예제 #1
0
        public async Task <IActionResult> UpdateRolePermissionAsync([FromBody] UpdateRolePermissionViewModel model_)
        {
            string roleId = (await _roleManager.FindByNameAsync(model_.RoleName)).Id;

            Enum.TryParse(model_.PermissionValue, true, out Permission permissionEnumValue);

            if (model_.Extension == Constants.SoftinuxBaseSecurity && permissionEnumValue != Permission.Admin)
            {
                if (await ReadGrants.IsRoleLastAdminPermissionLevelGrantForExtensionAsync(_roleManager, Storage, model_.RoleName, model_.Extension))
                {
                    return(StatusCode((int)HttpStatusCode.BadRequest, "Permission not updated, the role is the last Admin grant to SoftinuxBase.Security extension"));
                }
            }

            IRolePermissionRepository repo = Storage.GetRepository <IRolePermissionRepository>();

            repo.Delete(roleId, model_.Extension);

            var permissionEntity = Storage.GetRepository <IPermissionRepository>().Find(permissionEnumValue);

            repo.Create(new RolePermission {
                RoleId = roleId, PermissionId = permissionEntity.Id, Extension = model_.Extension
            });

            await Storage.SaveAsync();

            return(StatusCode((int)HttpStatusCode.OK));
        }
예제 #2
0
        public async Task IsRoleLastAdminPermissionLevelGrantForExtension_Yes_StillAnotherRoleButWithoutUsersForThisExtensionAsync()
        {
            var rolePermRepo = DatabaseFixture.Storage.GetRepository <IRolePermissionRepository>();
            var permRepo     = DatabaseFixture.Storage.GetRepository <IPermissionRepository>();

            string roleName       = Guid.NewGuid().ToString();
            string secondRoleName = Guid.NewGuid().ToString();
            string extensionName  = Guid.NewGuid().ToString();

            IdentityRole <string> role       = null;
            IdentityRole <string> secondRole = null;

            try
            {
                // Arrange
                // 1. Create a test role
                await CreateRoleIfNotExistingAsync(roleName);

                // 2. Read role to get its ID
                role = await DatabaseFixture.RoleManager.FindByNameAsync(roleName);

                // 3. Read permissions to get their IDs
                string adminPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Admin.GetPermissionName())?.Id;

                // 4. Associate the role to an extension
                RolePermission rolePermission = new RolePermission {
                    Extension = extensionName, PermissionId = adminPermissionId, RoleId = role.Id
                };
                rolePermRepo.Create(rolePermission);
                await DatabaseFixture.Storage.SaveAsync();

                // 5. Create a second role
                await CreateRoleIfNotExistingAsync(secondRoleName);

                // 6. Read second role to get its ID
                secondRole = await DatabaseFixture.RoleManager.FindByNameAsync(secondRoleName);

                // 7. Associate the second role to the extension
                rolePermission = new RolePermission {
                    Extension = extensionName, PermissionId = adminPermissionId, RoleId = secondRole.Id
                };
                rolePermRepo.Create(rolePermission);
                await DatabaseFixture.Storage.SaveAsync();

                // Act
                bool isLast = await ReadGrants.IsRoleLastAdminPermissionLevelGrantForExtensionAsync(DatabaseFixture.RoleManager, DatabaseFixture.Storage, roleName, extensionName);

                // Assert
                Assert.True(isLast);
            }
            finally
            {
                // Cleanup

                // 1. Delete the RolePermission
                rolePermRepo.Delete(role?.Id, extensionName);
                rolePermRepo.Delete(secondRole?.Id, extensionName);

                // 2. Delete the Role
                await DatabaseFixture.RoleManager.DeleteAsync(role);

                await DatabaseFixture.RoleManager.DeleteAsync(secondRole);
            }
        }
예제 #3
0
        public async Task IsRoleLastAdminPermissionLevelGrantForExtension_Yes_NoAnotherRoleWithAdminPermissionWithUsersForThisExtensionAsync()
        {
            var rolePermRepo = DatabaseFixture.Storage.GetRepository <IRolePermissionRepository>();
            var permRepo     = DatabaseFixture.Storage.GetRepository <IPermissionRepository>();
            var userPermRepo = DatabaseFixture.Storage.GetRepository <IUserPermissionRepository>();

            string adminPermissionId = null;
            string roleName          = Guid.NewGuid().ToString();
            string secondRoleName    = Guid.NewGuid().ToString();
            string extensionName     = Guid.NewGuid().ToString();
            string userName          = Guid.NewGuid().ToString();

            IdentityRole <string> role       = null;
            IdentityRole <string> secondRole = null;
            User user = null;

            try
            {
                // Arrange
                // 1. Create a test role
                await CreateRoleIfNotExistingAsync(roleName);

                // 2. Read role to get its ID
                role = await DatabaseFixture.RoleManager.FindByNameAsync(roleName);

                // 3. Read permissions to get their IDs
                adminPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Admin.GetPermissionName())?.Id;
                string writePermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Write.GetPermissionName())?.Id;

                // 4. Associate the role to an extension
                RolePermission rolePermission = new RolePermission {
                    Extension = extensionName, PermissionId = adminPermissionId, RoleId = role.Id
                };
                rolePermRepo.Create(rolePermission);
                await DatabaseFixture.Storage.SaveAsync();

                // 5. Create a second role
                await CreateRoleIfNotExistingAsync(secondRoleName);

                // 6. Read second role to get its ID
                secondRole = await DatabaseFixture.RoleManager.FindByNameAsync(secondRoleName);

                // 7. Create an user
                user = await CreateUserAsync(userName);

                // 8. Associate the second role to the user
                Assert.True((await DatabaseFixture.UserManager.AddToRoleAsync(user, secondRoleName)).Succeeded);

                // 9. Associate the second role to the extension
                rolePermission = new RolePermission {
                    Extension = extensionName, PermissionId = writePermissionId, RoleId = secondRole.Id
                };
                rolePermRepo.Create(rolePermission);
                await DatabaseFixture.Storage.SaveAsync();

                // Act
                bool isLast = await ReadGrants.IsRoleLastAdminPermissionLevelGrantForExtensionAsync(DatabaseFixture.RoleManager, DatabaseFixture.Storage, roleName, extensionName);

                // Assert
                Assert.True(isLast);
            }
            finally
            {
                // Cleanup
                // 1. Delete the UserPermission
                userPermRepo.Delete(user?.Id, adminPermissionId);

                // 2. Delete the RolePermission
                rolePermRepo.Delete(role?.Id, extensionName);
                rolePermRepo.Delete(secondRole?.Id, extensionName);

                // 2b. Delete the UserRole
                await DatabaseFixture.UserManager.RemoveFromRoleAsync(user, secondRoleName);

                // 3. Delete the User
                await DatabaseFixture.UserManager.DeleteAsync(user);

                // 4. Delete the Role
                await DatabaseFixture.RoleManager.DeleteAsync(role);

                await DatabaseFixture.RoleManager.DeleteAsync(secondRole);
            }
        }
예제 #4
0
        public async Task IsRoleLastAdminPermissionLevelGrantForExtension_No_StillAnUserWithAdminPermissionLevelForThisExtensionAsync()
        {
            var rolePermRepo = DatabaseFixture.Storage.GetRepository <IRolePermissionRepository>();
            var permRepo     = DatabaseFixture.Storage.GetRepository <IPermissionRepository>();
            var userPermRepo = DatabaseFixture.Storage.GetRepository <IUserPermissionRepository>();

            string adminPermissionId = null;
            string roleName          = Guid.NewGuid().ToString();
            string extensionName     = Guid.NewGuid().ToString();
            string userName          = Guid.NewGuid().ToString();

            IdentityRole <string> role = null;
            User user = null;

            try
            {
                // Arrange
                // 1. Create a test role
                await CreateRoleIfNotExistingAsync(roleName);

                // 2. Read role to get its ID
                role = await DatabaseFixture.RoleManager.FindByNameAsync(roleName);

                // 3. Read permissions to get their IDs
                adminPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Admin.GetPermissionName())?.Id;

                // 4. Associate the role to an extension
                RolePermission rolePermission = new RolePermission {
                    Extension = extensionName, PermissionId = adminPermissionId, RoleId = role.Id
                };
                rolePermRepo.Create(rolePermission);
                await DatabaseFixture.Storage.SaveAsync();

                // 5. Create an user
                user = await CreateUserAsync(userName);

                // 6. Associate the user to the extension
                UserPermission userPermission = new UserPermission {
                    Extension = extensionName, PermissionId = adminPermissionId, UserId = user.Id
                };
                userPermRepo.Create(userPermission);
                await DatabaseFixture.Storage.SaveAsync();

                // Act
                bool isLast = await ReadGrants.IsRoleLastAdminPermissionLevelGrantForExtensionAsync(DatabaseFixture.RoleManager, DatabaseFixture.Storage, roleName, extensionName);

                // Assert
                Assert.False(isLast);
            }
            finally
            {
                // Cleanup
                // 1. Delete the UserPermission
                userPermRepo.Delete(user?.Id, adminPermissionId);

                // 2. Delete the RolePermission
                rolePermRepo.Delete(role?.Id, extensionName);

                // 3. Delete the User
                await DatabaseFixture.UserManager.DeleteAsync(user);

                // 4. Delete the Role
                await DatabaseFixture.RoleManager.DeleteAsync(role);
            }
        }