public void DeniedPermissions()
{
var readOrganisationName = this.FindPermission(M.Organisation.Name, Operations.Read);
var databaseRole = new RoleBuilder(this.Session).WithName("Role").WithPermission(readOrganisationName).Build();
var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build();
new AccessControlBuilder(this.Session).WithRole(databaseRole).WithSubject(person).Build();
this.Session.Derive(true);
this.Session.Commit();
var sessions = new ISession[] { this.Session };
foreach (var session in sessions)
{
session.Commit();
var organisation = new OrganisationBuilder(session).WithName("Organisation").Build();
var token = new SecurityTokenBuilder(session).Build();
organisation.AddSecurityToken(token);
var role = (Role)session.Instantiate(new Roles(this.Session).FindBy(M.Role.Name, "Role"));
var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First);
token.AddAccessControl(accessControl);
Assert.IsFalse(this.Session.Derive().HasErrors);
var accessList = new AccessControlList(organisation, person);
Assert.IsTrue(accessList.CanRead(M.Organisation.Name));
organisation.AddDeniedPermission(readOrganisationName);
accessList = new AccessControlList(organisation, person);
Assert.IsFalse(accessList.CanRead(M.Organisation.Name));
session.Rollback();
}
}
public void GivenAnotherUserGroupAndAnAccessControlledObjectWhenGettingTheAccessListThenUserHasAccessToThePermissionsInTheRole()
{
var readOrganisationName = this.FindPermission(M.Organisation.Name, Operations.Read);
var databaseRole = new RoleBuilder(this.Session).WithName("Role").WithPermission(readOrganisationName).Build();
var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build();
new UserGroupBuilder(this.Session).WithName("Group").WithMember(person).Build();
var anotherUserGroup = new UserGroupBuilder(this.Session).WithName("AnotherGroup").Build();
this.Session.Derive(true);
this.Session.Commit();
new AccessControlBuilder(this.Session).WithSubjectGroup(anotherUserGroup).WithRole(databaseRole).Build();
this.Session.Commit();
var sessions = new ISession[] { this.Session };
foreach (var session in sessions)
{
session.Commit();
var organisation = new OrganisationBuilder(session).WithName("Organisation").Build();
var token = new SecurityTokenBuilder(session).Build();
organisation.AddSecurityToken(token);
var role = (Role)session.Instantiate(new Roles(this.Session).FindBy(M.Role.Name, "Role"));
var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First);
token.AddAccessControl(accessControl);
Assert.IsFalse(this.Session.Derive().HasErrors);
var accessList = new AccessControlList(organisation, person);
Assert.IsFalse(accessList.CanRead(M.Organisation.Name));
session.Rollback();
}
}