예제 #1
0
        public void InitialData_Permissions_Parse()
        {
            var src = new List <string>
            {
                "+2|Normal|+1:_____________________________________________+++++++++++++++++++",
                // break is irrelevant because this is the second entry.
                "-2|Normal|+7:_____________________________________________+++++++++++++++++++",
                "+6|Normal|-6:_______________________________________________________________+",
                // break is relevant because this is the first entry.
                "-1113|Normal|+6:_______________________________________________________________+",
            };

            InitialDataTest(() =>
            {
                var actions = SecurityHandler.ParseInitialPermissions(SecurityHandler.SecurityContext, src).ToArray();

                Assert.AreEqual(3, actions.Length);

                Assert.IsFalse(actions[0].Break);
                Assert.IsFalse(actions[0].Unbreak);
                Assert.AreEqual(2, actions[0].Entries.Count);
                Assert.AreEqual(2, actions[0].Entries[0].EntityId);
                Assert.AreEqual(1, actions[0].Entries[0].IdentityId);
                Assert.AreEqual(0x07FFFFUL, actions[0].Entries[0].AllowBits);
                Assert.AreEqual(0UL, actions[0].Entries[0].DenyBits);
                Assert.IsFalse(actions[0].Entries[0].LocalOnly);
                Assert.AreEqual(2, actions[0].Entries[1].EntityId);
                Assert.AreEqual(7, actions[0].Entries[1].IdentityId);
                Assert.AreEqual(0x07FFFFUL, actions[0].Entries[1].AllowBits);
                Assert.AreEqual(0UL, actions[0].Entries[1].DenyBits);
                Assert.IsFalse(actions[0].Entries[1].LocalOnly);

                Assert.IsFalse(actions[1].Break);
                Assert.IsFalse(actions[1].Unbreak);
                Assert.AreEqual(1, actions[1].Entries.Count);
                Assert.AreEqual(6, actions[1].Entries[0].EntityId);
                Assert.AreEqual(6, actions[1].Entries[0].IdentityId);
                Assert.AreEqual(1UL, actions[1].Entries[0].AllowBits);
                Assert.AreEqual(0UL, actions[1].Entries[0].DenyBits);
                Assert.IsTrue(actions[1].Entries[0].LocalOnly);

                Assert.IsTrue(actions[2].Break);
                Assert.IsFalse(actions[2].Unbreak);
                Assert.AreEqual(1, actions[2].Entries.Count);
                Assert.AreEqual(1113, actions[2].Entries[0].EntityId);
                Assert.AreEqual(6, actions[2].Entries[0].IdentityId);
                Assert.AreEqual(1UL, actions[2].Entries[0].AllowBits);
                Assert.AreEqual(0UL, actions[2].Entries[0].DenyBits);
                Assert.IsFalse(actions[2].Entries[0].LocalOnly);
            });
        }
예제 #2
0
        public async Task OD_Security_GetAcl_InvisibleSource()
        {
            await IsolatedODataTestAsync(async() =>
            {
                // ARRANGE
                var contentNode = Node.LoadNode("/Root/Content");
                //var itNode = new SystemFolder(contentNode) { Name = "IT" };
                //itNode.Save();
                var user = new User(User.Administrator.Parent)
                {
                    Name = "U1", Email = "*****@*****.**", Enabled = true
                };
                user.Save();

                var permissionData = new List <string>
                {
                    " +               2|Normal|+        1:_____________________________________________+++++++++++++++++++",
                    " +               2|Normal|+        7:_____________________________________________+++++++++++++++++++",
                    $"+               2|Normal|+{user.Id}:_________________________________________________+______________",
                    $"+{contentNode.Id}|Normal|+{user.Id}:_____________________________________________+__________________",
                };
                var categoriesToNormalize = new[] { EntryType.Normal };
                using (new SystemAccount())
                {
                    var aclEditor = SecurityHandler.CreateAclEditor();
                    aclEditor
                    .UnbreakInheritance(2, categoriesToNormalize)
                    .UnbreakInheritance(contentNode.Id, categoriesToNormalize)
                    .Apply();
                    aclEditor
                    .RemoveExplicitEntries(2)
                    .RemoveExplicitEntries(contentNode.Id)
                    .Apply();
                    aclEditor
                    .Apply(SecurityHandler.ParseInitialPermissions(aclEditor.Context, permissionData));
                }
                Assert.IsTrue(SecurityHandler.HasPermission(user, contentNode, PermissionType.SeePermissions));


                // ACTION
                ODataResponse response;
                using (new CurrentUserBlock(user))
                    response = await ODataGetAsync(
                        $"/OData.svc/Root('Content')/GetAcl", null)
                               .ConfigureAwait(false);

                // ASSERT
                AssertNoError(response);
                var result = ODataTestBase.GetObject(response);

                Assert.AreEqual(contentNode.Id, result.SelectToken("id").Value <int>());
                Assert.AreEqual(contentNode.Path, result.SelectToken("path").Value <string>());
                Assert.IsTrue(result.SelectToken("inherits").Value <bool>());
                Assert.IsFalse(result.SelectToken("isPublic").Value <bool>());

                Assert.AreEqual(1, ((JArray)result["entries"]).Count);

                var entry = result.SelectToken("entries[0]");
                Assert.AreEqual(user.Id, entry.SelectToken("identity.id").Value <int>());
                Assert.AreEqual("Somewhere", entry.SelectToken("ancestor").Value <string>());
                Assert.IsFalse(entry.SelectToken("inherited").Value <bool>());
                Assert.IsTrue(entry.SelectToken("propagates").Value <bool>());
                Assert.AreEqual("allow", entry.SelectToken("permissions.See.value").Value <string>());
                Assert.AreEqual(null, entry.SelectToken("permissions.See.from").Value <string>());
                Assert.AreEqual(null, entry.SelectToken("permissions.Open").Value <string>());
                Assert.AreEqual("allow", entry.SelectToken("permissions.SeePermissions.value").Value <string>());
                Assert.AreEqual("Somewhere", entry.SelectToken("permissions.SeePermissions.from").Value <string>());
                Assert.AreEqual("allow", entry.SelectToken("permissions.TakeOwnership.value").Value <string>());
                Assert.AreEqual(null, entry.SelectToken("permissions.TakeOwnership.from").Value <string>());
            }).ConfigureAwait(false);
        }
예제 #3
0
        public async Task OD_Security_GetAcl_InheritedCombined()
        {
            await IsolatedODataTestAsync(async() =>
            {
                // ARRANGE
                var contentNode = Node.LoadNode("/Root/Content");
                var itNode      = new SystemFolder(contentNode)
                {
                    Name = "IT"
                };
                itNode.Save();

                var permissionData = new List <string>
                {
                    " +               2|Normal|+1:_____________________________________________+++++++++++++++++++",
                    " +               2|Normal|+7:_____________________________________________+++++++++++++++++++",
                    " +               2|Normal|+6:___________________________________________________________+++++",
                    $"+{contentNode.Id}|Normal|+6:_____________________________________________+__________________",
                };
                var categoriesToNormalize = new[] { EntryType.Normal };
                using (new SystemAccount())
                {
                    var aclEditor = SecurityHandler.CreateAclEditor();
                    aclEditor
                    .UnbreakInheritance(2, categoriesToNormalize)
                    .UnbreakInheritance(contentNode.Id, categoriesToNormalize)
                    .Apply();
                    aclEditor
                    .RemoveExplicitEntries(2)
                    .RemoveExplicitEntries(contentNode.Id)
                    .Apply(SecurityHandler.ParseInitialPermissions(aclEditor.Context, permissionData));
                }

                // ACTION
                var response = await ODataGetAsync(
                    $"/OData.svc/Root/Content('IT')/GetAcl", null)
                               .ConfigureAwait(false);

                // ASSERT
                AssertNoError(response);
                var result = ODataTestBase.GetObject(response);

                Assert.AreEqual(itNode.Id, result.SelectToken("id").Value <int>());
                Assert.AreEqual(itNode.Path, result.SelectToken("path").Value <string>());
                Assert.IsTrue(result.SelectToken("inherits").Value <bool>());
                Assert.IsTrue(result.SelectToken("isPublic").Value <bool>());

                Assert.AreEqual(3, ((JArray)result["entries"]).Count);
                var entry = result.SelectToken("entries[?(@identity.id == 6)]");

                Assert.AreEqual(Identifiers.VisitorUserId, entry.SelectToken("identity.id").Value <int>());
                Assert.AreEqual("/Root/Content", entry.SelectToken("ancestor").Value <string>());
                Assert.IsTrue(entry.SelectToken("inherited").Value <bool>());
                Assert.IsTrue(entry.SelectToken("propagates").Value <bool>());
                Assert.AreEqual("allow", entry.SelectToken("permissions.See.value").Value <string>());
                Assert.AreEqual("/Root/Content", entry.SelectToken("permissions.See.from").Value <string>());
                Assert.AreEqual("allow", entry.SelectToken("permissions.Open.value").Value <string>());
                Assert.AreEqual("/Root", entry.SelectToken("permissions.Open.from").Value <string>());
                Assert.AreEqual("allow", entry.SelectToken("permissions.TakeOwnership.value").Value <string>());
                Assert.AreEqual("/Root/Content", entry.SelectToken("permissions.TakeOwnership.from").Value <string>());
            }).ConfigureAwait(false);
        }
예제 #4
0
        public async Task OD_Security_GetAcl_SeeOnlyIdentities()
        {
            await IsolatedODataTestAsync(async() =>
            {
                // ARRANGE
                var contentNode = Node.LoadNode("/Root/Content");
                //var itNode = new SystemFolder(contentNode) { Name = "IT" };
                //itNode.Save();
                var user = new User(User.Administrator.Parent)
                {
                    Name = "U1", Email = "*****@*****.**", Enabled = true
                };
                user.Save();

                var permissionData = new List <string>
                {
                    " +               2|Normal|+        1:_____________________________________________+++++++++++++++++++",
                    " +               2|Normal|+        7:_____________________________________________+++++++++++++++++++",
                    $"+               2|Normal|+{user.Id}:_________________________________________________+_____________+",
                    $"+{contentNode.Id}|Normal|+{user.Id}:_____________________________________________+__________________",
                };
                var categoriesToNormalize = new[] { EntryType.Normal };
                using (new SystemAccount())
                {
                    var aclEditor = SecurityHandler.CreateAclEditor();
                    aclEditor
                    .UnbreakInheritance(2, categoriesToNormalize)
                    .UnbreakInheritance(contentNode.Id, categoriesToNormalize)
                    .Apply();
                    aclEditor
                    .RemoveExplicitEntries(2)
                    .RemoveExplicitEntries(contentNode.Id)
                    .Apply(SecurityHandler.ParseInitialPermissions(aclEditor.Context, permissionData));
                }
                Assert.IsTrue(SecurityHandler.HasPermission(user, contentNode, PermissionType.SeePermissions));


                // ACTION
                ODataResponse response;
                using (new CurrentUserBlock(user))
                    response = await ODataGetAsync(
                        $"/OData.svc/Root('Content')/GetAcl", null)
                               .ConfigureAwait(false);

                // ASSERT
                AssertNoError(response);
                var result = ODataTestBase.GetObject(response);

                Assert.AreEqual(contentNode.Id, result.SelectToken("id").Value <int>());
                Assert.AreEqual(contentNode.Path, result.SelectToken("path").Value <string>());
                Assert.IsTrue(result.SelectToken("inherits").Value <bool>());
                Assert.IsFalse(result.SelectToken("isPublic").Value <bool>());

                Assert.AreEqual(3, ((JArray)result["entries"]).Count);

                var admin = result.SelectToken("entries[?(@identity.id == 1)].identity");
                Assert.AreEqual(Identifiers.AdministratorUserId, admin.SelectToken("id").Value <int>());
                Assert.AreEqual("Admin", admin.SelectToken("name").Value <string>());
                Assert.AreEqual("user", admin.SelectToken("kind").Value <string>());
                Assert.AreEqual(null, admin.SelectToken("domain").Value <string>());
                Assert.AreEqual(null, admin.SelectToken("avatar").Value <string>());

                var admins = result.SelectToken("entries[?(@identity.id == 7)].identity");
                Assert.AreEqual(Identifiers.AdministratorsGroupId, admins.SelectToken("id").Value <int>());
                Assert.AreEqual("Administrators", admins.SelectToken("name").Value <string>());
                Assert.AreEqual("group", admins.SelectToken("kind").Value <string>());
                Assert.AreEqual(null, admins.SelectToken("domain").Value <string>());
                Assert.AreEqual(null, admins.SelectToken("avatar").Value <string>());

                var u1 = result.SelectToken($"entries[?(@identity.id == {user.Id})].identity");
                Assert.AreEqual(user.Id, u1.SelectToken("id").Value <int>());
                Assert.AreEqual("U1", u1.SelectToken("name").Value <string>());
                Assert.AreEqual("user", u1.SelectToken("kind").Value <string>());
                Assert.AreEqual("BuiltIn", u1.SelectToken("domain").Value <string>());
                Assert.AreEqual("", u1.SelectToken("avatar").Value <string>());
            }).ConfigureAwait(false);
        }