public void Matches_no_variable(string permissionName)
{
var permission = new Permission(permissionName);
var value = permissionName;
// matches only exact permission
Assert.True(permission.Matches(value));
Assert.False(permission.Matches($"pre{value}"));
Assert.False(permission.Matches($"{value}post"));
Assert.False(permission.Matches($"pre{value}post"));
// doesn't match anything with extra arg
Assert.False(permission.Matches(value, ""));
Assert.False(permission.Matches($"pre{value}", ""));
Assert.False(permission.Matches($"{value}post", ""));
Assert.False(permission.Matches($"pre{value}post", ""));
}
/// <summary>
/// Returns whether principal has been granted a permission.
/// </summary>
/// <param name="principal">The principal</param>
/// <param name="permission">The permission</param>
/// <param name="args">Permission arguments</param>
/// <returns>True when permission is granted, false otherwise</returns>
public static bool HasPermission(this ClaimsPrincipal principal, Permission permission, params object[] args)
{
foreach (var claim in principal.Claims)
{
if (claim.Type != Permission.PermissionClaim)
{
continue;
}
if (permission.Matches(claim.Value, args))
{
return(true);
}
}
return(false);
}
public void Matches_two_variables(string permissionName, object arg0, object arg1)
{
var permission = new Permission(permissionName);
var value = string.Format(permissionName, arg0, arg1);
// matches only exact permission
Assert.True(permission.Matches(value, arg0, arg1));
Assert.False(permission.Matches($"pre{value}", arg0, arg1));
Assert.False(permission.Matches($"{value}post", arg0, arg1));
Assert.False(permission.Matches($"pre{value}post", arg0, arg1));
// doesn't match anything without args
Assert.False(permission.Matches(value));
Assert.False(permission.Matches($"pre{value}"));
Assert.False(permission.Matches($"{value}post"));
Assert.False(permission.Matches($"pre{value}post"));
// doesn't match anything without arg1
Assert.False(permission.Matches(value, arg0));
Assert.False(permission.Matches($"pre{value}", arg0));
Assert.False(permission.Matches($"{value}post", arg0));
Assert.False(permission.Matches($"pre{value}post", arg0));
// doesn't match anything with extra arg
Assert.False(permission.Matches(value, arg0, arg1, ""));
Assert.False(permission.Matches($"pre{value}", arg0, arg1, ""));
Assert.False(permission.Matches($"{value}post", arg0, arg1, ""));
Assert.False(permission.Matches($"pre{value}post", arg0, arg1, ""));
}
public void Matches_array_variables(string permissionName, object[] args)
{
var permission = new Permission(permissionName);
var value = string.Format(permissionName, args);
// matches only exact permission
Assert.True(permission.Matches(value, args));
Assert.False(permission.Matches($"pre{value}", args));
Assert.False(permission.Matches($"{value}post", args));
Assert.False(permission.Matches($"pre{value}post", args));
// doesn't match anything with less args
var lessArgs = args.Take(args.Length - 1).ToArray();
Assert.False(permission.Matches(value, lessArgs));
Assert.False(permission.Matches($"pre{value}", lessArgs));
Assert.False(permission.Matches($"{value}post", lessArgs));
Assert.False(permission.Matches($"pre{value}post", lessArgs));
// doesn't match anything with extra arg
var moreArgs = args.Concat(new[] { "" }).ToArray();
Assert.False(permission.Matches(value, moreArgs));
Assert.False(permission.Matches($"pre{value}", moreArgs));
Assert.False(permission.Matches($"{value}post", moreArgs));
Assert.False(permission.Matches($"pre{value}post", moreArgs));
}