public void Test_Filter_ActionRequiresParentModifyAccess(string parentEntityPermissions, string childEntityPermissions) { SecurityActionMenuItemFilter securityActionMenuItemFilter; UserAccount userAccount; EntityType parentEntityType; EntityType childEntityType; IEntity parentEntity; IEntity childEntity; const string viewResourceActionAlias = "console:viewResourceAction"; const string editResourceActionAlias = "console:editResourceAction"; const string deleteResourceActionAlias = "console:deleteResourceAction"; const string addRelationshipActionAlias = "console:addRelationshipAction"; const string removeRelationshipActionAlias = "console:removeRelationshipAction"; var splitParentEntityPermissions = parentEntityPermissions.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries); var splitChildEntityPermissions = childEntityPermissions.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries); userAccount = new UserAccount(); userAccount.Name = "Test user " + Guid.NewGuid(); userAccount.Save(); // parent parentEntityType = new EntityType(); parentEntityType.Inherits.Add(UserResource.UserResource_Type); parentEntityType.Save(); parentEntity = Entity.Create(new EntityRef(parentEntityType)); parentEntity.SetField("core:name", "A"); // "A" so it will match the access rule parentEntity.Save(); // related child entity childEntityType = new EntityType(); childEntityType.Inherits.Add(UserResource.UserResource_Type); childEntityType.Save(); childEntity = Entity.Create(new EntityRef(childEntityType)); childEntity.SetField("core:name", "B"); // "B" so it will match the access rule childEntity.Save(); // grant accesses // parent entity new AccessRuleFactory().AddAllowByQuery( userAccount.As <Subject>(), parentEntityType.As <SecurableEntity>(), splitParentEntityPermissions.Select(s => new EntityRef(s)), TestQueries.EntitiesWithNameA().ToReport()); // child entity new AccessRuleFactory().AddAllowByQuery( userAccount.As <Subject>(), childEntityType.As <SecurableEntity>(), splitChildEntityPermissions.Select(s => new EntityRef(s)), TestQueries.EntitiesWithNameB().ToReport()); // actions var dummyRequest = new ActionRequestExtended(); Func <ActionRequestExtended, ActionMenuItem, ActionTargetInfo> dummyHandler = (a, i) => new ActionTargetInfo(); var actions = new List <ActionMenuItemInfo>(); foreach (string menuItemAlias in new[] { viewResourceActionAlias, editResourceActionAlias, addRelationshipActionAlias, removeRelationshipActionAlias, deleteResourceActionAlias, }) { actions.Add(Entity.Get <ActionMenuItem>(menuItemAlias).ToInfo(dummyRequest, null, dummyHandler)); } actions.Add(new ActionMenuItemInfo { EntityId = childEntityType.Id, HtmlActionState = "createForm", IsNew = true }); // filter actions using (new SetUser(userAccount)) { securityActionMenuItemFilter = new SecurityActionMenuItemFilter(); securityActionMenuItemFilter.Filter(parentEntity.Id, new[] { childEntity.Id }, actions); } // checks if (splitParentEntityPermissions.Contains("core:read") && splitParentEntityPermissions.Contains("core:modify")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(addRelationshipActionAlias), "Missing add relationship resource action"); Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(removeRelationshipActionAlias), "Missing remove relationship resource action"); // child create if (splitChildEntityPermissions.Contains("core:create")) { Assert.That(actions, Has.Exactly(1).Property("HtmlActionState").EqualTo("createForm"), "Missing create resource action"); } else { Assert.That(actions, Has.None.Property("HtmlActionState").EqualTo("createForm"), "Create resource action should not be available"); } // child read if (splitChildEntityPermissions.Contains("core:read")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(viewResourceActionAlias), "Missing view resource action"); } else { Assert.That(actions, Has.None.Property("Alias").EqualTo(viewResourceActionAlias), "View resource action should not be available"); } // child modify if (splitChildEntityPermissions.Contains("core:modify")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(editResourceActionAlias), "Missing edit resource action"); } else { Assert.That(actions, Has.None.Property("Alias").EqualTo(editResourceActionAlias), "Edit resource action should not be available"); } // child delete if (splitChildEntityPermissions.Contains("core:delete")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(deleteResourceActionAlias), "Missing delete resource action"); } else { Assert.That(actions, Has.None.Property("Alias").EqualTo(deleteResourceActionAlias), "Delete resource action should not be available"); } } else if (splitParentEntityPermissions.Contains("core:read") && !splitParentEntityPermissions.Contains("core:modify")) { Assert.That(actions, Has.None.Property("Alias").EqualTo(addRelationshipActionAlias), "Add relationship action should not be available"); Assert.That(actions, Has.None.Property("Alias").EqualTo(removeRelationshipActionAlias), "Remove relationship action should not be available"); // child create Assert.That(actions, Has.None.Property("HtmlActionState").EqualTo("createForm"), "Create resource action should not be available"); // child read if (splitChildEntityPermissions.Contains("core:read")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(viewResourceActionAlias), "Missing view resource action"); } else { Assert.That(actions, Has.None.Property("Alias").EqualTo(viewResourceActionAlias), "View resource action should not be available"); } // child modify if (splitChildEntityPermissions.Contains("core:modify")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(editResourceActionAlias), "Missing edit resource action"); } else { Assert.That(actions, Has.None.Property("Alias").EqualTo(editResourceActionAlias), "Edit resource action should not be available"); } // child delete Assert.That(actions, Has.None.Property("Alias").EqualTo(deleteResourceActionAlias), "Delete resource action should not be available"); } }
public void Test_Writeable_Related_Entity(string toPermissionAliases, bool toEntityWriteable) { var userAccount = Entity.Create <UserAccount>(); userAccount.Name = "Test user " + Guid.NewGuid(); userAccount.Save(); var fromType = new EntityType(); fromType.Inherits.Add(UserResource.UserResource_Type); fromType.Save(); var toType = new EntityType(); toType.Inherits.Add(UserResource.UserResource_Type); toType.Save(); var relationship = new Relationship { FromType = fromType, ToType = toType }; relationship.Save(); IEntity fromEntity = Entity.Create(new EntityRef(fromType)); fromEntity.SetField("core:name", "A"); fromEntity.Save(); IEntity toEntity = Entity.Create(new EntityRef(toType)); toEntity.SetField("core:name", "B"); toEntity.SetRelationships(relationship, new EntityRelationshipCollection <IEntity>() { fromEntity }, Direction.Reverse); toEntity.Save(); // Read / modify from type new AccessRuleFactory().AddAllowByQuery(userAccount.As <Subject>(), fromType.As <SecurableEntity>(), new List <EntityRef> { new EntityRef("core:read"), new EntityRef("core:modify") }, TestQueries.EntitiesWithNameA().ToReport()); if (toPermissionAliases.Length > 0) { // Access to to type new AccessRuleFactory().AddAllowByQuery(userAccount.As <Subject>(), toType.As <SecurableEntity>(), toPermissionAliases.Split(',').Select(x => new EntityRef(x)), TestQueries.EntitiesWithNameB().ToReport()); } using (new SetUser(userAccount)) { // The from entity should be able to be retrieved var fromEntityWriteable = Entity.Get <IEntity>(new EntityRef(fromEntity), true); Assert.AreEqual(fromEntity.Id, fromEntityWriteable.Id); // Check access to to entity IEntity entity = fromEntityWriteable.GetRelationships(relationship, Direction.Forward).FirstOrDefault( ); IEntity toEntityFromRel = null; if (entity != null) { toEntityFromRel = entity.Entity; } if (toPermissionAliases.Length > 0) { Assert.AreEqual(toEntity.Id, toEntityFromRel.Id); var toEntityWrite = toEntityFromRel.AsWritable(); toEntityWrite.SetField("core:description", "Test"); if (toEntityWriteable) { // Should be able to save Assert.DoesNotThrow(() => toEntityWrite.Save()); } else { // Should not be able to save Assert.That(toEntityWrite.Save, Throws.TypeOf <PlatformSecurityException>(), "Entity access is incorrect. Should notbe able to save."); } } else { // We do not have read access to the to entity so it should be null Assert.IsNull(toEntityFromRel); } } }