public void AuthorizingAgainstTheTypeGivesAuthorityForAllInstances() { UserPermission user = new UserPermission(); Update updateAction = new Update(); AddressModel address = new AddressModel(); updateAction.AddSubject(typeof(AddressModel)); user.AddAuthorization(updateAction); Assert.IsTrue(updateAction.AppliesTo(address)); bool? canUpdate = user.Can(Actions.Update, address); Assert.IsTrue(canUpdate == true); }
public void CanAuthorizedAgainstAnInstance() { UserPermission user = new UserPermission(); AddressModel address = new AddressModel(); Update updateAction = new Update(address); user.AddAuthorization(updateAction); bool? canUpdate = user.Can(Actions.Update, address); Assert.IsTrue(canUpdate == true); AddressModel differentAddress = new AddressModel(); canUpdate = user.Can(Actions.Update, differentAddress); Assert.IsTrue(canUpdate == false); canUpdate = user.Can(Actions.Update, typeof(AddressModel)); Assert.IsTrue(canUpdate == false); }
public void CanAuthorizedAgainstAnInstanceButNotAgainstAnotherInstance() { UserPermission user = new UserPermission(); AddressModel address = new AddressModel(); Create createAction = new Create(); createAction.AddSubject(address); user.AddAuthorization(createAction); bool? canUpdate = user.Can(Actions.Create, address); Assert.IsTrue(canUpdate == true); AddressModel secondAddress = new AddressModel(); canUpdate = user.Can(Actions.Create, secondAddress); Assert.IsTrue(canUpdate == false); }
public void UnauthorizedAgainstTheTypePreventsAuthorizationForAllInstances() { // If we are unauthorized against a type, // then even if we authorize against an instance // we are not authorized UserPermission user = new UserPermission(); Update updateAction = new Update(typeof(AddressModel)); AddressModel address = new AddressModel(); user.AddUnauthorization(updateAction); Assert.IsTrue(updateAction.AppliesTo(address)); bool? canUpdate = user.Can(Actions.Update, address); Assert.IsTrue(canUpdate == false); // now authorize against an instance Update authorizeInstanceUpdateAction = new Update(); authorizeInstanceUpdateAction.AddSubject(address); user.AddAuthorization(authorizeInstanceUpdateAction); canUpdate = user.Can(Actions.Update, address); Assert.IsTrue(canUpdate == false); }
public void ManagingActionIsUnionOfAllActions() { // When we have a Manage Action, // we can do all actions UserPermission user = new UserPermission(); Manage manageAction = new Manage(); AddressModel address = new AddressModel(); user.AddAuthorization(manageAction); Assert.IsTrue(manageAction.AppliesTo(address)); bool? canUpdate = user.Can(Actions.Update, address); Assert.IsTrue(canUpdate == true); }