public void AuthorizingAgainstTheTypeGivesAuthorityForAllInstances()
{
UserPermission user = new UserPermission();
Update updateAction = new Update();
AddressModel address = new AddressModel();
updateAction.AddSubject(typeof(AddressModel));
user.AddAuthorization(updateAction);
Assert.IsTrue(updateAction.AppliesTo(address));
bool? canUpdate = user.Can(Actions.Update, address);
Assert.IsTrue(canUpdate == true);
}
public void CanAuthorizedAgainstAnInstance()
{
UserPermission user = new UserPermission();
AddressModel address = new AddressModel();
Update updateAction = new Update(address);
user.AddAuthorization(updateAction);
bool? canUpdate = user.Can(Actions.Update, address);
Assert.IsTrue(canUpdate == true);
AddressModel differentAddress = new AddressModel();
canUpdate = user.Can(Actions.Update, differentAddress);
Assert.IsTrue(canUpdate == false);
canUpdate = user.Can(Actions.Update, typeof(AddressModel));
Assert.IsTrue(canUpdate == false);
}
public void UnauthorizedAgainstTheTypePreventsAuthorizationForAllInstances()
{
// If we are unauthorized against a type,
// then even if we authorize against an instance
// we are not authorized
UserPermission user = new UserPermission();
Update updateAction = new Update(typeof(AddressModel));
AddressModel address = new AddressModel();
user.AddUnauthorization(updateAction);
Assert.IsTrue(updateAction.AppliesTo(address));
bool? canUpdate = user.Can(Actions.Update, address);
Assert.IsTrue(canUpdate == false);
// now authorize against an instance
Update authorizeInstanceUpdateAction = new Update();
authorizeInstanceUpdateAction.AddSubject(address);
user.AddAuthorization(authorizeInstanceUpdateAction);
canUpdate = user.Can(Actions.Update, address);
Assert.IsTrue(canUpdate == false);
}