is a member of 'Administrators') "; Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
public void ExplainWhyDeniedOnAccountIfPermissionWasDeniedToUserOnTheGroupTheEntityIsAssociatedWith() { permissionsBuilderService .Deny("/Account/Edit") .For(user) .On("Important Accounts") .DefaultLevel() .Save(); AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit"); string expected = @"Permission (level 1) for operation '/Account/Edit' was denied to 'Ayende' on ''Important Accounts' ('Account: south sand' is a member of 'Important Accounts')' "; Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
public void ExplainWhyAllowedOnAccountIfPermissionWasGrantedOnAnything() { permissionsBuilderService .Allow("/Account/Edit") .For(user) .OnEverything() .DefaultLevel() .Save(); AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit"); string expected = @"Permission (level 1) for operation '/Account/Edit' was granted to 'Ayende' on 'everything' "; Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
public void ExplainWhyDeniedOnAccountIfPermissionWasDeniedOnGroupAssociatedWithUser() { permissionsBuilderService .Deny("/Account/Edit") .For("Administrators") .On(account) .DefaultLevel() .Save(); AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit"); string expected = @"Permission (level 1) for operation '/Account/Edit' was denied to group 'Administrators' on 'Account: south sand' ('Ayende' is a member of 'Administrators') "; Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
public void ExplainWhyDeniedOnAccountIfPermissionWasDeniedToUser() { permissionsBuilderService .Deny("/Account/Edit") .For(user) .On(account) .DefaultLevel() .Save(); AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit"); string expected = @"Permission (level 1) for operation '/Account/Edit' was denied to 'Ayende' on 'Account: south sand' "; Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
public void ExplainWhyDeniedIfPermissionWasAllowedToChildGroupUserIsAssociatedWith() { authorizationRepository.CreateChildUserGroupOf("Administrators", "Helpdesk"); permissionsBuilderService .Allow("/Account/Edit") .For("Helpdesk") .On("Important Accounts") .DefaultLevel() .Save(); AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit"); string expected = @"Permission for operation '/Account/Edit' was not granted to user 'Ayende' or to the groups 'Ayende' is associated with ('Administrators') on 'Account: south sand' or any of the groups 'Account: south sand' is associated with ('Important Accounts') "; Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
public void ExplainWhyAllowedIfPermissionWasAllowedToParentGroupUserIsAssociatedWith() { authorizationRepository.CreateChildUserGroupOf("Administrators", "Helpdesk"); authorizationRepository.DetachUserFromGroup(user, "Administrators"); authorizationRepository.AssociateUserWith(user, "Helpdesk"); permissionsBuilderService .Allow("/Account/Edit") .For("Administrators") .On("Important Accounts") .DefaultLevel() .Save(); AuthorizationInformation information = authorizationService.GetAuthorizationInformation(user, account, "/Account/Edit"); string expected = @"Permission (level 1) for operation '/Account/Edit' was granted to group 'Administrators' on ''Important Accounts' ('Account: south sand' is a member of 'Important Accounts')' ('Ayende' is a member of 'Helpdesk -> Administrators')"; Assert.Equal(expected.TrimAndFixLineEndings(), information.ToString().TrimAndFixLineEndings()); }
private void AddPermissionDescriptionToAuthorizationInformation(string operation, AuthorizationInformation info, IUser user, Permission[] permissions) { if (permissions.Length == 0) { UsersGroup[] usersGroups = authorizationRepository.GetAssociatedUsersGroupFor(user); info.AddDeny(Resources.PermissionForOperationNotGrantedToUser, operation, user.SecurityInfo.Name, Strings.Join(usersGroups) ); return; } foreach (Permission permission in permissions) { AddUserLevelPermissionMessage(operation, info, user, permission); AddUserGroupLevelPermissionMessage(operation, info, user, permission); } }
private void AddUserGroupLevelPermissionMessage(string operation, AuthorizationInformation info, IUser user, Permission permission) { if (permission.UsersGroup != null) { UsersGroup[] ancestryAssociation = authorizationRepository.GetAncestryAssociation(user, permission.UsersGroup.Name); string groupAncestry = Strings.Join(ancestryAssociation, " -> "); if (permission.Allow) { info.AddAllow(Resources.PermissionGrantedForUsersGroup, operation, permission.UsersGroup.Name, GetPermissionTarget(permission), user.SecurityInfo.Name, permission.Level, groupAncestry); } else { info.AddDeny(Resources.PermissionDeniedForUsersGroup, operation, permission.UsersGroup.Name, GetPermissionTarget(permission), user.SecurityInfo.Name, permission.Level, groupAncestry); } } }
private static void AddUserLevelPermissionMessage( string operation, AuthorizationInformation info, IUser user, Permission permission) { if (permission.User != null) { string target = GetPermissionTarget(permission); if (permission.Allow) { info.AddAllow(Resources.PermissionGrantedForUser, operation, user.SecurityInfo.Name, target, permission.Level); } else { info.AddDeny(Resources.PermissionDeniedForUser, operation, user.SecurityInfo.Name, target, permission.Level); } } }
public IActionResult Authorization(AuthorizationInformation authorizationInformation) { return(Redirect("")); }
private bool InitializeAuthorizationInfo(string operation, out AuthorizationInformation info) { info = new AuthorizationInformation(); Operation op = authorizationRepository.GetOperationByName(operation); if (op == null) { info.AddDeny(Resources.OperationNotDefined, operation); return true; } return false; }