public void CanAssociateAccountWithMultipleGroups()
{
Account ayende = new Account();
ayende.Name = "ayende";
UnitOfWork.CurrentSession.Save(ayende);
EntitiesGroup group = authorizationRepository.CreateEntitiesGroup("Accounts");
EntitiesGroup group2 = authorizationRepository.CreateEntitiesGroup("Accounts of second group");
UnitOfWork.Current.TransactionalFlush();
authorizationRepository.AssociateEntityWith(ayende, "Accounts");
UnitOfWork.Current.TransactionalFlush();
authorizationRepository.AssociateEntityWith(ayende, "Accounts of second group");
UnitOfWork.Current.TransactionalFlush();
UnitOfWork.CurrentSession.Evict(ayende);
UnitOfWork.CurrentSession.Evict(group);
UnitOfWork.CurrentSession.Evict(group2);
EntitiesGroup[] groups = authorizationRepository.GetAssociatedEntitiesGroupsFor(ayende);
Assert.AreEqual(2, groups.Length);
Assert.AreEqual("Accounts", groups[0].Name);
Assert.AreEqual("Accounts of second group", groups[1].Name);
}
private void SetupEntities()
{
user = new User();
user.Name = "Ayende";
account = new Account();
account.Name = "south sand";
UnitOfWork.CurrentSession.Save(user);
UnitOfWork.CurrentSession.Save(account);
authorizationService = IoC.Resolve<IAuthorizationService>();
permissionService = IoC.Resolve<IPermissionsService>();
permissionsBuilderService = IoC.Resolve<IPermissionsBuilderService>();
authorizationRepository = IoC.Resolve<IAuthorizationRepository>();
authorizationRepository.CreateUsersGroup("Administrators");
authorizationRepository.CreateEntitiesGroup("Important Accounts");
authorizationRepository.CreateOperation("/Account/Edit");
UnitOfWork.Current.TransactionalFlush();
authorizationRepository.AssociateUserWith(user, "Administrators");
authorizationRepository.AssociateEntityWith(account, "Important Accounts");
UnitOfWork.Current.TransactionalFlush();
}
public void CanSaveAccount()
{
Account ayende = new Account {Name = "ayende"};
Assert.NotEqual(Guid.Empty, ayende.SecurityKey);
session.Save(ayende);
session.Flush();
session.Evict(ayende);
Account fromDb = session.Get<Account>(ayende.Id);
Assert.NotNull(fromDb);
Assert.Equal(ayende.Name, fromDb.Name);
Assert.Equal(fromDb.SecurityKey, ayende.SecurityKey);
}
public void DoesDeletingEntityRemoveEntityReferences()
{
var account = new Account() { Name = "Bob" };
session.Save(account);
authorizationRepository.AssociateEntityWith(account, "Important Accounts");
session.Flush();
Guid securityKey = Security.ExtractKey(account);
// Confirm EntityReference for the new account exists.
EntityReference reference = session.CreateCriteria<EntityReference>()
.Add(Restrictions.Eq("EntitySecurityKey", securityKey))
.SetCacheable(true)
.UniqueResult<EntityReference>();
Assert.NotNull(reference);
// Create a permission for the entity
this.permissionsBuilderService.Allow("/Account/Edit").For(this.user).On(account).DefaultLevel().Save();
// Confirm the permissison for the entity exists
Permission permission = session.CreateCriteria<Permission>()
.Add(Restrictions.Eq("EntitySecurityKey", securityKey))
.SetCacheable(true)
.UniqueResult<Permission>();
Assert.NotNull(permission);
_logger.Debug("deleting account");
// Delete account
session.Delete(account);
session.Flush();
// Confirm EntityReference was removed
reference = session.CreateCriteria<EntityReference>()
.Add(Restrictions.Eq("EntitySecurityKey", securityKey))
.SetCacheable(true)
.UniqueResult<EntityReference>();
Assert.Null(reference);
// Confirm the permissison for the entity was removed
permission = session.CreateCriteria<Permission>()
.Add(Restrictions.Eq("EntitySecurityKey", securityKey))
.SetCacheable(true)
.UniqueResult<Permission>();
Assert.Null(permission);
}
public void CanAssociateAccountWithGroup()
{
Account ayende = new Account();
ayende.Name = "ayende";
session.Save(ayende);
EntitiesGroup group = authorizationRepository.CreateEntitiesGroup("Accounts");
authorizationRepository.AssociateEntityWith(ayende, "Accounts");
session.Flush();
session.Evict(ayende);
session.Evict(group);
EntitiesGroup[] groups = authorizationRepository.GetAssociatedEntitiesGroupsFor(ayende);
Assert.Equal(1, groups.Length);
Assert.Equal("Accounts", groups[0].Name);
}
private void SetupEntities()
{
user = new User {Name = "Ayende"};
account = new Account {Name = "south sand"};
session.Save(user);
session.Save(account);
authorizationService = ServiceLocator.Current.GetInstance<IAuthorizationService>();
permissionService = ServiceLocator.Current.GetInstance<IPermissionsService>();
permissionsBuilderService = ServiceLocator.Current.GetInstance<IPermissionsBuilderService>();
authorizationRepository = ServiceLocator.Current.GetInstance<IAuthorizationRepository>();
authorizationRepository.CreateUsersGroup("Administrators");
authorizationRepository.CreateEntitiesGroup("Important Accounts");
authorizationRepository.CreateOperation("/Account/Edit");
authorizationRepository.AssociateUserWith(user, "Administrators");
authorizationRepository.AssociateEntityWith(account, "Important Accounts");
}
public void CanAssociateAccountWithNestedGroup()
{
Account beto = new Account();
beto.Name = "beto account";
session.Save(beto);
authorizationRepository.CreateEntitiesGroup("Executive Accounts");
EntitiesGroup group = authorizationRepository.CreateChildEntityGroupOf("Executive Accounts", "Manager Accounts");
authorizationRepository.AssociateEntityWith(beto,"Manager Accounts");
session.Flush();
session.Evict(beto);
session.Evict(group);
EntitiesGroup[] groups = authorizationRepository.GetAssociatedEntitiesGroupsFor(beto);
Assert.Equal(2, groups.Length);
Assert.Equal("Executive Accounts",groups[0].Name);
Assert.Equal("Manager Accounts", groups[1].Name);
}
public void CanAssociateAccountWithMultipleGroups()
{
var ayende = new Account();
ayende.Name = "ayende";
session.Save(ayende);
var group = authorizationRepository.CreateEntitiesGroup("Accounts");
var group2 = authorizationRepository.CreateEntitiesGroup("Accounts of second group");
authorizationRepository.AssociateEntityWith(ayende, "Accounts");
authorizationRepository.AssociateEntityWith(ayende, "Accounts of second group");
session.Flush();
session.Evict(ayende);
session.Evict(group);
session.Evict(group2);
var groups = authorizationRepository.GetAssociatedEntitiesGroupsFor(ayende);
Assert.Equal(2, groups.Length);
Assert.Equal("Accounts", groups[0].Name);
Assert.Equal("Accounts of second group", groups[1].Name);
}
public void WillReturnTrueOnGlobalIfPermissionWasAllowedOnGlobalButDeniedOnNestedEntitiesGroup()
{
Account beto = new Account();
beto.Name = "beto account";
authorizationRepository.CreateEntitiesGroup("Executive Accounts");
authorizationRepository.CreateChildEntityGroupOf("Executive Accounts", "Manager Accounts");
authorizationRepository.CreateChildEntityGroupOf("Manager Accounts", "Employee Accounts");
authorizationRepository.AssociateEntityWith(beto, "Employee Accounts");
permissionsBuilderService
.Allow("/Account/Edit")
.For(user)
.OnEverything()
.DefaultLevel()
.Save();
permissionsBuilderService
.Deny("/Account/Edit")
.For(user)
.On("Executive Accounts")
.DefaultLevel()
.Save();
bool IsAllowed = authorizationService.IsAllowed(user, "/Account/Edit");
Assert.True(IsAllowed);
}
public void WillReturnTrueOnAccountIfPermissionWasAllowedToUserOnTheNestedEntityGroupIsAssociatedWith()
{
Account beto = new Account();
beto.Name = "beto account";
authorizationRepository.CreateEntitiesGroup("Executive Accounts");
authorizationRepository.CreateChildEntityGroupOf("Executive Accounts", "Manager Accounts");
authorizationRepository.CreateChildEntityGroupOf("Manager Accounts", "Employee Accounts");
authorizationRepository.AssociateEntityWith(beto, "Employee Accounts");
permissionsBuilderService
.Allow("/Account/Edit")
.For(user)
.On("Executive Accounts")
.DefaultLevel()
.Save();
session.Flush();
bool isAllowed = authorizationService.IsAllowed(user, beto, "/Account/Edit");
Assert.True(isAllowed);
}
public void CanGetAncestryAssociationOfAccountWithGroupWhereThereIsMoreThanOneIndirectPathShouldSelectShortest()
{
Account beto = new Account();
beto.Name = "beto account";
session.Save(beto);
authorizationRepository.CreateEntitiesGroup("Executive Accounts");
authorizationRepository.CreateChildEntityGroupOf("Executive Accounts", "Manager Accounts");
authorizationRepository.CreateChildEntityGroupOf("Manager Accounts", "Employee Accounts");
authorizationRepository.AssociateEntityWith(account, "Manager Accounts");
authorizationRepository.AssociateEntityWith(account, "Employee Accounts");
EntitiesGroup[] groups = authorizationRepository.GetAncestryAssociationOfEntity(account,
"Executive Accounts");
Assert.Equal(2, groups.Length);
Assert.Equal("Manager Accounts", groups[0].Name);
Assert.Equal("Executive Accounts", groups[1].Name);
}
public void CanGetAncestryAssociationOfAccountWithGroupWhereThereIsTwoLevelNesting()
{
Account beto = new Account();
beto.Name = "beto account";
session.Save(beto);
authorizationRepository.CreateEntitiesGroup("Executive Accounts");
authorizationRepository.CreateChildEntityGroupOf("Executive Accounts", "Manager Accounts");
authorizationRepository.CreateChildEntityGroupOf("Manager Accounts", "Employee Accounts");
authorizationRepository.AssociateEntityWith(beto, "Employee Accounts");
EntitiesGroup[] groups = authorizationRepository.GetAncestryAssociationOfEntity(beto, "Executive Accounts");
Assert.Equal(3, groups.Length);
Assert.Equal("Employee Accounts", groups[0].Name);
Assert.Equal("Manager Accounts", groups[1].Name);
Assert.Equal("Executive Accounts", groups[2].Name);
}
public void CanGetAncestryAssociationOfEntityWithGroupWhereNonExists()
{
Account beto = new Account();
beto.Name = "beto account";
session.Save(beto);
authorizationRepository.CreateEntitiesGroup("Executive Accounts");
EntitiesGroup[] groups = authorizationRepository.GetAncestryAssociationOfEntity(beto, "Executive Accounts");
Assert.Equal(0,groups.Length);
}
public void CanSaveAccount()
{
Account ayende = new Account();
ayende.Name = "ayende";
Assert.AreNotEqual(Guid.Empty, ayende.SecurityKey);
UnitOfWork.CurrentSession.Save(ayende);
UnitOfWork.CurrentSession.Flush();
UnitOfWork.CurrentSession.Evict(ayende);
Account fromDb = UnitOfWork.CurrentSession.Get<Account>(ayende.Id);
Assert.IsNotNull(fromDb);
Assert.AreEqual(ayende.Name, fromDb.Name);
Assert.AreEqual(fromDb.SecurityKey, ayende.SecurityKey);
}
public void CanGetAncestryAssociationOfAccountWithGroupWithNested()
{
var beto = new Account();
beto.Name = "beto account";
session.Save(beto);
authorizationRepository.CreateEntitiesGroup("Executive Accounts");
authorizationRepository.CreateChildEntityGroupOf("Executive Accounts", "Manager Accounts");
authorizationRepository.AssociateEntityWith(beto, "Manager Accounts");
var groups = authorizationRepository.GetAncestryAssociationOfEntity(beto,
"Executive Accounts");
Assert.Equal(2, groups.Length);
Assert.Equal("Manager Accounts", groups[0].Name);
Assert.Equal("Executive Accounts", groups[1].Name);
}
