public void SimpleRowPermissionRules()
{
InsertCurrentPrincipal(); // Not related to row permissions.
// Insert the test data (server code bypasses row permissions):
using (var scope = TestScope.Create())
{
var repository = scope.Resolve <Common.DomRepository>();
var context = scope.Resolve <Common.ExecutionContext>();
repository.DemoRowPermissions1.Document.Delete(repository.DemoRowPermissions1.Document.Query());
repository.DemoRowPermissions1.Employee.Delete(repository.DemoRowPermissions1.Employee.Query());
repository.DemoRowPermissions1.Division.Delete(repository.DemoRowPermissions1.Division.Query());
var div1 = new DemoRowPermissions1.Division {
Name = "div1"
};
var div2 = new DemoRowPermissions1.Division {
Name = "div2"
};
repository.DemoRowPermissions1.Division.Insert(new[] { div1, div2 });
// The current user:
var emp1 = new DemoRowPermissions1.Employee
{
UserName = context.UserInfo.UserName,
DivisionID = div1.ID
};
repository.DemoRowPermissions1.Employee.Insert(new[] { emp1 });
// The user can access doc1, because it's in the same division:
var doc1 = new DemoRowPermissions1.Document {
Title = "doc1", DivisionID = div1.ID
};
// The user cannot access doc2:
var doc2 = new DemoRowPermissions1.Document {
Title = "doc2", DivisionID = div2.ID
};
repository.DemoRowPermissions1.Document.Insert(new[] { doc1, doc2 });
scope.CommitAndClose();
}
// Simulate client request: Reading all documents (access denied)
using (var scope = TestScope.Create(builder => builder.ConfigureIgnoreClaims()))
{
var processingEngine = scope.Resolve <IProcessingEngine>();
var serverCommand = new ReadCommandInfo
{
DataSource = typeof(DemoRowPermissions1.Document).FullName,
ReadRecords = true
};
var serverResponse = processingEngine.Execute(new[] { serverCommand });
var report = GenerateReport(serverResponse);
Console.WriteLine("Server response: " + report);
Assert.IsTrue(report.Contains("You are not authorized"));
}
// Simulate client request: Reading the user's documents
using (var scope = TestScope.Create(builder => builder.ConfigureIgnoreClaims()))
{
var processingEngine = scope.Resolve <IProcessingEngine>();
var serverCommand = new ReadCommandInfo
{
DataSource = typeof(DemoRowPermissions1.Document).FullName,
ReadRecords = true,
Filters = new[] { new FilterCriteria(typeof(Common.RowPermissionsReadItems)) }
};
var serverResponse = processingEngine.Execute(new[] { serverCommand });
var report = GenerateReport(serverResponse);
Console.WriteLine("Server response: " + report);
Assert.AreEqual("doc1", report);
}
}
public void SimpleRowPermissionRules()
{
InsertCurrentPrincipal(); // Not related to row permissions.
// Insert the test data (server code bypasses row permissions):
using (var container = new RhetosTestContainer(commitChanges: true))
{
var repository = container.Resolve<Common.DomRepository>();
var context = container.Resolve<Common.ExecutionContext>();
repository.DemoRowPermissions1.Document.Delete(repository.DemoRowPermissions1.Document.All());
repository.DemoRowPermissions1.Employee.Delete(repository.DemoRowPermissions1.Employee.All());
repository.DemoRowPermissions1.Division.Delete(repository.DemoRowPermissions1.Division.All());
var div1 = new DemoRowPermissions1.Division { Name = "div1" };
var div2 = new DemoRowPermissions1.Division { Name = "div2" };
repository.DemoRowPermissions1.Division.Insert(new[] { div1, div2 });
// The current user:
var emp1 = new DemoRowPermissions1.Employee
{
UserName = context.UserInfo.UserName,
DivisionID = div1.ID
};
repository.DemoRowPermissions1.Employee.Insert(new[] { emp1 });
// The user can access doc1, because it's in the same division:
var doc1 = new DemoRowPermissions1.Document { Title = "doc1", DivisionID = div1.ID };
// The user cannot access doc2:
var doc2 = new DemoRowPermissions1.Document { Title = "doc2", DivisionID = div2.ID };
repository.DemoRowPermissions1.Document.Insert(new[] { doc1, doc2 });
}
// Simulate client request: Reading all documents (access denied)
using (var container = new RhetosTestContainer())
{
container.AddIgnoreClaims();
var processingEngine = container.Resolve<IProcessingEngine>();
var serverCommand = new ReadCommandInfo
{
DataSource = typeof(DemoRowPermissions1.Document).FullName,
ReadRecords = true
};
var serverResponse = processingEngine.Execute(new[] { serverCommand });
var report = GenerateReport(serverResponse);
Console.WriteLine("Server response: " + report);
Assert.IsTrue(report.Contains("You are not authorized"));
}
// Simulate client request: Reading the user's documents
using (var container = new RhetosTestContainer())
{
container.AddIgnoreClaims();
var processingEngine = container.Resolve<IProcessingEngine>();
var serverCommand = new ReadCommandInfo
{
DataSource = typeof(DemoRowPermissions1.Document).FullName,
ReadRecords = true,
Filters = new[] { new FilterCriteria(typeof(Common.RowPermissionsReadItems)) }
};
var serverResponse = processingEngine.Execute(new[] { serverCommand });
var report = GenerateReport(serverResponse);
Console.WriteLine("Server response: " + report);
Assert.AreEqual("doc1", report);
}
}
