public void SetRoleScopes(SetRoleScopesModel model, ClaimsPrincipal user)
{
authorizationLogic.IsAuthorizedThrowsException(AuthorizationScopes.ManageRoles, user, model, EventCategory.RoleManagementSetScopes);
SecurityRole role = configurationRepository.Get <SecurityRole>(model.RoleId);
List <Scope> validScopes = authorizationLogic.GetAvailibleScopes();
if (model.Scopes != null && model.Scopes.Any())
{
foreach (Guid scope in model.Scopes)
{
if (!validScopes.Select(item => item.Id).Contains(scope))
{
throw new ReferencedObjectDoesNotExistException("Requested scope does not exist");
}
}
}
else
{
model.Scopes = new List <Guid>();
}
role.Scopes = model.Scopes;
configurationRepository.Update <SecurityRole>(role);
}
public void RoleManagementLogic_SetRoleScopes_InvalidScopeProvided_ThrowsReferencedObjectDoesNotExistException()
{
List <Scope> validScopes = new List <Scope>()
{
new Scope("TestScope", AuthorizationScopes.ManageRoles)
};
Mock <IAuthorizationLogic> authorizationLogic = new Mock <IAuthorizationLogic>();
authorizationLogic.Setup(x => x.IsAuthorized(It.IsAny <Guid>(), It.IsAny <ClaimsPrincipal>())).Returns(true);
authorizationLogic.Setup(x => x.GetAvailibleScopes()).Returns(validScopes);
SetRoleScopesModel model = new SetRoleScopesModel()
{
RoleId = new Guid(),
Scopes = new List <Guid>()
{
Guid.NewGuid()
}
};
SecurityRole role = new SecurityRole()
{
Name = "TestRole", Id = Guid.NewGuid()
};
Mock <IConfigurationRepository> configurationRepository = new Mock <IConfigurationRepository>();
configurationRepository.Setup(x => x.Get <SecurityRole>(It.IsAny <Guid>())).Returns(role);
RoleManagementLogic roleManagementLogic = new RoleManagementLogic(configurationRepository.Object, authorizationLogic.Object);
roleManagementLogic.SetRoleScopes(model, null);
}
public void RoleManagementLogic_SetRoleScopes_UnauthorizedUser_ThrowsUnauthorizedAccessException()
{
SetRoleScopesModel model = new SetRoleScopesModel()
{
RoleId = new Guid()
};
Mock <IAuthorizationLogic> authorizationLogic = new Mock <IAuthorizationLogic>();
authorizationLogic.Setup(x => x.IsAuthorizedThrowsException(AuthorizationScopes.ManageRoles, It.IsAny <ClaimsPrincipal>(), It.IsAny <ILoggableEntity>(), It.IsAny <EventCategory>())).Throws(new UnauthorizedAccessException());
RoleManagementLogic roleManagementLogic = new RoleManagementLogic(null, authorizationLogic.Object);
roleManagementLogic.SetRoleScopes(model, null);
}
public JsonResult SetRoleScopes(Guid roleId, [FromBody] SetRoleScopesModel model)
{
model.RoleId = roleId;
roleManagement.SetRoleScopes(model, User);
return(http.RespondSuccess());
}
