예제 #1
0
        public void ComputeOnInsertPrincipal()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve <ISqlExecuter>()
                .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role");

                // Insert test data:

                var u1 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u1"
                };
                var u2 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u2"
                };
                var u3 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u3"
                };
                var u5 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = "u5"
                };
                var r1 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r1"
                };
                var r2 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r2"
                };
                var r25 = new Common.Role {
                    ID = Guid.NewGuid(), Name = "r25"
                };

                var repository = container.Resolve <Common.DomRepository>();
                var roles      = container.Resolve <GenericRepository <Common.Role> >();
                var principals = container.Resolve <GenericRepository <Common.Principal> >();
                var membership = container.Resolve <GenericRepository <Common.PrincipalHasRole> >();

                roles.Insert(r1, r2, r25);
                Assert.AreEqual(@"\r1, \r2, r25", ReportRoles(roles.Load()), "roles created");

                principals.Insert(u1, u2, u3, u5);
                Assert.AreEqual(@"\u1, \u2, \u3, u5", ReportPrincipals(principals.Load()), "principals created");

                // Recompute membership on insert domain users:

                Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container), "auto-membership on insert");

                // Inserting non-domain users and roles:

                membership.Insert(new[] {
                    new Common.PrincipalHasRole {
                        PrincipalID = u2.ID, RoleID = r25.ID
                    },
                    new Common.PrincipalHasRole {
                        PrincipalID = u5.ID, RoleID = r25.ID
                    }
                },
                                  checkUserPermissions: true);
                Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "non-domain users and roles");
            }
        }
예제 #2
0
        public void RoleInheritance()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve <ISqlExecuter>()
                .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role");

                // Insert test data:

                var u1 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u1"
                };
                var u2 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u2"
                };
                var u3 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u3"
                };
                var u5 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = "u5"
                };
                var r1 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r1"
                };
                var r2 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r2"
                };
                var r25 = new Common.Role {
                    ID = Guid.NewGuid(), Name = "r25"
                };

                var repository = container.Resolve <Common.DomRepository>();
                var roles      = container.Resolve <GenericRepository <Common.Role> >();
                var principals = container.Resolve <GenericRepository <Common.Principal> >();
                var membership = container.Resolve <GenericRepository <Common.PrincipalHasRole> >();

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole {
                        PrincipalID = u2.ID, RoleID = r25.ID
                    },
                    new Common.PrincipalHasRole {
                        PrincipalID = u5.ID, RoleID = r25.ID
                    }
                });

                // Modify role inheritance:

                repository.Common.RoleInheritsRole.Insert(new[] { new Common.RoleInheritsRole {
                                                                      UsersFromID = r1.ID, PermissionsFromID = r25.ID
                                                                  } });

                TestUtility.ShouldFail(() => repository.Common.RoleInheritsRole.Insert(new[] { new Common.RoleInheritsRole {
                                                                                                   UsersFromID = r25.ID, PermissionsFromID = r2.ID
                                                                                               } }), "UserException",
                                       "It is not allowed to add users or user groups here because this role is synchronized with an Active Directory group.",
                                       "Please change the user membership on Active Directory instead.");
            }
        }
예제 #3
0
        public void ComputeOnUpdatePrincipal()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve <ISqlExecuter>()
                .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role");

                // Insert test data:

                var u1 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u1"
                };
                var u2 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u2"
                };
                var u3 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u3"
                };
                var u5 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = "u5"
                };
                var r1 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r1"
                };
                var r2 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r2"
                };
                var r25 = new Common.Role {
                    ID = Guid.NewGuid(), Name = "r25"
                };

                var repository = container.Resolve <Common.DomRepository>();
                var roles      = container.Resolve <GenericRepository <Common.Role> >();
                var principals = container.Resolve <GenericRepository <Common.Principal> >();
                var membership = container.Resolve <GenericRepository <Common.PrincipalHasRole> >();

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole {
                        PrincipalID = u2.ID, RoleID = r25.ID
                    },
                    new Common.PrincipalHasRole {
                        PrincipalID = u5.ID, RoleID = r25.ID
                    }
                });

                // Recompute membership on update principal (domain users only):

                u2.Name = "u2x";
                principals.Update(u2);
                Assert.AreEqual(@"\u1-\r1, u2x-\r2, u2x-r25, u5-r25", ReportMembership(container), "auto-membership on update ignore non-domain users");
                u2.Name = _domainPrefix + "u2x";
                principals.Update(u2);
                Assert.AreEqual(@"\u1-\r1, \u2x-r25, u5-r25", ReportMembership(container), "auto-membership on update domain users");
                u2.Name = _domainPrefix + "u2";
                principals.Update(u2);
                Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "auto-membership on update domain users 2");
            }
        }
예제 #4
0
 public static Common.Role LoadRole(Guid roleGuid)
 {
     Business.Role roleController = new Business.Role();
     Common.Role   role           = new Common.Role();
     roleController.Load(roleGuid, role);
     return(role);
 }
예제 #5
0
        public void RecomputeMembership()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve <ISqlExecuter>()
                .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role");

                // Insert test data:

                var u1 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u1"
                };
                var u2 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u2"
                };
                var u3 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u3"
                };
                var u5 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = "u5"
                };
                var r1 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r1"
                };
                var r2 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r2"
                };
                var r25 = new Common.Role {
                    ID = Guid.NewGuid(), Name = "r25"
                };

                var repository = container.Resolve <Common.DomRepository>();
                var roles      = container.Resolve <GenericRepository <Common.Role> >();
                var principals = container.Resolve <GenericRepository <Common.Principal> >();
                var membership = repository.Common.PrincipalHasRole;

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole {
                        PrincipalID = u2.ID, RoleID = r25.ID
                    },
                    new Common.PrincipalHasRole {
                        PrincipalID = u5.ID, RoleID = r25.ID
                    }
                });

                // Recompute membership relations:

                var u1r1 = membership.Query(m => m.Principal.Name.Contains(@"\u1")).Single();
                membership.Delete(new[] { u1r1 }, checkUserPermissions: false);
                Assert.AreEqual(@"\u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "modified membership");

                repository.Common.PrincipalHasRole.RecomputeFromActiveDirectoryPrincipalHasRole();
                Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "recomputed membership");
            }
        }
예제 #6
0
 public bool UpdateRole(Common.Role role)
 {
     return(ExecuteSPCommand("UpdateRole",
                             "@Guid", role.RoleGuid,
                             "@Title", role.Title,
                             "@Priority", role.Priority,
                             "@IsDefault", role.IsDefault,
                             "@IsSalePackage", role.IsSalePackage,
                             "@Price", role.Price,
                             "@Description", role.Description));
 }
예제 #7
0
 public void InsertUnusedRole()
 {
     TestPermissionsCachingOnChange(context =>
     {
         var common = context.Repository.Common;
         var role3  = new Common.Role {
             Name = RolePrefix + Guid.NewGuid().ToString()
         };
         common.Role.Insert(role3);
     },
                                    new[] { true, true, false },
                                    "Roles");
 }
예제 #8
0
        private void InitializePage()
        {
            btnSave.Text   = Language.GetString(btnSave.Text);
            btnCancel.Text = Language.GetString(btnCancel.Text);
            btnSave.Attributes["onclick"] = "return validateRequiredFields();";

            if (ActionType == "edit")
            {
                Common.Role role = Facade.Role.LoadRole(RoleGuid);
                txtTitle.Text            = role.Title;
                chbDefaultRole.Checked   = role.IsDefault;
                ChbIsSalePackage.Checked = role.IsSalePackage;
                txtPrice.Text            = Helper.FormatDecimalForDisplay(role.Price);
                txtDescription.Text      = role.Description;
            }
        }
예제 #9
0
        public void UserShouldNotUpdateDomainMembership()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve <ISqlExecuter>()
                .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role");

                // Insert test data:

                var u1 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u1"
                };
                var u2 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u2"
                };
                var r1 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r1"
                };
                var r2 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r2"
                };

                var repository = container.Resolve <Common.DomRepository>();
                var roles      = container.Resolve <GenericRepository <Common.Role> >();
                var principals = container.Resolve <GenericRepository <Common.Principal> >();
                var membership = repository.Common.PrincipalHasRole;

                roles.Insert(r1, r2);
                principals.Insert(u1, u2);

                // The user should not update domain users/groups membership:

                Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container));

                var u2r2 = membership.Query(m => m.Principal.Name.Contains(@"\u2")).Single();
                membership.Delete(new[] { u2r2 }, checkUserPermissions: false);
                Assert.AreEqual(@"\u1-\r1", ReportMembership(container));

                var u1r1 = membership.Query(m => m.Principal.Name.Contains(@"\u1")).Single();
                TestUtility.ShouldFail(
                    () => membership.Delete(new[] { u1r1 }, checkUserPermissions: true),
                    "It is not allowed to remove the user membership here, because role " + _domainPrefix + "r1 is synchronized with an Active Directory group");
            }
        }
예제 #10
0
        protected void btnSave_Click(object sender, EventArgs e)
        {
            try
            {
                Common.Role role = new Common.Role();
                role.RoleGuid      = RoleGuid;
                role.Title         = txtTitle.Text;
                role.Price         = Helper.GetDecimal(txtPrice.Text);
                role.Description   = txtDescription.Text;
                role.Priority      = Helper.GetByte(txtPriority.Text);
                role.IsSalePackage = ChbIsSalePackage.Checked;
                role.IsDefault     = chbDefaultRole.Checked;
                role.UserGuid      = UserGuid;
                role.CreateDate    = DateTime.Now;

                if (role.HasError)
                {
                    throw new Exception(role.ErrorMessage);
                }

                switch (ActionType)
                {
                case "edit":
                    if (!Facade.Role.UpdateRole(role))
                    {
                        throw new Exception(Language.GetString("ErrorRecord"));
                    }
                    break;

                case "insert":
                    if (!Facade.Role.InsertRole(role))
                    {
                        throw new Exception(Language.GetString("ErrorRecord"));
                    }
                    break;
                }

                Response.Redirect(string.Format("/PageLoader.aspx?c={0}", Helper.Encrypt((int)UserControls.UI_Roles_Role, Session)));
            }
            catch (Exception ex)
            {
                ClientSideScript = string.Format("result('error','{0}')", ex.Message);
            }
        }
예제 #11
0
        public void CommonFilters()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve<Common.ExecutionContext>().NHibernateSession
                    .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role")
                    .ExecuteUpdate();

                // Insert test data:

                var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" };
                var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" };
                var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" };
                var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" };
                var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" };
                var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" };
                var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" };

                var repository = container.Resolve<Common.DomRepository>();
                var roles = container.Resolve<GenericRepository<Common.Role>>();
                var principals = container.Resolve<GenericRepository<Common.Principal>>();
                var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>();

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole { Principal = u2, Role = r25 },
                    new Common.PrincipalHasRole { Principal = u5, Role = r25 } });

                // Common filters:

                var filter1 = new Common.ActiveDirectoryAllUsersParameter();
                Assert.AreEqual(@"\u1-\r1, \u2-\r2",
                    ReportMembership(container, filter1),
                    "filter ActiveDirectoryAllUsersParameter");

                var filter2 = new[] { u1.Name, u2.Name }.Select(name => new Common.ActiveDirectoryUserParameter { UserName = name }).ToArray();
                Assert.AreEqual(@"\u1-\r1, \u2-\r2",
                    ReportMembership(container, filter2),
                    "filter ActiveDirectoryUserParameter");
            }
        }
예제 #12
0
 public void InsertRoleWithPermissions()
 {
     TestPermissionsCachingOnChange(context =>
     {
         var common = context.Repository.Common;
         var role3  = new Common.Role {
             Name = RolePrefix + Guid.NewGuid().ToString()
         };
         common.Role.Insert(role3);
         var claim1 = common.Claim.Load(c => c.ClaimResource == Claim1.Resource && c.ClaimRight == Claim1.Right).Single();
         common.RolePermission.Insert(new Common.RolePermission {
             RoleID = role3.ID, ClaimID = claim1.ID, IsAuthorized = false
         });
         var role1 = common.Role.Load(r => r.Name == Role1Name).Single();
         common.RoleInheritsRole.Insert(new Common.RoleInheritsRole {
             UsersFromID = role1.ID, PermissionsFromID = role3.ID
         });
     },
                                    new[] { false, true, false }, // Denied permission on claim1.
                                    "RolePermissions, RolePermissions, RoleRoles, RoleRoles, Roles");
 }
예제 #13
0
        public void InsertTestPermissions()
        {
            DeleteTestPermissions();
            using (var container = new RhetosTestContainer(commitChanges: true))
            {
                var r = container.Resolve <Common.DomRepository>();

                var principal1 = new Common.Principal {
                    Name = User1Name
                };
                var principal2 = new Common.Principal {
                    Name = User2Name
                };
                r.Common.Principal.Insert(principal1, principal2);

                var role1 = new Common.Role {
                    Name = Role1Name
                };
                var role2 = new Common.Role {
                    Name = Role2Name
                };
                r.Common.Role.Insert(role1, role2);

                r.Common.PrincipalHasRole.Insert(new Common.PrincipalHasRole {
                    PrincipalID = principal1.ID, RoleID = role1.ID
                });
                r.Common.RoleInheritsRole.Insert(new Common.RoleInheritsRole {
                    UsersFromID = role1.ID, PermissionsFromID = role2.ID
                });

                var claim1 = r.Common.Claim.Load(c => c.ClaimResource == Claim1.Resource && c.ClaimRight == Claim1.Right).Single();
                var claim2 = r.Common.Claim.Load(c => c.ClaimResource == Claim2.Resource && c.ClaimRight == Claim2.Right).Single();
                r.Common.PrincipalPermission.Insert(new Common.PrincipalPermission {
                    PrincipalID = principal1.ID, ClaimID = claim1.ID, IsAuthorized = true
                });
                r.Common.RolePermission.Insert(new Common.RolePermission {
                    RoleID = role2.ID, ClaimID = claim2.ID, IsAuthorized = true
                });
            }
        }
        public void InsertTestPermissions()
        {
            DeleteTestPermissions();
            using (var scope = TestScope.Create())
            {
                var context = scope.Resolve <Common.ExecutionContext>();
                var r       = scope.Resolve <Common.DomRepository>();

                var principal1 = context.InsertPrincipalOrReadId(User1Name);
                context.InsertPrincipalOrReadId(User2Name);

                var role1 = new Common.Role {
                    Name = Role1Name
                };
                var role2 = new Common.Role {
                    Name = Role2Name
                };
                r.Common.Role.Insert(role1, role2);

                r.Common.PrincipalHasRole.Insert(new Common.PrincipalHasRole {
                    PrincipalID = principal1.ID, RoleID = role1.ID
                });
                r.Common.RoleInheritsRole.Insert(new Common.RoleInheritsRole {
                    UsersFromID = role1.ID, PermissionsFromID = role2.ID
                });

                var claim1 = r.Common.Claim.Load(c => c.ClaimResource == Claim1.Resource && c.ClaimRight == Claim1.Right).Single();
                var claim2 = r.Common.Claim.Load(c => c.ClaimResource == Claim2.Resource && c.ClaimRight == Claim2.Right).Single();
                r.Common.PrincipalPermission.Insert(new Common.PrincipalPermission {
                    PrincipalID = principal1.ID, ClaimID = claim1.ID, IsAuthorized = true
                });
                r.Common.RolePermission.Insert(new Common.RolePermission {
                    RoleID = role2.ID, ClaimID = claim2.ID, IsAuthorized = true
                });

                scope.CommitAndClose();
            }
        }
예제 #15
0
        public void InsertTestPermissions()
        {
            DeleteTestPermissions();
            using (var container = new RhetosTestContainer(commitChanges: true))
            {
                var r = container.Resolve<Common.DomRepository>();

                var principal1 = new Common.Principal { Name = User1Name };
                var principal2 = new Common.Principal { Name = User2Name };
                r.Common.Principal.Insert(principal1, principal2);

                var role1 = new Common.Role { Name = Role1Name };
                var role2 = new Common.Role { Name = Role2Name };
                r.Common.Role.Insert(role1, role2);

                r.Common.PrincipalHasRole.Insert(new Common.PrincipalHasRole { PrincipalID = principal1.ID, RoleID = role1.ID });
                r.Common.RoleInheritsRole.Insert(new Common.RoleInheritsRole { UsersFromID = role1.ID, PermissionsFromID = role2.ID });

                var claim1 = r.Common.Claim.Load(c => c.ClaimResource == Claim1.Resource && c.ClaimRight == Claim1.Right).Single();
                var claim2 = r.Common.Claim.Load(c => c.ClaimResource == Claim2.Resource && c.ClaimRight == Claim2.Right).Single();
                r.Common.PrincipalPermission.Insert(new Common.PrincipalPermission { PrincipalID = principal1.ID, ClaimID = claim1.ID, IsAuthorized = true });
                r.Common.RolePermission.Insert(new Common.RolePermission { RoleID = role2.ID, ClaimID = claim2.ID, IsAuthorized = true });
            }
        }
예제 #16
0
        public Guid InsertRole(Common.Role role)
        {
            Guid guid = Guid.NewGuid();

            try
            {
                ExecuteSPCommand("InsertRole",
                                 "@Guid", guid,
                                 "@Title", role.Title,
                                 "@Priority", role.Priority,
                                 "@CreateDate", role.CreateDate,
                                 "@UserGuid", role.UserGuid,
                                 "@IsDefault", role.IsDefault,
                                 "@IsSalePackage", role.IsSalePackage,
                                 "@Price", role.Price,
                                 "@Description", role.Description);
                return(guid);
            }
            catch
            {
                guid = Guid.Empty;
                return(guid);
            }
        }
예제 #17
0
 public static bool InsertRole(Common.Role role)
 {
     Business.Role roleController = new Business.Role();
     return(roleController.InsertRole(role) != Guid.Empty ? true : false);
 }
예제 #18
0
 public void InsertRoleWithPermissions()
 {
     TestPermissionsCachingOnChange(context =>
     {
         var common = context.Repository.Common;
         var role3 = new Common.Role { Name = RolePrefix + Guid.NewGuid().ToString() };
         common.Role.Insert(role3);
         var claim1 = common.Claim.Load(c => c.ClaimResource == Claim1.Resource && c.ClaimRight == Claim1.Right).Single();
         common.RolePermission.Insert(new Common.RolePermission { RoleID = role3.ID, ClaimID = claim1.ID, IsAuthorized = false });
         var role1 = common.Role.Load(r => r.Name == Role1Name).Single();
         common.RoleInheritsRole.Insert(new Common.RoleInheritsRole { UsersFromID = role1.ID, PermissionsFromID = role3.ID });
     },
         new[] { false, true, false }, // Denied permission on claim1.
         "RolePermissions, RolePermissions, RoleRoles, RoleRoles, Roles");
 }
예제 #19
0
 public void InsertUnusedRole()
 {
     TestPermissionsCachingOnChange(context =>
     {
         var common = context.Repository.Common;
         var role3 = new Common.Role { Name = RolePrefix + Guid.NewGuid().ToString() };
         common.Role.Insert(role3);
     },
         new[] { true, true, false },
         "Roles");
 }
예제 #20
0
        public void ComputeOnAuthorization()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve <ISqlExecuter>()
                .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role");

                // Insert test data:

                var u1 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u1"
                };
                var u2 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u2"
                };
                var u3 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u3"
                };
                var u5 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = "u5"
                };
                var r1 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r1"
                };
                var r2 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r2"
                };
                var r25 = new Common.Role {
                    ID = Guid.NewGuid(), Name = "r25"
                };

                var repository = container.Resolve <Common.DomRepository>();
                var roles      = container.Resolve <GenericRepository <Common.Role> >();
                var principals = container.Resolve <GenericRepository <Common.Principal> >();
                var membership = container.Resolve <GenericRepository <Common.PrincipalHasRole> >();

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Delete(membership.Load());
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole {
                        PrincipalID = u2.ID, RoleID = r25.ID
                    },
                    new Common.PrincipalHasRole {
                        PrincipalID = u5.ID, RoleID = r25.ID
                    }
                });

                // Recompute membership on authorization:

                var authorizationProvider = container.Resolve <CommonAuthorizationProvider>();

                Assert.AreEqual(@"\u2-r25, u5-r25", ReportMembership(container));

                {
                    var userRoles = authorizationProvider.GetUsersRoles(u1);
                    Assert.AreEqual(@"\r1", ReportRoles(userRoles, container));
                    Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container), "membership recomputed on authorization u1");
                }

                {
                    var userRoles = authorizationProvider.GetUsersRoles(u2);
                    Assert.AreEqual(@"\r2, r25", ReportRoles(userRoles, container), "mixed membership");
                    Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "membership recomputed on authorization u2");
                }

                AuthorizationDataCache.ClearCache();
                membership.Delete(membership.Load());
                Assert.AreEqual(@"", ReportMembership(container), "membership deleted");

                {
                    var userRoles = authorizationProvider.GetUsersRoles(u1);
                    Assert.AreEqual(@"\r1", ReportRoles(userRoles, container));
                    Assert.AreEqual(@"\u1-\r1", ReportMembership(container), "membership recomputed on authorization u1");
                }

                {
                    var userRoles = authorizationProvider.GetUsersRoles(u2);
                    Assert.AreEqual(@"\r2", ReportRoles(userRoles, container));
                    Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container), "membership recomputed on authorization u2");
                }
            }
        }
예제 #21
0
        public void RoleInheritance()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve<Common.ExecutionContext>().NHibernateSession
                    .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role")
                    .ExecuteUpdate();

                // Insert test data:

                var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" };
                var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" };
                var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" };
                var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" };
                var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" };
                var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" };
                var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" };

                var repository = container.Resolve<Common.DomRepository>();
                var roles = container.Resolve<GenericRepository<Common.Role>>();
                var principals = container.Resolve<GenericRepository<Common.Principal>>();
                var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>();

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole { Principal = u2, Role = r25 },
                    new Common.PrincipalHasRole { Principal = u5, Role = r25 } });

                // Modify role inheritance:

                repository.Common.RoleInheritsRole.Insert(new[] { new Common.RoleInheritsRole {
                    UsersFrom = r1, PermissionsFrom = r25 } });

                TestUtility.ShouldFail(() => repository.Common.RoleInheritsRole.Insert(new[] { new Common.RoleInheritsRole {
                    UsersFrom = r25, PermissionsFrom = r2 } }), "UserException",
                    "It is not allowed to add users or user groups here because this role is synchronized with an Active Directory group.",
                    "Please change the user membership on Active Directory instead.");
            }
        }
예제 #22
0
        public void ComputeOnUpdateRole()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve <ISqlExecuter>()
                .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role");

                // Insert test data:

                var u1 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u1"
                };
                var u2 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u2"
                };
                var u3 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u3"
                };
                var u5 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = "u5"
                };
                var r1 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r1"
                };
                var r2 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r2"
                };
                var r25 = new Common.Role {
                    ID = Guid.NewGuid(), Name = "r25"
                };

                var repository = container.Resolve <Common.DomRepository>();
                var roles      = container.Resolve <GenericRepository <Common.Role> >();
                var principals = container.Resolve <GenericRepository <Common.Principal> >();
                var membership = container.Resolve <GenericRepository <Common.PrincipalHasRole> >();

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole {
                        PrincipalID = u2.ID, RoleID = r25.ID
                    },
                    new Common.PrincipalHasRole {
                        PrincipalID = u5.ID, RoleID = r25.ID
                    }
                });

                // Recompute membership on modified role should remove obsolete memebers:

                Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "initial membership");

                r2.Name = _domainPrefix + "r2x";
                roles.Update(r2);
                Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container), "recomputed membership after rename role");

                // New role members will not be added automatically, to avoid performance penalty:
                // (the membership will be added on the principal's authorization check)

                r2.Name = _domainPrefix + "r2";
                roles.Update(r2);
                // This is not reqested feature, this assert simply describes currently implemented behaviour:
                Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container));
            }
        }
예제 #23
0
        public void ComputeOnInsertPrincipal()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve<Common.ExecutionContext>().NHibernateSession
                    .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role")
                    .ExecuteUpdate();

                // Insert test data:

                var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" };
                var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" };
                var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" };
                var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" };
                var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" };
                var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" };
                var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" };

                var repository = container.Resolve<Common.DomRepository>();
                var roles = container.Resolve<GenericRepository<Common.Role>>();
                var principals = container.Resolve<GenericRepository<Common.Principal>>();
                var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>();

                roles.Insert(r1, r2, r25);
                Assert.AreEqual(@"\r1, \r2, r25", ReportRoles(roles.Read()), "roles created");

                principals.Insert(u1, u2, u3, u5);
                Assert.AreEqual(@"\u1, \u2, \u3, u5", ReportPrincipals(principals.Read()), "principals created");

                // Recompute membership on insert domain users:

                Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container), "auto-membership on insert");

                // Inserting non-domain users and roles:

                membership.Insert(new[] {
                    new Common.PrincipalHasRole { Principal = u2, Role = r25 },
                    new Common.PrincipalHasRole { Principal = u5, Role = r25 } },
                    checkUserPermissions: true);
                Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "non-domain users and roles");
            }
        }
예제 #24
0
        public void ComputeOnUpdatePrincipal()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve<Common.ExecutionContext>().NHibernateSession
                    .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role")
                    .ExecuteUpdate();

                // Insert test data:

                var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" };
                var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" };
                var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" };
                var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" };
                var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" };
                var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" };
                var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" };

                var repository = container.Resolve<Common.DomRepository>();
                var roles = container.Resolve<GenericRepository<Common.Role>>();
                var principals = container.Resolve<GenericRepository<Common.Principal>>();
                var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>();

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole { Principal = u2, Role = r25 },
                    new Common.PrincipalHasRole { Principal = u5, Role = r25 } });

                // Recompute membership on update principal (domain users only):

                u2.Name = "u2x";
                principals.Update(u2);
                Assert.AreEqual(@"\u1-\r1, u2x-\r2, u2x-r25, u5-r25", ReportMembership(container), "auto-membership on update ignore non-domain users");
                u2.Name = _domainPrefix + "u2x";
                principals.Update(u2);
                Assert.AreEqual(@"\u1-\r1, \u2x-r25, u5-r25", ReportMembership(container), "auto-membership on update domain users");
                u2.Name = _domainPrefix + "u2";
                principals.Update(u2);
                Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "auto-membership on update domain users 2");
            }
        }
예제 #25
0
        public void CommonFilters()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve <ISqlExecuter>()
                .ExecuteSql("DELETE FROM Common.Principal; DELETE FROM Common.Role");

                // Insert test data:

                var u1 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u1"
                };
                var u2 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u2"
                };
                var u3 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "u3"
                };
                var u5 = new Common.Principal {
                    ID = Guid.NewGuid(), Name = "u5"
                };
                var r1 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r1"
                };
                var r2 = new Common.Role {
                    ID = Guid.NewGuid(), Name = _domainPrefix + "r2"
                };
                var r25 = new Common.Role {
                    ID = Guid.NewGuid(), Name = "r25"
                };

                var repository = container.Resolve <Common.DomRepository>();
                var roles      = container.Resolve <GenericRepository <Common.Role> >();
                var principals = container.Resolve <GenericRepository <Common.Principal> >();
                var membership = repository.Common.PrincipalHasRole;

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole {
                        PrincipalID = u2.ID, RoleID = r25.ID
                    },
                    new Common.PrincipalHasRole {
                        PrincipalID = u5.ID, RoleID = r25.ID
                    }
                });

                // Common filters:

                var filter1 = new Common.ActiveDirectoryAllUsersParameter();
                Assert.AreEqual(@"\u1-\r1, \u2-\r2",
                                ReportMembership(container, filter1),
                                "filter ActiveDirectoryAllUsersParameter");

                var filter2 = new[] { u1.Name, u2.Name }.Select(name => new Common.ActiveDirectoryUserParameter {
                    UserName = name
                }).ToArray();
                Assert.AreEqual(@"\u1-\r1, \u2-\r2",
                                ReportMembership(container, filter2),
                                "filter ActiveDirectoryUserParameter");
            }
        }
예제 #26
0
        public void ComputeOnUpdateRole()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve<Common.ExecutionContext>().NHibernateSession
                    .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role")
                    .ExecuteUpdate();

                // Insert test data:

                var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" };
                var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" };
                var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" };
                var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" };
                var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" };
                var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" };
                var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" };

                var repository = container.Resolve<Common.DomRepository>();
                var roles = container.Resolve<GenericRepository<Common.Role>>();
                var principals = container.Resolve<GenericRepository<Common.Principal>>();
                var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>();

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole { Principal = u2, Role = r25 },
                    new Common.PrincipalHasRole { Principal = u5, Role = r25 } });

                // Recompute membership on modified role should remove obsolete memebers:

                Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "initial membership");

                r2.Name = _domainPrefix + "r2x";
                roles.Update(r2);
                Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container), "recomputed membership after rename role");

                // New role members will not be added automatically, to avoid performance penalty:
                // (the membership will be added on the principal's authorization check)

                r2.Name = _domainPrefix + "r2";
                roles.Update(r2);
                // This is not reqested feature, this assert simply describes currently implemented behaviour:
                Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container));
            }
        }
예제 #27
0
        public void RecomputeMembership()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve<Common.ExecutionContext>().NHibernateSession
                    .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role")
                    .ExecuteUpdate();

                // Insert test data:

                var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" };
                var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" };
                var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" };
                var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" };
                var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" };
                var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" };
                var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" };

                var repository = container.Resolve<Common.DomRepository>();
                var roles = container.Resolve<GenericRepository<Common.Role>>();
                var principals = container.Resolve<GenericRepository<Common.Principal>>();
                var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>();

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole { Principal = u2, Role = r25 },
                    new Common.PrincipalHasRole { Principal = u5, Role = r25 } });

                // Recompute membership relations:

                var u1r1 = membership.Read(m => m.Principal.Name.Contains(@"\u1")).Single();
                membership.Delete(new[] { u1r1 }, checkUserPermissions: false);
                Assert.AreEqual(@"\u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "modified membership");

                repository.Common.PrincipalHasRole.RecomputeFromActiveDirectoryPrincipalHasRole();
                Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "recomputed membership");
            }
        }
예제 #28
0
 public static bool UpdateRole(Common.Role role)
 {
     Business.Role roleController = new Business.Role();
     return(roleController.UpdateRole(role));
 }
예제 #29
0
        public void SystemRoles()
        {
            string testUserName  = "******" + Guid.NewGuid().ToString();
            string allPrincipals = SystemRole.AllPrincipals.ToString();
            string anonymous     = SystemRole.Anonymous.ToString();

            AuthorizationDataCache.ClearCache();

            using (var scope = TestScope.Create())
            {
                var context    = scope.Resolve <Common.ExecutionContext>();
                var repository = context.Repository;

                // Insert test user and roles:

                var testPrincipal = context.InsertPrincipalOrReadId(testUserName);

                var roles = context.Repository.Common.Role;

                if (!roles.Query().Any(r => r.Name == allPrincipals))
                {
                    roles.Insert(new Common.Role {
                        Name = allPrincipals
                    });
                }
                var allPrincipalsRole = roles.Load(r => r.Name == allPrincipals).Single();

                if (!roles.Query().Any(r => r.Name == anonymous))
                {
                    roles.Insert(new Common.Role {
                        Name = anonymous
                    });
                }
                var anonymousRole = roles.Load(r => r.Name == anonymous).Single();

                // Test automatically assigned system roles:

                var authorizationProvider = (CommonAuthorizationProvider)scope.Resolve <IAuthorizationProvider>();
                Func <IPrincipal, string[]> getUserRolesNames = principal =>
                                                                authorizationProvider.GetUsersRoles(principal).Select(id => repository.Common.Role.Load(new[] { id }).Single().Name).ToArray();

                Assert.AreEqual(
                    TestUtility.DumpSorted(new[] { anonymous, allPrincipals }),
                    TestUtility.DumpSorted(getUserRolesNames(testPrincipal)));

                Assert.AreEqual(
                    TestUtility.DumpSorted(new[] { anonymous }),
                    TestUtility.DumpSorted(getUserRolesNames(null)));

                // Test system roles inheritance:

                var allPrincipalsIndirectRole = new Common.Role {
                    Name = "allPrincipalsIndirectRole"
                };
                var anonymousIndirectRole = new Common.Role {
                    Name = "anonymousIndirectRole"
                };
                roles.Insert(allPrincipalsIndirectRole, anonymousIndirectRole);
                repository.Common.RoleInheritsRole.Insert(
                    new Common.RoleInheritsRole {
                    UsersFromID = allPrincipalsRole.ID, PermissionsFromID = allPrincipalsIndirectRole.ID
                },
                    new Common.RoleInheritsRole {
                    UsersFromID = anonymousRole.ID, PermissionsFromID = anonymousIndirectRole.ID
                });

                Assert.AreEqual(
                    TestUtility.DumpSorted(new[] { anonymous, anonymousIndirectRole.Name, allPrincipals, allPrincipalsIndirectRole.Name }),
                    TestUtility.DumpSorted(getUserRolesNames(testPrincipal)));

                Assert.AreEqual(
                    TestUtility.DumpSorted(new[] { anonymous, anonymousIndirectRole.Name }),
                    TestUtility.DumpSorted(getUserRolesNames(null)));

                // Remove the system roles:
                // Considering the naming convention, it should be enough to rename the roles.

                allPrincipalsRole.Name += Guid.NewGuid().ToString();
                anonymousRole.Name     += Guid.NewGuid().ToString();
                repository.Common.Role.Update(allPrincipalsRole, anonymousRole);

                Assert.AreEqual("", TestUtility.DumpSorted(getUserRolesNames(testPrincipal)));
                Assert.AreEqual("", TestUtility.DumpSorted(getUserRolesNames(null)));
            }
        }
예제 #30
0
        public void ComputeOnAuthorization()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve<Common.ExecutionContext>().NHibernateSession
                    .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role")
                    .ExecuteUpdate();

                // Insert test data:

                var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" };
                var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" };
                var u3 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u3" };
                var u5 = new Common.Principal { ID = Guid.NewGuid(), Name = "u5" };
                var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" };
                var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" };
                var r25 = new Common.Role { ID = Guid.NewGuid(), Name = "r25" };

                var repository = container.Resolve<Common.DomRepository>();
                var roles = container.Resolve<GenericRepository<Common.Role>>();
                var principals = container.Resolve<GenericRepository<Common.Principal>>();
                var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>();

                roles.Insert(r1, r2, r25);
                principals.Insert(u1, u2, u3, u5);
                membership.Delete(membership.Read());
                membership.Insert(new[] { // Non-domain users and roles.
                    new Common.PrincipalHasRole { Principal = u2, Role = r25 },
                    new Common.PrincipalHasRole { Principal = u5, Role = r25 } });

                // Recompute membership on authorization:

                var authorizationProvider = container.Resolve<CommonAuthorizationProvider>();

                Assert.AreEqual(@"\u2-r25, u5-r25", ReportMembership(container));

                {
                    var userRoles = authorizationProvider.GetUsersRoles(u1);
                    Assert.AreEqual(@"\r1", ReportRoles(userRoles, container));
                    Assert.AreEqual(@"\u1-\r1, \u2-r25, u5-r25", ReportMembership(container), "membership recomputed on authorization u1");
                }

                {
                    var userRoles = authorizationProvider.GetUsersRoles(u2);
                    Assert.AreEqual(@"\r2, r25", ReportRoles(userRoles, container), "mixed membership");
                    Assert.AreEqual(@"\u1-\r1, \u2-\r2, \u2-r25, u5-r25", ReportMembership(container), "membership recomputed on authorization u2");
                }

                AuthorizationDataCache.ClearCache();
                membership.Delete(membership.Read());
                Assert.AreEqual(@"", ReportMembership(container), "membership deleted");

                {
                    var userRoles = authorizationProvider.GetUsersRoles(u1);
                    Assert.AreEqual(@"\r1", ReportRoles(userRoles, container));
                    Assert.AreEqual(@"\u1-\r1", ReportMembership(container), "membership recomputed on authorization u1");
                }

                {
                    var userRoles = authorizationProvider.GetUsersRoles(u2);
                    Assert.AreEqual(@"\r2", ReportRoles(userRoles, container));
                    Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container), "membership recomputed on authorization u2");
                }
            }
        }
예제 #31
0
        public void UserShouldNotUpdateDomainMembership()
        {
            using (var container = new MockWindowsSecurityRhetosContainer("u1-r1 u1-r12 u2-r12 u2-r2", commitChanges: false))
            {
                container.Resolve<Common.ExecutionContext>().NHibernateSession
                    .CreateSQLQuery("DELETE FROM Common.Principal; DELETE FROM Common.Role")
                    .ExecuteUpdate();

                // Insert test data:

                var u1 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u1" };
                var u2 = new Common.Principal { ID = Guid.NewGuid(), Name = _domainPrefix + "u2" };
                var r1 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r1" };
                var r2 = new Common.Role { ID = Guid.NewGuid(), Name = _domainPrefix + "r2" };

                var repository = container.Resolve<Common.DomRepository>();
                var roles = container.Resolve<GenericRepository<Common.Role>>();
                var principals = container.Resolve<GenericRepository<Common.Principal>>();
                var membership = container.Resolve<GenericRepository<Common.PrincipalHasRole>>();

                roles.Insert(r1, r2);
                principals.Insert(u1, u2);

                // The user should not update domain users/groups membership:

                Assert.AreEqual(@"\u1-\r1, \u2-\r2", ReportMembership(container));

                var u2r2 = membership.Read(m => m.Principal.Name.Contains(@"\u2")).Single();
                membership.Delete(new[] { u2r2 }, checkUserPermissions: false);
                Assert.AreEqual(@"\u1-\r1", ReportMembership(container));

                var u1r1 = membership.Read(m => m.Principal.Name.Contains(@"\u1")).Single();
                TestUtility.ShouldFail(
                    () => membership.Delete(new[] { u1r1 }, checkUserPermissions: true),
                    "It is not allowed to remove the user membership here, because role " + _domainPrefix + "r1 is synchronized with an Active Directory group");
            }
        }