public void Operation_Deny_Direct_To_User()
{
EngineFactory factory = new EngineFactory();
ISecurityEngine engine = factory.CreateEngine();
ISecurityItem operation1 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation1");
ISecurityItem operation2 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation2");
ISecurityItem task = engine.Store.AddSecurityItem().AddBagItem(Name, "Task");
task.Children.Add(operation1);
task.Children.Add(operation2);
ISecurityItem hasNoAccessFromUserOperation = engine.Store.AddSecurityItem().AddBagItem(Name, "HasNoAccessFromUserOperation");
ISecurityIdentity user = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user");
engine.Store.AccessAuthorize(user, task);
engine.Store.AccessAuthorize(user, operation1).Deny();
ICheckAccessResult operation1AccessResult = engine.CheckAccess(user, operation1);
ICheckAccessResult operation2AccessResult = engine.CheckAccess(user, operation2);
ICheckAccessResult taskAccessResult = engine.CheckAccess(user, task);
ICheckAccessResult hasNoAccessFromUserOperationAccessResult = engine.CheckAccess(user, hasNoAccessFromUserOperation);
Assert.False(operation1AccessResult.HasAccess());
Assert.True(operation2AccessResult.HasAccess());
Assert.True(taskAccessResult.HasAccess());
Assert.False(hasNoAccessFromUserOperationAccessResult.HasAccess());
}
internal static void SaveToken(ISecurityIdentity identity)
{
if (userTokens[identity.UserName] == null)
{
userTokens.Add(identity.UserName, identity.Token);
}
}
private void ParentsChanged(object sender, NotifyCollectionChangedEventArgs e)
{
if (e.Action == NotifyCollectionChangedAction.Add)
{
ISecurityIdentity parent = (ISecurityIdentity)e.NewItems[0];
parent.Children.Add(this);
_store.OnSecurityIdentityRelationAdded(parent, this);
}
if (e.Action == NotifyCollectionChangedAction.Remove)
{
ISecurityIdentity parent = (ISecurityIdentity)e.OldItems[0];
parent.Children.Remove(this);
_store.OnSecurityIdentityRelationRemoved(parent, this);
}
if (e.Action == NotifyCollectionChangedAction.Reset)
{
foreach (ISecurityIdentity parent in e.OldItems)
{
parent.Children.Remove(this);
_store.OnSecurityIdentityRelationRemoved(parent, this);
}
}
}
public void OnSecurityIdentityRelationRemoved(ISecurityIdentity parent, ISecurityIdentity child)
{
if (_ignoreEvents)
{
return;
}
AddNewAction(StorageActionType.Remove, new StorageSecurityIdentityRelation(parent.Id, child.Id));
}
public void OnSecurityIdentityRemoved(ISecurityIdentity securityIdentity)
{
if (_ignoreEvents)
{
return;
}
AddNewAction(StorageActionType.Remove, new StorageSecurityIdentity(securityIdentity.Id));
}
public IEnumerable <IAuthorization> GetSecurityIdentityAuthorizations(ISecurityIdentity securityIdentity)
{
if (_securityIdentityAuthorizations.TryGetValue(securityIdentity,
out HashSet <IAuthorization> authorizations))
{
return(authorizations);
}
return(Enumerable.Empty <IAuthorization>());
}
// TODO: Here is where you would validate the username and password.
private static bool CheckPassword(string username, string password)
{
bool succeded = false;
if (HttpContext.Current.User != null)
{
ISecurityIdentity identity = (ISecurityIdentity)HttpContext.Current.User;
//succeded = (username == identity.UserName && password == identity.Token);
succeded = userTokens[username] == password;
}
return(succeded);
}
public ISecurityIdentityAuthorizer CreateCache(ISecurityIdentity securityIdentity)
{
lock (this)
{
if (!_securityIdentitiesCache.TryGetValue(securityIdentity, out ISecurityIdentityAuthorizer result))
{
result = new SecurityIdentityAuthorizer(securityIdentity, this, this);
_securityIdentitiesCache[securityIdentity] = result;
}
return(result);
}
}
private static IEnumerable <ISecurityIdentity> InternalGetAllAncestors(this ISecurityIdentity securityIdentity)
{
foreach (ISecurityIdentity securityIdentityParent in securityIdentity.Parents)
{
yield return(securityIdentityParent);
foreach (ISecurityIdentity parentOfParent in securityIdentityParent.InternalGetAllAncestors())
{
yield return(parentOfParent);
}
}
}
public void Add_SecurityIdentity_Bag()
{
EngineFactory factory = new EngineFactory();
ISecurityEngine engine = factory.CreateEngine();
TestSecurityStorage securityStorage = new TestSecurityStorage();
engine.Store.AttachToStorage(securityStorage);
ISecurityIdentity securityIdentity = engine.Store.AddSecurityIdentity("AC2ECB1E-AFE1-46EA-B9A7-F1593E2C92C6");
securityIdentity.Bag["Name"] = "Test";
Assert.Contains("AC2ECB1E-AFE1-46EA-B9A7-F1593E2C92C6", securityStorage.StorageEntities.Keys);
}
public void Add_SecurityIdentity_Relation()
{
EngineFactory factory = new EngineFactory();
ISecurityEngine engine = factory.CreateEngine();
TestSecurityStorage securityStorage = new TestSecurityStorage();
engine.Store.AttachToStorage(securityStorage);
ISecurityIdentity parentSecurityIdentity = engine.Store.AddSecurityIdentity("77A018B1-EC20-41F1-951D-549193486D4B");
ISecurityIdentity childSecurityIdentity = engine.Store.AddSecurityIdentity("4B64042A-B5DE-4BDF-8A5D-60112F65275B");
parentSecurityIdentity.Children.Add(childSecurityIdentity);
Assert.Contains("77A018B1-EC20-41F1-951D-549193486D4B_4B64042A-B5DE-4BDF-8A5D-60112F65275B", securityStorage.StorageEntities.Keys);
}
public void Operation_Access_Operation_Direct_To_User()
{
EngineFactory factory = new EngineFactory();
ISecurityEngine engine = factory.CreateEngine();
ISecurityItem operation = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation");
ISecurityItem hasNoAccessFromUserOperation = engine.Store.AddSecurityItem().AddBagItem(Name, "HasNoAccessFromUserOperation");
ISecurityIdentity user = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user");
engine.Store.AccessAuthorize(user, operation);
ICheckAccessResult operationAccessResult = engine.CheckAccess(user, operation);
ICheckAccessResult hasNoAccessFromUserOperationAccessResult = engine.CheckAccess(user, hasNoAccessFromUserOperation);
Assert.True(operationAccessResult.HasAccess());
Assert.False(hasNoAccessFromUserOperationAccessResult.HasAccess());
}
public void Engine_Instantiate()
{
EngineFactory factory = new EngineFactory();
ISecurityEngine engine = factory.CreateEngine();
ISecurityItem operation1 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation1");
ISecurityItem operation2 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation2");
ISecurityItem task = engine.Store.AddSecurityItem().AddBagItem(Name, "Task");
task.Children.Add(operation1);
task.Children.Add(operation2);
ISecurityIdentity user1 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user1");
ISecurityIdentity user2 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user2");
ISecurityIdentity group = engine.Store.AddSecurityIdentity().AddBagItem(Name, "group");
group.Children.Add(user1);
group.Children.Add(user2);
IAccessAuthorization user1ToOperationAccessAuthorization = engine.Store.AccessAuthorize(user1, operation1);
}
public void Operation_Access_To_Group()
{
EngineFactory factory = new EngineFactory();
ISecurityEngine engine = factory.CreateEngine();
ISecurityItem operation = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation");
ISecurityIdentity user1 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user1");
ISecurityIdentity user2 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user2");
ISecurityIdentity adminGroup = engine.Store.AddSecurityIdentity().AddBagItem(Name, "adminGroup");
adminGroup.Children.Add(user1);
engine.Store.AccessAuthorize(adminGroup, operation);
ICheckAccessResult user1AccessResult = engine.CheckAccess(user1, operation);
ICheckAccessResult user2AccessResult = engine.CheckAccess(user2, operation);
Assert.True(user1AccessResult.HasAccess());
Assert.False(user2AccessResult.HasAccess());
}
private void ChildrenChanged(object sender, NotifyCollectionChangedEventArgs e)
{
if (e.Action == NotifyCollectionChangedAction.Add)
{
ISecurityIdentity child = (ISecurityIdentity)e.NewItems[0];
child.Parents.Add(this);
}
if (e.Action == NotifyCollectionChangedAction.Remove)
{
ISecurityIdentity child = (ISecurityIdentity)e.OldItems[0];
child.Parents.Remove(this);
}
if (e.Action == NotifyCollectionChangedAction.Reset)
{
foreach (ISecurityIdentity child in e.OldItems)
{
child.Parents.Remove(this);
}
}
}
public IConditionResult GetConditions(ISecurityIdentity securityIdentity, ISecurityItem securityItem)
{
ISecurityIdentityAuthorizer securityIdentityAuthorizer = CreateCache(securityIdentity);
return(securityIdentityAuthorizer.GetConditions(securityItem));
}
public ICheckAccessResult CheckAccess(ISecurityIdentity securityIdentity, ISecurityItem securityItem)
{
ISecurityIdentityAuthorizer securityIdentityAuthorizer = CreateCache(securityIdentity);
return(securityIdentityAuthorizer.CheckAccess(securityItem));
}
public void OnSecurityIdentityRelationRemoved(ISecurityIdentity parent, ISecurityIdentity child)
{
_storageSynchronizer?.OnSecurityIdentityRelationRemoved(parent, child);
}
public SecurityIdentityAuthorizer(ISecurityIdentity securityIdentity, ISecurityIdentityAuthorizerFactory securityIdentityAuthorizerFactory, ISecurityItemAuthorizationsResolverFactory securityItemAuthorizationsResolverFactory)
{
_securityIdentity = securityIdentity;
_securityIdentityAuthorizerFactory = securityIdentityAuthorizerFactory;
_securityItemAuthorizationsResolverFactory = securityItemAuthorizationsResolverFactory;
}
private void OnSecurityIdentityRemoved(ISecurityIdentity securityIdentity)
{
_storageSynchronizer?.OnSecurityIdentityRemoved(securityIdentity);
}
public static IEnumerable <ISecurityIdentity> GetAllAncestors(this ISecurityIdentity securityIdentity)
{
return(InternalGetAllAncestors(securityIdentity).Distinct());
}
public static IConditionalAuthorization ConditionalAuthorize(this ISecurityStore store, ISecurityIdentity securityIdentity, ISecurityItem securityItem, string id = null)
{
if (string.IsNullOrEmpty(id))
{
id = Guid.NewGuid().ToString();
}
SecurityStore securityStore = (SecurityStore)store;
ConditionalAuthorization conditionalAuthorization = new ConditionalAuthorization((SecurityStore)store, id)
{
SecurityIdentity = securityIdentity, SecurityItem = securityItem
};
securityStore.Authorizations.Add(conditionalAuthorization);
return(conditionalAuthorization);
}
