public void PermissionInvalid(PermissionValidationRequest request) { // Arrange var validator = GetValidator(); // Act var result = validator.Validate(request); // Assert result.IsValid.Should().Be(PermissionsValid.False); }
public PermissionValidationResponse Validate(PermissionValidationRequest request) { var allowedResources = new List <CRN>(); var deniedResources = new List <CRN>(); var requestedResources = this.resourceFinder.Find(request.Resource).ToList(); if (!Validator.TryValidate(() => ValidateResources(requestedResources, request), out var resourceValidationResult)) { return(PermissionValidationResponse.InvalidFromResourceValidation(request, resourceValidationResult)); } var issuedGrants = this.permissionGrantFinder.Find(request.Principal, request.Schema); foreach (var g in issuedGrants) { // apply policy at ticket issue time if (!this.policyApplicator.IsGrantValid(g)) { continue; } var grantedResources = this.resourceFinder.Find(g.Resource); var intersection = grantedResources.Intersect(requestedResources); var preValidationDeniedResources = requestedResources.Where(r => !intersection.Contains(r)).Select(r => r.Identifier).ToList(); foreach (var validResource in intersection) { Validator.TryValidate( () => this.resourceValidator.Validate(validResource.Identifier, request.Action), out var result); var resourceActionAllowed = g.Actions.Contains(request.Action); if (!resourceActionAllowed || !result.IsValid) { deniedResources.Add(validResource.Identifier); continue; } allowedResources.Add(validResource.Identifier); } if (preValidationDeniedResources.Any()) { deniedResources.AddRange(preValidationDeniedResources); } } allowedResources = allowedResources.Distinct().ToList(); deniedResources = deniedResources.Distinct().ToList(); return(PermissionValidationResponse.From(request, allowedResources, deniedResources)); }