public void TestSimpleAuthorization()
{
using (new ObjectCacheScope(SetupSimpleData()))
{
IAuthorizationProvider provider = Afcas.GetAuthorizationProvider();
Principal G = ObjectCache.Current.Get <Principal>("G");
Principal G2 = ObjectCache.Current.Get <Principal>("G2");
Principal U1 = ObjectCache.Current.Get <Principal>("U1");
Operation O = ObjectCache.Current.Get <Operation>("O");
Operation O3 = ObjectCache.Current.Get <Operation>("O3");
SampleResource R = SampleResource.GetOrCreateSampleResource("R");
SampleResource R2 = SampleResource.GetOrCreateSampleResource("R2");
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
Assert.That(provider.IsAuthorized(G.Key, O.Key, resFac.GenerateResourceHandle(R)),
"authorization must exist");
Assert.That(provider.IsAuthorized(G2.Key, O3.Key, resFac.GenerateResourceHandle(R2)),
"authorization must exist");
Assert.That(provider.IsAuthorized(U1.Key, O3.Key, resFac.GenerateResourceHandle(R2)),
"authorization must exist");
}
}
public static void RegisterHandleFactory(ResourceHandleFactory factory)
{
lock ( SyncRoot ) {
if (_FactoryList.ContainsKey(factory.ResourceType))
{
throw new ArgumentException(factory.ResourceType + " already have a registered ResourceHandleFactory");
}
_FactoryList.Add(factory.ResourceType, factory);
}
}
private static ObjectCache SetupSimpleData()
{
DBHelper.ExecuteNonQuery("Test_DeleteAllData");
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
ObjectCache.PushCurrent(new ObjectCache());
Principal G = Principal.CreatePrincipal("G", "G", PrincipalType.Group, "");
Principal G1 = Principal.CreatePrincipal("G1", "G1", PrincipalType.Group, "");
Principal G2 = Principal.CreatePrincipal("G2", "G2", PrincipalType.Group, "");
Principal U1 = Principal.CreatePrincipal("U1", "U1", PrincipalType.User, "");
Operation O = Operation.CreateOperation("O", "O");
Operation O1 = Operation.CreateOperation("O1", "O2");
Operation O2 = Operation.CreateOperation("O2", "O2");
Operation O3 = Operation.CreateOperation("O3", "O3");
manager.AddOrUpdate(G, "");
manager.AddOrUpdate(G1, "");
manager.AddOrUpdate(G2, "");
manager.AddOrUpdate(U1, "");
manager.AddOrUpdate(O);
manager.AddOrUpdate(O1);
manager.AddOrUpdate(O2);
manager.AddOrUpdate(O3);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
ResourceHandle R = resFac.GenerateResourceHandleByKey("R");
ResourceHandle R1 = resFac.GenerateResourceHandleByKey("R1");
ResourceHandle R2 = resFac.GenerateResourceHandleByKey("R2");
manager.AddAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(U1.Key, O.Key, R, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(U1.Key, O1.Key, R1, ResourceAccessPredicateType.Grant);
manager.AddGroupMember(G, G1);
manager.AddGroupMember(G, G2);
manager.AddGroupMember(G, U1);
manager.AddSubOperation(O, O1);
manager.AddSubOperation(O, O2);
manager.AddSubOperation(O, O3);
manager.AddSubResource(R, R1);
manager.AddSubResource(R, R2);
return(ObjectCache.Current);
}
public async Task WhenRemovingAccessPredicate_TracksChanges()
{
DBHelper.ExecuteNonQuery("Test_DeleteAllData");
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
ObjectCache.PushCurrent(new ObjectCache());
Principal G = Principal.CreatePrincipal("G", "G", PrincipalType.Group, "");
Principal U1 = Principal.CreatePrincipal("U1", "U1", PrincipalType.User, "");
Operation O = Operation.CreateOperation("O", "O");
manager.AddOrUpdate(G, "");
manager.AddOrUpdate(U1, "");
manager.AddOrUpdate(O);
manager.AddGroupMember(G, U1);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
ResourceHandle R = resFac.GenerateResourceHandleByKey("R");
ResourceHandle R1 = resFac.GenerateResourceHandleByKey("R1");
ResourceHandle R21 = resFac.GenerateResourceHandleByKey("R2.1");
manager.AddSubResource(R, R1);
manager.AddSubResource(R1, R21);
manager.AddAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant);
Assert.IsTrue(manager.IsAuthorized(U1.Key, O.Key, R));
Assert.IsTrue(manager.IsAuthorized(G.Key, O.Key, R));
var rows = GetAuthRows();
var lastChange = rows.Max(r => r.Modified);
// Act
await Task.Delay(250);
manager.RemoveAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant);
var rows2 = GetAuthRows().Where(r => r.PrincipalId == "U1" && r.ResourceId == R21.AfcasKey && r.Deleted == new DateTime(1753, 01, 01, 0, 0, 0, DateTimeKind.Utc)).ToList();
var deletedRows = GetDeletedAuthRows(lastChange).Where(r => r.PrincipalId == "U1" && r.ResourceId == R21.AfcasKey).ToList();
var dr = GetDeletedAuthRows();
// Assert
Assert.AreEqual(0, rows2.Count, "should have lost permission");
Assert.AreEqual(1, deletedRows.Count);
Assert.GreaterOrEqual(deletedRows[0].Deleted, lastChange, "deletion must have happened after last change!");
}
public async Task WhenAddingUserToGroup_OfGroup_TracksChanges()
{
DBHelper.ExecuteNonQuery("Test_DeleteAllData");
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
ObjectCache.PushCurrent(new ObjectCache());
Principal G = Principal.CreatePrincipal("G", "G", PrincipalType.Group, "");
Principal G1 = Principal.CreatePrincipal("G1", "G1", PrincipalType.Group, "");
Principal U1 = Principal.CreatePrincipal("U1", "U1", PrincipalType.User, "");
Operation O = Operation.CreateOperation("O", "O");
manager.AddOrUpdate(G, "");
manager.AddOrUpdate(G1, "");
manager.AddOrUpdate(U1, "");
manager.AddOrUpdate(O);
manager.AddGroupMember(G1, U1);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
ResourceHandle R = resFac.GenerateResourceHandleByKey("R");
ResourceHandle R1 = resFac.GenerateResourceHandleByKey("R1");
ResourceHandle R2 = resFac.GenerateResourceHandleByKey("R2");
manager.AddAccessPredicate(G.Key, O.Key, R, ResourceAccessPredicateType.Grant);
Assert.IsFalse(manager.IsAuthorized(U1.Key, O.Key, R));
Assert.IsTrue(manager.IsAuthorized(G.Key, O.Key, R));
var rows = GetAuthRows();
//manager.AddSubResource(R, R1);
//manager.AddSubResource(R, R2);
var lastChange = rows.Max(r => r.Modified);
// Act
manager.AddGroupMember(G, G1);
var rows2 = GetAuthRows(lastChange).Where(r => r.PrincipalId == "U1").ToList();
var max2 = rows2.Max(r => r.Modified);
// Assert
//Assert.IsTrue(manager.IsAuthorized(U1.Key, O.Key, R));
Assert.GreaterOrEqual(max2, lastChange, $"{lastChange} should be lower!");
}
public void TestOffline()
{
using (new ObjectCacheScope(SetupSimpleData()))
{
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
manager.GetOperationList();
Principal U1 = ObjectCache.Current.Get <Principal>("U1");
IList <Operation> ol = manager.GetAuthorizedOperations(U1.Key, NullResource.Instance);
Assert.AreEqual(0, ol.Count);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
SampleResource R = SampleResource.GetOrCreateSampleResource("R");
ol = manager.GetAuthorizedOperations(U1.Key, resFac.GenerateResourceHandle(R));
Assert.AreEqual(4, ol.Count);
IList <ResourceAccessPredicate> acl = manager.GetAuthorizationDigest(U1.Key);
Assert.AreEqual(12, acl.Count);
}
}
public void TestSimpleHierarchy()
{
using (new ObjectCacheScope(SetupSimpleData()))
{
IAuthorizationProvider provider = Afcas.GetAuthorizationProvider();
Principal G = ObjectCache.Current.Get <Principal>("G");
Principal G1 = ObjectCache.Current.Get <Principal>("G1");
Operation O = ObjectCache.Current.Get <Operation>("O");
Operation O3 = ObjectCache.Current.Get <Operation>("O3");
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
SampleResource R = SampleResource.GetOrCreateSampleResource("R");
SampleResource R2 = SampleResource.GetOrCreateSampleResource("R2");
Assert.That(provider.IsMemberOf(G.Key, G1.Key));
Assert.That(provider.IsSubOperation(O.Key, O3.Key));
Assert.That(!provider.IsSubOperation(O3.Key, O.Key));
Assert.That(
!provider.IsSubResource(resFac.GenerateResourceHandle(R), resFac.GenerateResourceHandle(R2)));
}
}
public void TestCreateAcl( )
{
DBHelper.ExecuteNonQuery("Test_DeleteAllData");
IAuthorizationManager manager = Afcas.GetAuthorizationManager( );
ResourceHandleFactory fac = Afcas.GetHandleFactory("SampleResource");
TestCreateDag( );
using (new ObjectCacheScope( )) {
manager.GetPrincipalList( );
manager.GetOperationList( );
Principal grp1 = ObjectCache.Current.Get <Principal>("grp1");
//Principal grp2 = ObjectCache.Current.Get< Principal >( "grp2" );
Principal usr1 = ObjectCache.Current.Get <Principal>("usr1");
//Principal usr2 = ObjectCache.Current.Get< Principal >( "usr2" );
Operation op1 = ObjectCache.Current.Get <Operation>("op1");
Operation op2 = ObjectCache.Current.Get <Operation>("op2");
//Operation op3 = ObjectCache.Current.Get< Operation >( "op2" );
manager.AddAccessPredicate(grp1.Key,
op1.Key,
fac.GenerateResourceHandleByKey("r1"),
ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(grp1.Key,
op1.Key,
fac.GenerateResourceHandleByKey("r2"),
ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(grp1.Key, op1.Key, NullResource.Instance, ResourceAccessPredicateType.Grant);
Assert.That(manager.IsAuthorized(grp1.Key, op1.Key, fac.GenerateResourceHandleByKey("r1")));
Assert.That(manager.IsAuthorized(grp1.Key, op2.Key, fac.GenerateResourceHandleByKey("r1")));
Assert.That(manager.IsAuthorized(usr1.Key, op2.Key, fac.GenerateResourceHandleByKey("r1")));
Assert.That(manager.IsAuthorized(usr1.Key, op2.Key, NullResource.Instance));
}
}
public SampleResourceHandle(ResourceHandleFactory fac, string key) : base(fac)
{
_Key = key;
}
public SampleResourceHandle(ResourceHandleFactory fac, SampleResource res) : base(fac)
{
_Key = res.Key;
}
private static ObjectCache SetupComplexData()
{
DBHelper.ExecuteNonQuery("Test_DeleteAllData");
ObjectCache.PushCurrent(new ObjectCache());
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
Principal PA = Principal.CreatePrincipal("PA", "PA", PrincipalType.Group, "");
Principal PB = Principal.CreatePrincipal("PB", "PB", PrincipalType.Group, "");
Principal PC = Principal.CreatePrincipal("PC", "PC", PrincipalType.Group, "");
Principal PD = Principal.CreatePrincipal("PD", "PD", PrincipalType.Group, "");
Principal PE = Principal.CreatePrincipal("PE", "PE", PrincipalType.User, "");
Principal PF = Principal.CreatePrincipal("PF", "PF", PrincipalType.User, "");
Principal PG = Principal.CreatePrincipal("PG", "PG", PrincipalType.User, "");
Principal PH = Principal.CreatePrincipal("PH", "PH", PrincipalType.Group, "");
Principal PI = Principal.CreatePrincipal("PI", "PI", PrincipalType.Group, "");
Principal PJ = Principal.CreatePrincipal("PJ", "PJ", PrincipalType.User, "");
Principal PK = Principal.CreatePrincipal("PK", "PK", PrincipalType.User, "");
Principal PP = Principal.CreatePrincipal("PP", "PP", PrincipalType.Group, "");
Principal PQ = Principal.CreatePrincipal("PQ", "PQ", PrincipalType.Group, "");
Principal PR = Principal.CreatePrincipal("PR", "PR", PrincipalType.Group, "");
Principal PS = Principal.CreatePrincipal("PS", "PS", PrincipalType.User, "");
Principal PT = Principal.CreatePrincipal("PT", "PT", PrincipalType.User, "");
manager.AddOrUpdate(PA, "");
manager.AddOrUpdate(PB, "");
manager.AddOrUpdate(PC, "");
manager.AddOrUpdate(PD, "");
manager.AddOrUpdate(PE, "");
manager.AddOrUpdate(PF, "");
manager.AddOrUpdate(PG, "");
manager.AddOrUpdate(PH, "");
manager.AddOrUpdate(PI, "");
manager.AddOrUpdate(PJ, "");
manager.AddOrUpdate(PK, "");
manager.AddOrUpdate(PP, "");
manager.AddOrUpdate(PQ, "");
manager.AddOrUpdate(PR, "");
manager.AddOrUpdate(PS, "");
manager.AddOrUpdate(PT, "");
manager.AddGroupMember(PA, PB);
manager.AddGroupMember(PA, PC);
manager.AddGroupMember(PA, PD);
manager.AddGroupMember(PB, PD);
manager.AddGroupMember(PB, PE);
manager.AddGroupMember(PC, PE);
manager.AddGroupMember(PC, PH);
manager.AddGroupMember(PC, PI);
manager.AddGroupMember(PD, PF);
manager.AddGroupMember(PD, PG);
manager.AddGroupMember(PD, PH);
manager.AddGroupMember(PH, PP);
manager.AddGroupMember(PI, PJ);
manager.AddGroupMember(PI, PK);
manager.AddGroupMember(PP, PQ);
manager.AddGroupMember(PP, PR);
manager.AddGroupMember(PQ, PS);
manager.AddGroupMember(PQ, PT);
manager.AddGroupMember(PR, PT);
Operation OA = Operation.CreateOperation("OA", "OA");
Operation OB = Operation.CreateOperation("OB", "OB");
Operation OC = Operation.CreateOperation("OC", "OC");
Operation OD = Operation.CreateOperation("OD", "OD");
Operation OE = Operation.CreateOperation("OE", "OE");
Operation OF = Operation.CreateOperation("OF", "OF");
Operation OG = Operation.CreateOperation("OG", "OG");
Operation OH = Operation.CreateOperation("OH", "OH");
manager.AddSubOperation(OA, OB);
manager.AddSubOperation(OA, OC);
manager.AddSubOperation(OA, OD);
manager.AddSubOperation(OE, OF);
manager.AddSubOperation(OE, OG);
manager.AddSubOperation(OH, OA);
manager.AddSubOperation(OH, OE);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
ResourceHandle RA = resFac.GenerateResourceHandleByKey("RA");
ResourceHandle RB = resFac.GenerateResourceHandleByKey("RB");
ResourceHandle RC = resFac.GenerateResourceHandleByKey("RC");
ResourceHandle RD = resFac.GenerateResourceHandleByKey("RD");
ResourceHandle RE = resFac.GenerateResourceHandleByKey("RE");
ResourceHandle RF = resFac.GenerateResourceHandleByKey("RF");
ResourceHandle RG = resFac.GenerateResourceHandleByKey("RG");
ResourceHandle RH = resFac.GenerateResourceHandleByKey("RH");
ResourceHandle RI = resFac.GenerateResourceHandleByKey("RI");
ResourceHandle RJ = resFac.GenerateResourceHandleByKey("RJ");
ResourceHandle RK = resFac.GenerateResourceHandleByKey("RK");
ResourceHandle RL = resFac.GenerateResourceHandleByKey("RL");
manager.AddSubResource(RA, RB);
manager.AddSubResource(RA, RC);
manager.AddSubResource(RB, RD);
manager.AddSubResource(RB, RE);
manager.AddSubResource(RC, RE);
manager.AddSubResource(RC, RF);
manager.AddSubResource(RC, RG);
manager.AddSubResource(RH, RI);
manager.AddSubResource(RH, RJ);
manager.AddSubResource(RH, RK);
manager.AddSubResource(RL, RA);
manager.AddSubResource(RL, RH);
manager.AddAccessPredicate(PI.Key, OH.Key, RL, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PD.Key, OA.Key, RA, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PP.Key, OE.Key, RH, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PA.Key, OG.Key, RL, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PQ.Key, OB.Key, RL, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PF.Key, OC.Key, RB, ResourceAccessPredicateType.Grant);
return(ObjectCache.Current);
}
private ObjectCache SetupHugeTestData()
{
//DBHelper.ExecuteNonQuery("Test_DeleteAllData");
ObjectCache.PushCurrent(new ObjectCache());
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
Principal PA = Principal.CreatePrincipal("PA", "PA", PrincipalType.Group, "");
Principal PB = Principal.CreatePrincipal("PB", "PB", PrincipalType.Group, "");
Principal PC = Principal.CreatePrincipal("PC", "PC", PrincipalType.Group, "");
Principal PD = Principal.CreatePrincipal("PD", "PD", PrincipalType.Group, "");
Principal PE = Principal.CreatePrincipal("PE", "PE", PrincipalType.User, "");
Principal PF = Principal.CreatePrincipal("PF", "PF", PrincipalType.User, "");
Principal PG = Principal.CreatePrincipal("PG", "PG", PrincipalType.User, "");
Principal PH = Principal.CreatePrincipal("PH", "PH", PrincipalType.Group, "");
Principal PI = Principal.CreatePrincipal("PI", "PI", PrincipalType.Group, "");
Principal PJ = Principal.CreatePrincipal("PJ", "PJ", PrincipalType.User, "");
Principal PK = Principal.CreatePrincipal("PK", "PK", PrincipalType.User, "");
Principal PP = Principal.CreatePrincipal("PP", "PP", PrincipalType.Group, "");
Principal PQ = Principal.CreatePrincipal("PQ", "PQ", PrincipalType.Group, "");
Principal PR = Principal.CreatePrincipal("PR", "PR", PrincipalType.Group, "");
Principal PS = Principal.CreatePrincipal("PS", "PS", PrincipalType.User, "");
Principal PT = Principal.CreatePrincipal("PT", "PT", PrincipalType.User, "");
manager.AddOrUpdate(PA, "");
manager.AddOrUpdate(PB, "");
manager.AddOrUpdate(PC, "");
manager.AddOrUpdate(PD, "");
manager.AddOrUpdate(PE, "");
manager.AddOrUpdate(PF, "");
manager.AddOrUpdate(PG, "");
manager.AddOrUpdate(PH, "");
manager.AddOrUpdate(PI, "");
manager.AddOrUpdate(PJ, "");
manager.AddOrUpdate(PK, "");
manager.AddOrUpdate(PP, "");
manager.AddOrUpdate(PQ, "");
manager.AddOrUpdate(PR, "");
manager.AddOrUpdate(PS, "");
manager.AddOrUpdate(PT, "");
manager.AddGroupMember(PA, PB);
manager.AddGroupMember(PA, PC);
manager.AddGroupMember(PA, PD);
manager.AddGroupMember(PB, PD);
manager.AddGroupMember(PB, PE);
manager.AddGroupMember(PC, PE);
manager.AddGroupMember(PC, PH);
manager.AddGroupMember(PC, PI);
manager.AddGroupMember(PD, PF);
manager.AddGroupMember(PD, PG);
manager.AddGroupMember(PD, PH);
manager.AddGroupMember(PH, PP);
manager.AddGroupMember(PI, PJ);
manager.AddGroupMember(PI, PK);
manager.AddGroupMember(PP, PQ);
manager.AddGroupMember(PP, PR);
manager.AddGroupMember(PQ, PS);
manager.AddGroupMember(PQ, PT);
manager.AddGroupMember(PR, PT);
Operation OA = Operation.CreateOperation("OA", "OA");
Operation OB = Operation.CreateOperation("OB", "OB");
Operation OC = Operation.CreateOperation("OC", "OC");
Operation OD = Operation.CreateOperation("OD", "OD");
Operation OE = Operation.CreateOperation("OE", "OE");
Operation OF = Operation.CreateOperation("OF", "OF");
Operation OG = Operation.CreateOperation("OG", "OG");
Operation OH = Operation.CreateOperation("OH", "OH");
manager.AddSubOperation(OA, OB);
manager.AddSubOperation(OA, OC);
manager.AddSubOperation(OA, OD);
manager.AddSubOperation(OE, OF);
manager.AddSubOperation(OE, OG);
manager.AddSubOperation(OH, OA);
manager.AddSubOperation(OH, OE);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
//ResourceHandle RA = resFac.GenerateResourceHandleByKey("RA");
//ResourceHandle RB = resFac.GenerateResourceHandleByKey("RB");
//ResourceHandle RC = resFac.GenerateResourceHandleByKey("RC");
//ResourceHandle RD = resFac.GenerateResourceHandleByKey("RD");
//ResourceHandle RE = resFac.GenerateResourceHandleByKey("RE");
//ResourceHandle RF = resFac.GenerateResourceHandleByKey("RF");
//ResourceHandle RG = resFac.GenerateResourceHandleByKey("RG");
//ResourceHandle RH = resFac.GenerateResourceHandleByKey("RH");
//ResourceHandle RI = resFac.GenerateResourceHandleByKey("RI");
//ResourceHandle RJ = resFac.GenerateResourceHandleByKey("RJ");
//ResourceHandle RK = resFac.GenerateResourceHandleByKey("RK");
//ResourceHandle RL = resFac.GenerateResourceHandleByKey("RL");
//manager.AddSubResource(RA, RB);
//manager.AddSubResource(RA, RC);
//manager.AddSubResource(RB, RD);
//manager.AddSubResource(RB, RE);
//manager.AddSubResource(RC, RE);
//manager.AddSubResource(RC, RF);
//manager.AddSubResource(RC, RG);
//manager.AddSubResource(RH, RI);
//manager.AddSubResource(RH, RJ);
//manager.AddSubResource(RH, RK);
//manager.AddSubResource(RL, RA);
//manager.AddSubResource(RL, RH);
var customers = new List <ResourceHandle>();
int customerCount = 5;
int deviceCount = 250000;
var edges = new List <(string start, string end)>();
using (Track($"Creating 50 customers "))
for (int i = 0; i < customerCount; i++)
{
var customer = resFac.GenerateResourceHandleByKey($"x customer {i+1}");
customers.Add(customer);
// create equipments per customer
using (Track($"\tCreating {deviceCount} device for {customer.Key} "))
{
for (int j = 0; j < deviceCount / 10; j++)
{
var device = resFac.GenerateResourceHandleByKey($"device {j+1} ({customer.Key})");
//manager.AddSubResource(customer, device);
edges.Add((customer.AfcasKey, device.AfcasKey));
for (int k = 0; k < 10; k++)
{
var subDevice = resFac.GenerateResourceHandleByKey($"device {j+1}.{k+1} ({customer.Key})");
//manager.AddSubResource(device, subDevice);
edges.Add((device.AfcasKey, subDevice.AfcasKey));
device = subDevice;
}
}
}
}
// six permissions per customer
Console.WriteLine(" ");
using (Track($"Adding permissions to customers "))
foreach (var customer in customers)
{
using (Track($"\tAdding permissions on customer {customer.Key} "))
{
manager.AddAccessPredicate(PI.Key, OH.Key, customer, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PD.Key, OA.Key, customer, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PP.Key, OE.Key, customer, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PA.Key, OG.Key, customer, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PQ.Key, OB.Key, customer, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PF.Key, OC.Key, customer, ResourceAccessPredicateType.Grant);
}
}
var chunks = edges.ToChunks(500).Select(tuples =>
{
var d = new DataTable();
d.Columns.Add("StartVertexId", typeof(string));
d.Columns.Add("EndVertexId", typeof(string));
d.Columns.Add("Source", typeof(string));
foreach (var r in tuples)
{
d.Rows.Add(r.start, r.end, EdgeSource.Resource);
}
return(d);
});
// bulk insert edges
using (Track($"Adding Edges"))
foreach (var chunk in chunks)
{
DBHelper.RunInTransaction(conn =>
{
conn.Execute("dbo.AddEdgesWithSpaceSaving", new { TVP = chunk.AsTableValuedParameter("dbo.AddEdges") },
commandType: CommandType.StoredProcedure);
});
}
//DBHelper.RunInTransaction(conn =>
//{
// conn.Execute("dbo.AddEdgesWithSpaceSaving", new { TVP = edges.AsTableValuedParameter("dbo.AddEdges") },
// commandType: CommandType.StoredProcedure);
//});
//// create messmittel
//Console.WriteLine(" ");
//using (Track($"Creating 300 messmittel "))
//for (int i = 0; i < 3000; i++)
//{
// var measurementDevice = resFac.GenerateResourceHandleByKey($"messgerät {i + 1}");
// manager.AddAccessPredicate(PI.Key, OH.Key, measurementDevice, ResourceAccessPredicateType.Grant);
// manager.AddAccessPredicate(PD.Key, OA.Key, measurementDevice, ResourceAccessPredicateType.Grant);
// manager.AddAccessPredicate(PP.Key, OE.Key, measurementDevice, ResourceAccessPredicateType.Grant);
// manager.AddAccessPredicate(PA.Key, OG.Key, measurementDevice, ResourceAccessPredicateType.Grant);
// manager.AddAccessPredicate(PQ.Key, OB.Key, measurementDevice, ResourceAccessPredicateType.Grant);
// manager.AddAccessPredicate(PF.Key, OC.Key, measurementDevice, ResourceAccessPredicateType.Grant);
//}
return(ObjectCache.Current);
}
public void TestLongPath()
{
DBHelper.ExecuteNonQuery("Test_DeleteAllData");
ObjectCache.PushCurrent(new ObjectCache());
IAuthorizationManager manager = Afcas.GetAuthorizationManager();
Principal PA = Principal.CreatePrincipal("PA", "PA", PrincipalType.Group, "");
Principal PB = Principal.CreatePrincipal("PB", "PB", PrincipalType.Group, "");
Principal PC = Principal.CreatePrincipal("PC", "PC", PrincipalType.Group, "");
Principal PD = Principal.CreatePrincipal("PD", "PD", PrincipalType.Group, "");
Principal PE = Principal.CreatePrincipal("PE", "PE", PrincipalType.User, "");
Principal PF = Principal.CreatePrincipal("PF", "PF", PrincipalType.User, "");
Principal PG = Principal.CreatePrincipal("PG", "PG", PrincipalType.User, "");
Principal PH = Principal.CreatePrincipal("PH", "PH", PrincipalType.Group, "");
Principal PI = Principal.CreatePrincipal("PI", "PI", PrincipalType.Group, "");
Principal PJ = Principal.CreatePrincipal("PJ", "PJ", PrincipalType.User, "");
Principal PK = Principal.CreatePrincipal("PK", "PK", PrincipalType.User, "");
Principal PP = Principal.CreatePrincipal("PP", "PP", PrincipalType.Group, "");
Principal PQ = Principal.CreatePrincipal("PQ", "PQ", PrincipalType.Group, "");
Principal PR = Principal.CreatePrincipal("PR", "PR", PrincipalType.Group, "");
Principal PS = Principal.CreatePrincipal("PS", "PS", PrincipalType.User, "");
Principal PT = Principal.CreatePrincipal("PT", "PT", PrincipalType.User, "");
manager.AddOrUpdate(PA, "");
manager.AddOrUpdate(PB, "");
manager.AddOrUpdate(PC, "");
manager.AddOrUpdate(PD, "");
manager.AddOrUpdate(PE, "");
manager.AddOrUpdate(PF, "");
manager.AddOrUpdate(PG, "");
manager.AddOrUpdate(PH, "");
manager.AddOrUpdate(PI, "");
manager.AddOrUpdate(PJ, "");
manager.AddOrUpdate(PK, "");
manager.AddOrUpdate(PP, "");
manager.AddOrUpdate(PQ, "");
manager.AddOrUpdate(PR, "");
manager.AddOrUpdate(PS, "");
manager.AddOrUpdate(PT, "");
manager.AddGroupMember(PA, PB);
manager.AddGroupMember(PA, PC);
manager.AddGroupMember(PA, PD);
manager.AddGroupMember(PB, PD);
manager.AddGroupMember(PB, PE);
manager.AddGroupMember(PC, PE);
manager.AddGroupMember(PC, PH);
manager.AddGroupMember(PC, PI);
manager.AddGroupMember(PD, PF);
manager.AddGroupMember(PD, PG);
manager.AddGroupMember(PD, PH);
manager.AddGroupMember(PH, PP);
manager.AddGroupMember(PI, PJ);
manager.AddGroupMember(PI, PK);
manager.AddGroupMember(PP, PQ);
manager.AddGroupMember(PP, PR);
manager.AddGroupMember(PQ, PS);
manager.AddGroupMember(PQ, PT);
manager.AddGroupMember(PR, PT);
Operation OA = Operation.CreateOperation("OA", "OA");
Operation OB = Operation.CreateOperation("OB", "OB");
Operation OC = Operation.CreateOperation("OC", "OC");
Operation OD = Operation.CreateOperation("OD", "OD");
Operation OE = Operation.CreateOperation("OE", "OE");
Operation OF = Operation.CreateOperation("OF", "OF");
Operation OG = Operation.CreateOperation("OG", "OG");
Operation OH = Operation.CreateOperation("OH", "OH");
manager.AddSubOperation(OA, OB);
manager.AddSubOperation(OA, OC);
manager.AddSubOperation(OA, OD);
manager.AddSubOperation(OE, OF);
manager.AddSubOperation(OE, OG);
manager.AddSubOperation(OH, OA);
manager.AddSubOperation(OH, OE);
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
List <ResourceHandle> devices;
using (Track("creating devices"))
{
devices = Enumerable.Range(0, 500000).Select(i => resFac.GenerateResourceHandleByKey($"device {i + 1}")).ToList();
}
using (Track($"Creating long graph "))
for (int i = 1; i < devices.Count; i++)
{
var parent = devices[0];
var child = devices[i];
//using (Track($"setting {parent.Key} -> {child.Key}"))
{
manager.AddSubResource(parent, child);
}
}
// six permissions per customer
Console.WriteLine(" ");
using (Track($"Adding permissions to customers "))
{
var device = devices[0];
manager.AddAccessPredicate(PI.Key, OH.Key, device, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PD.Key, OA.Key, device, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PP.Key, OE.Key, device, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PA.Key, OG.Key, device, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PQ.Key, OB.Key, device, ResourceAccessPredicateType.Grant);
manager.AddAccessPredicate(PF.Key, OC.Key, device, ResourceAccessPredicateType.Grant);
}
}
public void TestComplexAuthorization()
{
SetupComplexData();
IAuthorizationProvider provider = Afcas.GetAuthorizationProvider();
Principal PA = ObjectCache.Current.Get <Principal>("PA");
//Principal PB = ObjectCache.Current.Get< Principal >( "PB" );
Principal PC = ObjectCache.Current.Get <Principal>("PC");
Principal PD = ObjectCache.Current.Get <Principal>("PD");
//Principal PE = ObjectCache.Current.Get< Principal >( "PE" );
Principal PF = ObjectCache.Current.Get <Principal>("PF");
//Principal PG = ObjectCache.Current.Get< Principal >( "PG" );
//Principal PH = ObjectCache.Current.Get< Principal >( "PH" );
Principal PI = ObjectCache.Current.Get <Principal>("PI");
Principal PJ = ObjectCache.Current.Get <Principal>("PJ");
Principal PK = ObjectCache.Current.Get <Principal>("PK");
Principal PP = ObjectCache.Current.Get <Principal>("PP");
Principal PQ = ObjectCache.Current.Get <Principal>("PQ");
//Principal PR = ObjectCache.Current.Get< Principal >( "PR" );
//Principal PS = ObjectCache.Current.Get< Principal >( "PS" );
//Principal PT = ObjectCache.Current.Get< Principal >( "PT" );
Operation OA = ObjectCache.Current.Get <Operation>("OA");
Operation OB = ObjectCache.Current.Get <Operation>("OB");
Operation OC = ObjectCache.Current.Get <Operation>("OC");
Operation OD = ObjectCache.Current.Get <Operation>("OD");
Operation OE = ObjectCache.Current.Get <Operation>("OE");
Operation OF = ObjectCache.Current.Get <Operation>("OF");
Operation OG = ObjectCache.Current.Get <Operation>("OG");
Operation OH = ObjectCache.Current.Get <Operation>("OH");
ResourceHandleFactory resFac = Afcas.GetHandleFactory("SampleResource");
ResourceHandle RA = resFac.GenerateResourceHandleByKey("RA");
ResourceHandle RB = resFac.GenerateResourceHandleByKey("RB");
ResourceHandle RC = resFac.GenerateResourceHandleByKey("RC");
//ResourceHandle RD = resFac.GenerateResourceHandleByKey( "RD" );
//ResourceHandle RE = resFac.GenerateResourceHandleByKey( "RE" );
//ResourceHandle RF = resFac.GenerateResourceHandleByKey( "RF" );
//ResourceHandle RG = resFac.GenerateResourceHandleByKey( "RG" );
ResourceHandle RH = resFac.GenerateResourceHandleByKey("RH");
//ResourceHandle RI = resFac.GenerateResourceHandleByKey( "RI" );
//ResourceHandle RJ = resFac.GenerateResourceHandleByKey( "RJ" );
ResourceHandle RK = resFac.GenerateResourceHandleByKey("RK");
ResourceHandle RL = resFac.GenerateResourceHandleByKey("RL");
// explicit auth. list
Assert.That(provider.IsAuthorized(PI.Key, OH.Key, RL));
Assert.That(provider.IsAuthorized(PD.Key, OA.Key, RA));
Assert.That(provider.IsAuthorized(PP.Key, OE.Key, RH));
Assert.That(provider.IsAuthorized(PA.Key, OG.Key, RL));
Assert.That(provider.IsAuthorized(PQ.Key, OB.Key, RL));
Assert.That(provider.IsAuthorized(PF.Key, OC.Key, RB));
//implied ones
Assert.That(provider.IsAuthorized(PI.Key, OA.Key, RA));
Assert.That(provider.IsAuthorized(PI.Key, OE.Key, RC));
Assert.That(provider.IsAuthorized(PI.Key, OF.Key, RK));
Assert.That(provider.IsAuthorized(PK.Key, OF.Key, RA));
Assert.That(provider.IsAuthorized(PK.Key, OE.Key, RC));
Assert.That(provider.IsAuthorized(PK.Key, OF.Key, RK));
Assert.That(provider.IsAuthorized(PK.Key, OH.Key, RL));
Assert.That(provider.IsAuthorized(PJ.Key, OD.Key, RH));
Assert.That(provider.IsAuthorized(PP.Key, OB.Key, RA));
Assert.That(!provider.IsAuthorized(PC.Key, OE.Key, RC));
Assert.That(!provider.IsAuthorized(PP.Key, OB.Key, RL));
}
