private void AssertAuthorized(RequiresRolesAttribute attribute) { var roleIds = attribute.Roles; if (roleIds == null || roleIds.Length == 0) { return; } var subject = GetSubject(); if (roleIds.Length == 1) { var roleId = roleIds[0]; if (!subject.HasRole(roleId)) { throw new UnauthorizedException( string.Format("Calling Subject does not have required role [{0}]. Access denied.", roleId)); } } else if (!subject.HasAllRoles(roleIds)) { throw new UnauthorizedException( string.Format("Calling subject does not have all required roles [{0}]. Access denied.", roleIds)); } }
public void RequiresRoles_UserWitAllRoles_ReturnsContinue() { var attr = new RequiresRolesAttribute("a", "b"); var user = UserSetup.GetUser("a", "b"); var httpContext = new Fakes.FakeHttpContext(); httpContext.User = user; var shouldContinue = attr.ShouldContinue(httpContext); Assert.True(shouldContinue.ShouldContinue); }
public void RequiresRoles_UnauthenticatedUser_ReturnsUnauthenticated() { var attr = new RequiresRolesAttribute("a", "b"); var user = new ClaimsPrincipal(); var httpContext = new Fakes.FakeHttpContext(); httpContext.User = user; var shouldContinue = attr.ShouldContinue(httpContext); Assert.False(shouldContinue.ShouldContinue); Assert.Equal(ApiFilterRunResult.Unauthenticated.SetResponseCode, shouldContinue.SetResponseCode); }
public void RequiresRoles_UserWitSomeRoles_ReturnsUnauthorized() { var attr = new RequiresRolesAttribute("a", "b"); var user = UserSetup.GetUser("a"); var httpContext = new Fakes.FakeHttpContext(); httpContext.User = user; var shouldContinue = attr.ShouldContinue(httpContext); Assert.False(shouldContinue.ShouldContinue); Assert.Equal(ApiFilterRunResult.Unauthorized.SetResponseCode, shouldContinue.SetResponseCode); }
public void RequiresRoles_RolesContainsWhiteSpaceString_ThrowsException() { bool error = false; try { var a = new RequiresRolesAttribute("a", " "); } catch (ArgumentException) { error = true; } Assert.True(error); }
public void RequiresRoles_RolesAreEmptyArray_ThrowsException() { bool error = false; try { var a = new RequiresRolesAttribute(); } catch (ArgumentException) { error = true; } Assert.True(error); }
public void RequiresRoles_NullRoles_ThrowsException() { bool error = false; try { var a = new RequiresRolesAttribute(null); } catch (ArgumentNullException) { error = true; } Assert.True(error); }