public void SimpleRowPermissionRules() { InsertCurrentPrincipal(); // Not related to row permissions. // Insert the test data (server code bypasses row permissions): using (var scope = TestScope.Create()) { var repository = scope.Resolve <Common.DomRepository>(); var context = scope.Resolve <Common.ExecutionContext>(); repository.DemoRowPermissions1.Document.Delete(repository.DemoRowPermissions1.Document.Query()); repository.DemoRowPermissions1.Employee.Delete(repository.DemoRowPermissions1.Employee.Query()); repository.DemoRowPermissions1.Division.Delete(repository.DemoRowPermissions1.Division.Query()); var div1 = new DemoRowPermissions1.Division { Name = "div1" }; var div2 = new DemoRowPermissions1.Division { Name = "div2" }; repository.DemoRowPermissions1.Division.Insert(new[] { div1, div2 }); // The current user: var emp1 = new DemoRowPermissions1.Employee { UserName = context.UserInfo.UserName, DivisionID = div1.ID }; repository.DemoRowPermissions1.Employee.Insert(new[] { emp1 }); // The user can access doc1, because it's in the same division: var doc1 = new DemoRowPermissions1.Document { Title = "doc1", DivisionID = div1.ID }; // The user cannot access doc2: var doc2 = new DemoRowPermissions1.Document { Title = "doc2", DivisionID = div2.ID }; repository.DemoRowPermissions1.Document.Insert(new[] { doc1, doc2 }); scope.CommitAndClose(); } // Simulate client request: Reading all documents (access denied) using (var scope = TestScope.Create(builder => builder.ConfigureIgnoreClaims())) { var processingEngine = scope.Resolve <IProcessingEngine>(); var serverCommand = new ReadCommandInfo { DataSource = typeof(DemoRowPermissions1.Document).FullName, ReadRecords = true }; var serverResponse = processingEngine.Execute(new[] { serverCommand }); var report = GenerateReport(serverResponse); Console.WriteLine("Server response: " + report); Assert.IsTrue(report.Contains("You are not authorized")); } // Simulate client request: Reading the user's documents using (var scope = TestScope.Create(builder => builder.ConfigureIgnoreClaims())) { var processingEngine = scope.Resolve <IProcessingEngine>(); var serverCommand = new ReadCommandInfo { DataSource = typeof(DemoRowPermissions1.Document).FullName, ReadRecords = true, Filters = new[] { new FilterCriteria(typeof(Common.RowPermissionsReadItems)) } }; var serverResponse = processingEngine.Execute(new[] { serverCommand }); var report = GenerateReport(serverResponse); Console.WriteLine("Server response: " + report); Assert.AreEqual("doc1", report); } }
public void SimpleRowPermissionRules() { InsertCurrentPrincipal(); // Not related to row permissions. // Insert the test data (server code bypasses row permissions): using (var container = new RhetosTestContainer(commitChanges: true)) { var repository = container.Resolve<Common.DomRepository>(); var context = container.Resolve<Common.ExecutionContext>(); repository.DemoRowPermissions1.Document.Delete(repository.DemoRowPermissions1.Document.All()); repository.DemoRowPermissions1.Employee.Delete(repository.DemoRowPermissions1.Employee.All()); repository.DemoRowPermissions1.Division.Delete(repository.DemoRowPermissions1.Division.All()); var div1 = new DemoRowPermissions1.Division { Name = "div1" }; var div2 = new DemoRowPermissions1.Division { Name = "div2" }; repository.DemoRowPermissions1.Division.Insert(new[] { div1, div2 }); // The current user: var emp1 = new DemoRowPermissions1.Employee { UserName = context.UserInfo.UserName, DivisionID = div1.ID }; repository.DemoRowPermissions1.Employee.Insert(new[] { emp1 }); // The user can access doc1, because it's in the same division: var doc1 = new DemoRowPermissions1.Document { Title = "doc1", DivisionID = div1.ID }; // The user cannot access doc2: var doc2 = new DemoRowPermissions1.Document { Title = "doc2", DivisionID = div2.ID }; repository.DemoRowPermissions1.Document.Insert(new[] { doc1, doc2 }); } // Simulate client request: Reading all documents (access denied) using (var container = new RhetosTestContainer()) { container.AddIgnoreClaims(); var processingEngine = container.Resolve<IProcessingEngine>(); var serverCommand = new ReadCommandInfo { DataSource = typeof(DemoRowPermissions1.Document).FullName, ReadRecords = true }; var serverResponse = processingEngine.Execute(new[] { serverCommand }); var report = GenerateReport(serverResponse); Console.WriteLine("Server response: " + report); Assert.IsTrue(report.Contains("You are not authorized")); } // Simulate client request: Reading the user's documents using (var container = new RhetosTestContainer()) { container.AddIgnoreClaims(); var processingEngine = container.Resolve<IProcessingEngine>(); var serverCommand = new ReadCommandInfo { DataSource = typeof(DemoRowPermissions1.Document).FullName, ReadRecords = true, Filters = new[] { new FilterCriteria(typeof(Common.RowPermissionsReadItems)) } }; var serverResponse = processingEngine.Execute(new[] { serverCommand }); var report = GenerateReport(serverResponse); Console.WriteLine("Server response: " + report); Assert.AreEqual("doc1", report); } }