public void Test_WithSecurity_PermissionDeniedOnParent()
{
Tenant tenant = TestHelper.CreateTenant("Tenant", "UID: Tenant");
Group grandParent2 = TestHelper.CreateGroup("Grandparent1", "UID: Grandparent2", null, tenant);
Group grandParent1 = TestHelper.CreateGroup("Grandparent1", "UID: Grandparent1", grandParent2, tenant);
Group parent = TestHelper.CreateGroup("parent1", "UID: parent", grandParent1, tenant);
Group root = TestHelper.CreateGroup("Root", "UID: Root", parent, tenant);
ISecurityProvider securityProviderStub = MockRepository.GenerateStub <ISecurityProvider>();
var grandParent1SecurityContext = ((ISecurityContextFactory)grandParent1).CreateSecurityContext();
securityProviderStub.Stub(
stub => stub.GetAccess(
Arg <ISecurityContext> .Is.NotEqual(grandParent1SecurityContext),
Arg <ISecurityPrincipal> .Is.Anything)).Return(new[] { AccessType.Get(GeneralAccessTypes.Read) });
securityProviderStub.Stub(
stub => stub.GetAccess(
Arg.Is(grandParent1SecurityContext),
Arg <ISecurityPrincipal> .Is.Anything)).Return(new AccessType[0]);
var serviceLocator = DefaultServiceLocator.Create();
serviceLocator.RegisterSingle(() => securityProviderStub);
serviceLocator.RegisterSingle <IPrincipalProvider> (() => new NullPrincipalProvider());
using (new ServiceLocatorScope(serviceLocator))
{
using (ClientTransaction.Current.CreateSubTransaction().EnterDiscardingScope())
{
var groups = root.GetParents().ToArray();
Assert.That(groups, Is.EquivalentTo(new[] { parent }));
}
}
}
public void AccessGranted_PropertyWithDefaultPermission()
{
_securityProviderStub
.Stub(mock => mock.GetAccess(_securityContextStub, _securityPrincipalStub))
.Return(new[] { AccessType.Get(GeneralAccessTypes.Read) });
SecurableObject securableObject;
using (SecurityFreeSection.Activate())
{
securableObject = CreateSecurableObject(_securityContextFactoryStub);
}
Dev.Null = securableObject.PropertyWithDefaultPermission;
}
public void Test_WithPermissionDeniedOnUser()
{
User substitutingUser = CreateUser();
Substitution substitution1 = Substitution.NewObject();
substitution1.SubstitutingUser = substitutingUser;
substitution1.SubstitutedUser = CreateUser();
ISecurityProvider securityProviderStub = MockRepository.GenerateStub <ISecurityProvider> ();
securityProviderStub
.Stub(stub => stub.GetAccess(Arg <SecurityContext> .Is.Anything, Arg <ISecurityPrincipal> .Is.Anything))
.Return(new AccessType[0]);
var serviceLocator = DefaultServiceLocator.Create();
serviceLocator.RegisterSingle(() => securityProviderStub);
serviceLocator.RegisterSingle <IPrincipalProvider> (() => new NullPrincipalProvider());
using (new ServiceLocatorScope(serviceLocator))
{
using (ClientTransaction.Current.CreateSubTransaction().EnterDiscardingScope())
{
ClientTransaction.Current.Extensions.Add(new SecurityClientTransactionExtension());
Assert.That(substitutingUser.GetActiveSubstitutions(), Is.Empty);
}
}
}
public override void SetUp()
{
base.SetUp();
_securityProviderStub = MockRepository.GenerateStub <ISecurityProvider> ();
_securityProviderStub.Stub(stub => stub.IsNull).Return(false);
_securityPrincipalStub = MockRepository.GenerateStub <ISecurityPrincipal> ();
var principalProviderStub = MockRepository.GenerateStub <IPrincipalProvider> ();
principalProviderStub.Stub(stub => stub.GetPrincipal()).Return(_securityPrincipalStub);
_functionalSecurityStrategyStub = MockRepository.GenerateStub <IFunctionalSecurityStrategy> ();
_objectSecurityStrategyStub = MockRepository.GenerateStub <IObjectSecurityStrategy> ();
var serviceLocator = DefaultServiceLocator.Create();
serviceLocator.RegisterSingle(() => _securityProviderStub);
serviceLocator.RegisterSingle(() => principalProviderStub);
serviceLocator.RegisterSingle(() => _functionalSecurityStrategyStub);
serviceLocator.RegisterMultiple <IWebSecurityAdapter>();
serviceLocator.RegisterMultiple <IWxeSecurityAdapter> (() => new WxeSecurityAdapter());
_serviceLocatorScope = new ServiceLocatorScope(serviceLocator);
_testAccessTypeValue = AccessType.Get(TestAccessTypes.Value);
}
public void Test_WithSecurity_PermissionDeniedOnChild()
{
Tenant root = TestHelper.CreateTenant("Root", "UID: Root");
Tenant child1 = TestHelper.CreateTenant("Child1", "UID: Child1");
child1.Parent = root;
Tenant child2 = TestHelper.CreateTenant("Child2", "UID: Child2");
child2.Parent = root;
Tenant child1_1 = TestHelper.CreateTenant("Child1.1", "UID: Child1.1");
child1_1.Parent = child1;
Tenant child2_1 = TestHelper.CreateTenant("Child2.1", "UID: Child2.1");
child2_1.Parent = child2;
ISecurityProvider securityProviderStub = MockRepository.GenerateStub <ISecurityProvider>();
var childOfChild2SecurityContext = ((ISecurityContextFactory)child2_1).CreateSecurityContext();
securityProviderStub.Stub(
stub => stub.GetAccess(
Arg <ISecurityContext> .Is.NotEqual(childOfChild2SecurityContext),
Arg <ISecurityPrincipal> .Is.Anything)).Return(new[] { AccessType.Get(GeneralAccessTypes.Read) });
securityProviderStub.Stub(
stub => stub.GetAccess(
Arg.Is(childOfChild2SecurityContext),
Arg <ISecurityPrincipal> .Is.Anything)).Return(new AccessType[0]);
var serviceLocator = DefaultServiceLocator.Create();
serviceLocator.RegisterSingle(() => securityProviderStub);
serviceLocator.RegisterSingle <IPrincipalProvider> (() => new NullPrincipalProvider());
using (new ServiceLocatorScope(serviceLocator))
{
using (ClientTransaction.Current.CreateSubTransaction().EnterDiscardingScope())
{
ClientTransaction.Current.Extensions.Add(new SecurityClientTransactionExtension());
Assert.That(root.GetHierachy(), Is.EquivalentTo(new[] { root, child1, child2, child1_1 }));
}
}
}
public void Create_WithNullSecurityProvider_ReturnsNullObject()
{
Assert.That(SecurityConfiguration.Current.DisableAccessChecks, Is.False);
_stubSecurityProvider.Stub(_ => _.IsNull).Return(true);
SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
Assert.That(securityClient, Is.SameAs(SecurityClient.Null));
}
public void HasAccess_InstanceMethod()
{
var securityContextStub = MockRepository.GenerateStub <ISecurityContext>();
var securityContextFactoryStub = MockRepository.GenerateStub <ISecurityContextFactory>();
securityContextFactoryStub.Stub(mock => mock.CreateSecurityContext()).Return(securityContextStub);
_securityProviderStub
.Stub(mock => mock.GetAccess(securityContextStub, _securityPrincipalStub))
.Return(new[] { AccessType.Get(GeneralAccessTypes.Delete) });
ISecurableObject securableObject =
new SecurableObject(ObjectSecurityStrategy.Create(securityContextFactoryStub, InvalidationToken.Create()));
var methodInfo = typeof(SecurableObject).GetMethod("Delete", new Type[0]);
var hasMethodAccess = _securityClient.HasMethodAccess(securableObject, methodInfo);
Assert.That(hasMethodAccess, Is.True);
}
public void Test_WithSecurity_PermissionDeniedOnRoot()
{
Tenant root = TestHelper.CreateTenant("Root", "UID: Root");
ISecurityProvider securityProviderStub = MockRepository.GenerateStub <ISecurityProvider>();
securityProviderStub.Stub(
stub => stub.GetAccess(Arg <SecurityContext> .Is.Anything, Arg <ISecurityPrincipal> .Is.Anything)).Return(new AccessType[0]);
var serviceLocator = DefaultServiceLocator.Create();
serviceLocator.RegisterSingle(() => securityProviderStub);
serviceLocator.RegisterSingle <IPrincipalProvider> (() => new NullPrincipalProvider());
using (new ServiceLocatorScope(serviceLocator))
{
using (ClientTransaction.Current.CreateSubTransaction().EnterDiscardingScope())
{
Assert.That(root.GetParents(), Is.Empty);
}
}
}
public void AccessGranted_PropertyWithDefaultPermission_IsReadonly()
{
var securityContextStub = MockRepository.GenerateStub <ISecurityContext>();
var securityContextFactoryStub = MockRepository.GenerateStub <ISecurityContextFactory>();
securityContextFactoryStub.Stub(mock => mock.CreateSecurityContext()).Return(securityContextStub);
_securityProviderStub
.Stub(mock => mock.GetAccess(securityContextStub, _securityPrincipalStub))
.Return(new[] { AccessType.Get(GeneralAccessTypes.Read) });
IBusinessObject bindableSecurableObject;
using (SecurityFreeSection.Activate())
{
bindableSecurableObject = CreateSecurableClassWithProperties(securityContextFactoryStub);
}
var businessObjectClass = bindableSecurableObject.BusinessObjectClass;
var property = businessObjectClass.GetPropertyDefinition("PropertyWithDefaultPermission");
Assert.That(property.IsReadOnly(bindableSecurableObject), Is.True);
}