public void UnauthorizedAgainstTheTypePreventsAuthorizationForAllInstances() { // If we are unauthorized against a type, // then even if we authorize against an instance // we are not authorized UserPermission user = new UserPermission(); Update updateAction = new Update(typeof(AddressModel)); AddressModel address = new AddressModel(); user.AddUnauthorization(updateAction); Assert.IsTrue(updateAction.AppliesTo(address)); bool? canUpdate = user.Can(Actions.Update, address); Assert.IsTrue(canUpdate == false); // now authorize against an instance Update authorizeInstanceUpdateAction = new Update(); authorizeInstanceUpdateAction.AddSubject(address); user.AddAuthorization(authorizeInstanceUpdateAction); canUpdate = user.Can(Actions.Update, address); Assert.IsTrue(canUpdate == false); }
public void UnauthorizedDominatesOverAuthorized() { UserPermission user = new UserPermission(); user.AddUnauthorization(Actions.Create); user.AddAuthorization(Actions.Create); bool? canCreate = user.Can(Actions.Create, typeof(AddressModel)); Assert.IsTrue(canCreate == false); }
public void TestCannotCreateAnything() { UserPermission user = new UserPermission(); user.AddUnauthorization(Actions.Create); bool? canCreate = user.Can(Actions.Create, typeof(AddressModel)); Assert.IsTrue(canCreate == false); }