public void InitialData_Permissions_Parse() { var src = new List <string> { "+2|Normal|+1:_____________________________________________+++++++++++++++++++", // break is irrelevant because this is the second entry. "-2|Normal|+7:_____________________________________________+++++++++++++++++++", "+6|Normal|-6:_______________________________________________________________+", // break is relevant because this is the first entry. "-1113|Normal|+6:_______________________________________________________________+", }; InitialDataTest(() => { var actions = SecurityHandler.ParseInitialPermissions(SecurityHandler.SecurityContext, src).ToArray(); Assert.AreEqual(3, actions.Length); Assert.IsFalse(actions[0].Break); Assert.IsFalse(actions[0].Unbreak); Assert.AreEqual(2, actions[0].Entries.Count); Assert.AreEqual(2, actions[0].Entries[0].EntityId); Assert.AreEqual(1, actions[0].Entries[0].IdentityId); Assert.AreEqual(0x07FFFFUL, actions[0].Entries[0].AllowBits); Assert.AreEqual(0UL, actions[0].Entries[0].DenyBits); Assert.IsFalse(actions[0].Entries[0].LocalOnly); Assert.AreEqual(2, actions[0].Entries[1].EntityId); Assert.AreEqual(7, actions[0].Entries[1].IdentityId); Assert.AreEqual(0x07FFFFUL, actions[0].Entries[1].AllowBits); Assert.AreEqual(0UL, actions[0].Entries[1].DenyBits); Assert.IsFalse(actions[0].Entries[1].LocalOnly); Assert.IsFalse(actions[1].Break); Assert.IsFalse(actions[1].Unbreak); Assert.AreEqual(1, actions[1].Entries.Count); Assert.AreEqual(6, actions[1].Entries[0].EntityId); Assert.AreEqual(6, actions[1].Entries[0].IdentityId); Assert.AreEqual(1UL, actions[1].Entries[0].AllowBits); Assert.AreEqual(0UL, actions[1].Entries[0].DenyBits); Assert.IsTrue(actions[1].Entries[0].LocalOnly); Assert.IsTrue(actions[2].Break); Assert.IsFalse(actions[2].Unbreak); Assert.AreEqual(1, actions[2].Entries.Count); Assert.AreEqual(1113, actions[2].Entries[0].EntityId); Assert.AreEqual(6, actions[2].Entries[0].IdentityId); Assert.AreEqual(1UL, actions[2].Entries[0].AllowBits); Assert.AreEqual(0UL, actions[2].Entries[0].DenyBits); Assert.IsFalse(actions[2].Entries[0].LocalOnly); }); }
public async Task OD_Security_GetAcl_InvisibleSource() { await IsolatedODataTestAsync(async() => { // ARRANGE var contentNode = Node.LoadNode("/Root/Content"); //var itNode = new SystemFolder(contentNode) { Name = "IT" }; //itNode.Save(); var user = new User(User.Administrator.Parent) { Name = "U1", Email = "*****@*****.**", Enabled = true }; user.Save(); var permissionData = new List <string> { " + 2|Normal|+ 1:_____________________________________________+++++++++++++++++++", " + 2|Normal|+ 7:_____________________________________________+++++++++++++++++++", $"+ 2|Normal|+{user.Id}:_________________________________________________+______________", $"+{contentNode.Id}|Normal|+{user.Id}:_____________________________________________+__________________", }; var categoriesToNormalize = new[] { EntryType.Normal }; using (new SystemAccount()) { var aclEditor = SecurityHandler.CreateAclEditor(); aclEditor .UnbreakInheritance(2, categoriesToNormalize) .UnbreakInheritance(contentNode.Id, categoriesToNormalize) .Apply(); aclEditor .RemoveExplicitEntries(2) .RemoveExplicitEntries(contentNode.Id) .Apply(); aclEditor .Apply(SecurityHandler.ParseInitialPermissions(aclEditor.Context, permissionData)); } Assert.IsTrue(SecurityHandler.HasPermission(user, contentNode, PermissionType.SeePermissions)); // ACTION ODataResponse response; using (new CurrentUserBlock(user)) response = await ODataGetAsync( $"/OData.svc/Root('Content')/GetAcl", null) .ConfigureAwait(false); // ASSERT AssertNoError(response); var result = ODataTestBase.GetObject(response); Assert.AreEqual(contentNode.Id, result.SelectToken("id").Value <int>()); Assert.AreEqual(contentNode.Path, result.SelectToken("path").Value <string>()); Assert.IsTrue(result.SelectToken("inherits").Value <bool>()); Assert.IsFalse(result.SelectToken("isPublic").Value <bool>()); Assert.AreEqual(1, ((JArray)result["entries"]).Count); var entry = result.SelectToken("entries[0]"); Assert.AreEqual(user.Id, entry.SelectToken("identity.id").Value <int>()); Assert.AreEqual("Somewhere", entry.SelectToken("ancestor").Value <string>()); Assert.IsFalse(entry.SelectToken("inherited").Value <bool>()); Assert.IsTrue(entry.SelectToken("propagates").Value <bool>()); Assert.AreEqual("allow", entry.SelectToken("permissions.See.value").Value <string>()); Assert.AreEqual(null, entry.SelectToken("permissions.See.from").Value <string>()); Assert.AreEqual(null, entry.SelectToken("permissions.Open").Value <string>()); Assert.AreEqual("allow", entry.SelectToken("permissions.SeePermissions.value").Value <string>()); Assert.AreEqual("Somewhere", entry.SelectToken("permissions.SeePermissions.from").Value <string>()); Assert.AreEqual("allow", entry.SelectToken("permissions.TakeOwnership.value").Value <string>()); Assert.AreEqual(null, entry.SelectToken("permissions.TakeOwnership.from").Value <string>()); }).ConfigureAwait(false); }
public async Task OD_Security_GetAcl_InheritedCombined() { await IsolatedODataTestAsync(async() => { // ARRANGE var contentNode = Node.LoadNode("/Root/Content"); var itNode = new SystemFolder(contentNode) { Name = "IT" }; itNode.Save(); var permissionData = new List <string> { " + 2|Normal|+1:_____________________________________________+++++++++++++++++++", " + 2|Normal|+7:_____________________________________________+++++++++++++++++++", " + 2|Normal|+6:___________________________________________________________+++++", $"+{contentNode.Id}|Normal|+6:_____________________________________________+__________________", }; var categoriesToNormalize = new[] { EntryType.Normal }; using (new SystemAccount()) { var aclEditor = SecurityHandler.CreateAclEditor(); aclEditor .UnbreakInheritance(2, categoriesToNormalize) .UnbreakInheritance(contentNode.Id, categoriesToNormalize) .Apply(); aclEditor .RemoveExplicitEntries(2) .RemoveExplicitEntries(contentNode.Id) .Apply(SecurityHandler.ParseInitialPermissions(aclEditor.Context, permissionData)); } // ACTION var response = await ODataGetAsync( $"/OData.svc/Root/Content('IT')/GetAcl", null) .ConfigureAwait(false); // ASSERT AssertNoError(response); var result = ODataTestBase.GetObject(response); Assert.AreEqual(itNode.Id, result.SelectToken("id").Value <int>()); Assert.AreEqual(itNode.Path, result.SelectToken("path").Value <string>()); Assert.IsTrue(result.SelectToken("inherits").Value <bool>()); Assert.IsTrue(result.SelectToken("isPublic").Value <bool>()); Assert.AreEqual(3, ((JArray)result["entries"]).Count); var entry = result.SelectToken("entries[?(@identity.id == 6)]"); Assert.AreEqual(Identifiers.VisitorUserId, entry.SelectToken("identity.id").Value <int>()); Assert.AreEqual("/Root/Content", entry.SelectToken("ancestor").Value <string>()); Assert.IsTrue(entry.SelectToken("inherited").Value <bool>()); Assert.IsTrue(entry.SelectToken("propagates").Value <bool>()); Assert.AreEqual("allow", entry.SelectToken("permissions.See.value").Value <string>()); Assert.AreEqual("/Root/Content", entry.SelectToken("permissions.See.from").Value <string>()); Assert.AreEqual("allow", entry.SelectToken("permissions.Open.value").Value <string>()); Assert.AreEqual("/Root", entry.SelectToken("permissions.Open.from").Value <string>()); Assert.AreEqual("allow", entry.SelectToken("permissions.TakeOwnership.value").Value <string>()); Assert.AreEqual("/Root/Content", entry.SelectToken("permissions.TakeOwnership.from").Value <string>()); }).ConfigureAwait(false); }
public async Task OD_Security_GetAcl_SeeOnlyIdentities() { await IsolatedODataTestAsync(async() => { // ARRANGE var contentNode = Node.LoadNode("/Root/Content"); //var itNode = new SystemFolder(contentNode) { Name = "IT" }; //itNode.Save(); var user = new User(User.Administrator.Parent) { Name = "U1", Email = "*****@*****.**", Enabled = true }; user.Save(); var permissionData = new List <string> { " + 2|Normal|+ 1:_____________________________________________+++++++++++++++++++", " + 2|Normal|+ 7:_____________________________________________+++++++++++++++++++", $"+ 2|Normal|+{user.Id}:_________________________________________________+_____________+", $"+{contentNode.Id}|Normal|+{user.Id}:_____________________________________________+__________________", }; var categoriesToNormalize = new[] { EntryType.Normal }; using (new SystemAccount()) { var aclEditor = SecurityHandler.CreateAclEditor(); aclEditor .UnbreakInheritance(2, categoriesToNormalize) .UnbreakInheritance(contentNode.Id, categoriesToNormalize) .Apply(); aclEditor .RemoveExplicitEntries(2) .RemoveExplicitEntries(contentNode.Id) .Apply(SecurityHandler.ParseInitialPermissions(aclEditor.Context, permissionData)); } Assert.IsTrue(SecurityHandler.HasPermission(user, contentNode, PermissionType.SeePermissions)); // ACTION ODataResponse response; using (new CurrentUserBlock(user)) response = await ODataGetAsync( $"/OData.svc/Root('Content')/GetAcl", null) .ConfigureAwait(false); // ASSERT AssertNoError(response); var result = ODataTestBase.GetObject(response); Assert.AreEqual(contentNode.Id, result.SelectToken("id").Value <int>()); Assert.AreEqual(contentNode.Path, result.SelectToken("path").Value <string>()); Assert.IsTrue(result.SelectToken("inherits").Value <bool>()); Assert.IsFalse(result.SelectToken("isPublic").Value <bool>()); Assert.AreEqual(3, ((JArray)result["entries"]).Count); var admin = result.SelectToken("entries[?(@identity.id == 1)].identity"); Assert.AreEqual(Identifiers.AdministratorUserId, admin.SelectToken("id").Value <int>()); Assert.AreEqual("Admin", admin.SelectToken("name").Value <string>()); Assert.AreEqual("user", admin.SelectToken("kind").Value <string>()); Assert.AreEqual(null, admin.SelectToken("domain").Value <string>()); Assert.AreEqual(null, admin.SelectToken("avatar").Value <string>()); var admins = result.SelectToken("entries[?(@identity.id == 7)].identity"); Assert.AreEqual(Identifiers.AdministratorsGroupId, admins.SelectToken("id").Value <int>()); Assert.AreEqual("Administrators", admins.SelectToken("name").Value <string>()); Assert.AreEqual("group", admins.SelectToken("kind").Value <string>()); Assert.AreEqual(null, admins.SelectToken("domain").Value <string>()); Assert.AreEqual(null, admins.SelectToken("avatar").Value <string>()); var u1 = result.SelectToken($"entries[?(@identity.id == {user.Id})].identity"); Assert.AreEqual(user.Id, u1.SelectToken("id").Value <int>()); Assert.AreEqual("U1", u1.SelectToken("name").Value <string>()); Assert.AreEqual("user", u1.SelectToken("kind").Value <string>()); Assert.AreEqual("BuiltIn", u1.SelectToken("domain").Value <string>()); Assert.AreEqual("", u1.SelectToken("avatar").Value <string>()); }).ConfigureAwait(false); }