예제 #1
0
        public void DeniedPermissions()
        {
            var readOrganisationName = this.FindPermission(M.Organisation.Name, Operations.Read);
            var databaseRole         = new RoleBuilder(this.Session).WithName("Role").WithPermission(readOrganisationName).Build();
            var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build();

            new AccessControlBuilder(this.Session).WithRole(databaseRole).WithSubject(person).Build();

            this.Session.Derive(true);
            this.Session.Commit();

            var sessions = new ISession[] { this.Session };

            foreach (var session in sessions)
            {
                session.Commit();

                var organisation = new OrganisationBuilder(session).WithName("Organisation").Build();

                var token = new SecurityTokenBuilder(session).Build();
                organisation.AddSecurityToken(token);

                var role          = (Role)session.Instantiate(new Roles(this.Session).FindBy(M.Role.Name, "Role"));
                var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First);
                token.AddAccessControl(accessControl);

                Assert.IsFalse(this.Session.Derive().HasErrors);

                var accessList = new AccessControlList(organisation, person);

                Assert.IsTrue(accessList.CanRead(M.Organisation.Name));

                organisation.AddDeniedPermission(readOrganisationName);

                accessList = new AccessControlList(organisation, person);

                Assert.IsFalse(accessList.CanRead(M.Organisation.Name));

                session.Rollback();
            }
        }
예제 #2
0
        public void GivenAnotherUserGroupAndAnAccessControlledObjectWhenGettingTheAccessListThenUserHasAccessToThePermissionsInTheRole()
        {
            var readOrganisationName = this.FindPermission(M.Organisation.Name, Operations.Read);
            var databaseRole         = new RoleBuilder(this.Session).WithName("Role").WithPermission(readOrganisationName).Build();

            var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build();

            new UserGroupBuilder(this.Session).WithName("Group").WithMember(person).Build();
            var anotherUserGroup = new UserGroupBuilder(this.Session).WithName("AnotherGroup").Build();

            this.Session.Derive(true);
            this.Session.Commit();

            new AccessControlBuilder(this.Session).WithSubjectGroup(anotherUserGroup).WithRole(databaseRole).Build();

            this.Session.Commit();

            var sessions = new ISession[] { this.Session };

            foreach (var session in sessions)
            {
                session.Commit();

                var organisation = new OrganisationBuilder(session).WithName("Organisation").Build();

                var token = new SecurityTokenBuilder(session).Build();
                organisation.AddSecurityToken(token);

                var role          = (Role)session.Instantiate(new Roles(this.Session).FindBy(M.Role.Name, "Role"));
                var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First);
                token.AddAccessControl(accessControl);

                Assert.IsFalse(this.Session.Derive().HasErrors);

                var accessList = new AccessControlList(organisation, person);

                Assert.IsFalse(accessList.CanRead(M.Organisation.Name));

                session.Rollback();
            }
        }