public void HandleAuthorizationRequest_WithNoAllowedRolesProvided_GivesSuccess(IEnumerable <string> userRoles)
{
var allowedRoles = Enumerable.Empty <string>();
var sut = new RoleAuthorizationRequirement(allowedRoles);
var userStub = new Mock <User>(() => new User(String.Empty, userRoles));
var result = sut.HandleAuthorizationRequest(userStub.Object);
result.Success.Should().BeTrue("because no allowed roles have been defined");
}
public void HandleAuthorizationRequest_ForAuthorizedUser_GivesSuccess()
{
var allowedRoles = new[] { "Developer" };
var userStub = new Mock <User>(() => new User(String.Empty, allowedRoles));
var sut = new RoleAuthorizationRequirement(allowedRoles);
var result = sut.HandleAuthorizationRequest(userStub.Object);
result.Success.Should().BeTrue("because the user has required role");
}
/// <summary>
/// Policy configuration delegate passed into <see cref="PolicyServiceCollectionExtensions.AddAuthorization"/>.
/// The default implementation adds a series of authorization policies for Cofoundry roles and permissions.
/// </summary>
/// <param name="options"></param>
protected virtual void ConfigurePolicies(AuthorizationOptions options)
{
foreach (var userArea in _userAreaDefinitionRepository.GetAll())
{
var policyName = AuthorizationPolicyNames.UserArea(userArea.UserAreaCode);
var authRequirement = new UserAreaAuthorizationRequirement(userArea.UserAreaCode);
options.AddPolicy(policyName, p => p.AddRequirements(authRequirement));
}
foreach (var role in _roleDefinitionRepository.GetAll())
{
var policyName = AuthorizationPolicyNames.Role(role.UserAreaCode, role.RoleCode);
var authRequirement = new RoleAuthorizationRequirement(role.UserAreaCode, role.RoleCode);
options.AddPolicy(policyName, p => p.AddRequirements(authRequirement));
}
foreach (var permission in _permissionRepository.GetAll())
{
var policyName = AuthorizationPolicyNames.Permission(permission);
var authRequirement = new PermissionAuthorizationRequirement(permission);
options.AddPolicy(policyName, p => p.AddRequirements(authRequirement));
}
}
/// <summary>
/// Initializes a new instance of the <see cref="RequiresRoleFilterAttribute"/> class.
/// </summary>
/// <param name="logger">The logger.</param>
/// <param name="requirement">The requirement.</param>
/// <param name="principalProvider">The principal provider.</param>
public RequiresRoleFilterAttribute(ILogger <RequiresRoleAttribute> logger, RoleAuthorizationRequirement requirement, ICustomPrincipalProvider principalProvider)
{
this.logger = logger ?? throw new ArgumentNullException(nameof(logger));
this.requirement = requirement ?? throw new ArgumentNullException(nameof(requirement));
this.principalProvider = principalProvider ?? throw new ArgumentNullException(nameof(principalProvider));
}
