public void when_checking_authorization()
{
var rules = new AuthorizationRuleCollection();
var currentIdentities = new string[] { "L1:DOMAIN1\\User1", "L1:DOMAIN1\\Group1", "Role1" };
Assert.IsFalse(rules.IsAuthorized("Form1", ResourceTypes.Form, currentIdentities), "it should not be authorized");
Assert.IsFalse(rules.IsAuthorized("View1", ResourceTypes.View, currentIdentities), "it should not be authorized");
}
public void when_checking_authorization_for_a_matching_resource_and_user_identity_with_deny_rule()
{
var currentIdentities = new string[] { "L1:DOMAIN1\\User1", "L1:DOMAIN1\\Group1", "Role1" };
var resourceName = "Form1";
var resources = new string[] { resourceName };
var resourceType = ResourceTypes.Form;
var deniedIdentities = new string[] { "L1:DOMAIN1\\User1", "L1:DOMAIN1\\User2" };
var rules = new AuthorizationRuleCollection();
var denyRule = new AuthorizationRule(resources, resourceType, PermissionType.Deny, deniedIdentities);
rules.Add(denyRule);
Assert.IsFalse(rules.IsAuthorized(resourceName, resourceType, currentIdentities), "it should not be authorized");
}
public void when_checking_authorization_for_a_matching_resource_and_a_matching_identity()
{
var currentIdentities = new string[] { "L1:DOMAIN1\\User1", "L1:DOMAIN1\\Group1", "Role1" };
var resourceName = "Form1";
var resources = new string[] { resourceName };
var resourceType = ResourceTypes.Form;
var allowedIdentities = new string[] { "L1:DOMAIN1\\User1", "L1:DOMAIN1\\User2" };
var rules = new AuthorizationRuleCollection();
var allowRule = new AuthorizationRule(resources, resourceType, PermissionType.Allow, allowedIdentities);
rules.Add(allowRule);
Assert.IsTrue(rules.IsAuthorized(resourceName, resourceType, currentIdentities), "it should be authorized");
}