public override void OnAuthorization(AuthorizationContext filterContext) { //Create permission string based on the requested controller name and action name in the format 'controllername-action' string requiredPermission = String.Format("{0}-{1}", filterContext.ActionDescriptor.ControllerDescriptor.ControllerName, filterContext.ActionDescriptor.ActionName); string requiredController = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; string requiredAction = filterContext.ActionDescriptor.ActionName; var userId = filterContext.HttpContext.User.Identity.Name; // GetUserId(); var identity = ((CustomPrincipal)HttpContext.Current.User).CustomIdentity; PermissionsService _permissionService = new PermissionsService(userId, identity.UserRoleId); //Create an instance of our custom user authorization object passing requesting user's 'Windows Username' into constructor //CustomMembershipUser requestingUser = new CustomMembershipUser(filterContext.RequestContext.HttpContext.User.Identity.Name); //Check if the requesting user has the permission to run the controller's action if (!_permissionService.HasPermission(requiredController, requiredAction)) { //User doesn't have the required permission and is not a SysAdmin, return our custom “401 Unauthorized” access error //Since we are setting filterContext.Result to contain an ActionResult page, the controller's action will not be run. //The custom “401 Unauthorized” access error will be returned to the browser in response to the initial request. filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "UnAuthorized" }, { "controller", "Error" } }); } //If the user has the permission to run the controller's action, then filterContext.Result will be uninitialized and //executing the controller's action is dependant on whether filterContext.Result is uninitialized. }
public async Task PermissionsService_GetUserPermissionsForGroupAsync_ReturnsGuestIfUserNotMemberOfGroup() { var permissionsDataProviderLogger = new Moq.Mock <ILogger <PermissionsDataProvider> >().Object; var permissionsServiceLogger = new Moq.Mock <ILogger <PermissionsService> >().Object; var groupDataProvider = new Moq.Mock <IGroupDataProvider>().Object; var cts = new CancellationTokenSource(); var cancellationToken = cts.Token; var userId = Guid.NewGuid(); var groupId = Guid.NewGuid(); var rolesDataProvider = new Mock <IRolesDataProvider>(); IPermissionsDataProvider permissionsDataProvider = new PermissionsDataProvider(permissionsDataProviderLogger); List <string>?userRolesResponse = new List <string> { "Admin" }; List <GroupUserRole>?groupRolesResponse = new List <GroupUserRole>(); rolesDataProvider.Setup(x => x.GetUserAndGroupUserRolesAsync(userId, groupId, cancellationToken)) .ReturnsAsync(new UserAndGroupRoles(userRolesResponse, groupRolesResponse)); var permissionsService = new PermissionsService(rolesDataProvider.Object, permissionsDataProvider, permissionsServiceLogger, groupDataProvider); var userGroupPermissions = await permissionsService.GetUserPermissionsForGroupAsync(userId, groupId, string.Empty, cancellationToken); Assert.IsTrue(userGroupPermissions.Permissions.Any(x => x == "https://schema.collaborate.future.nhs.uk/groups/v1/members/add")); }
public void Setup() { var evaluator = new ConditionEvaluator(); _permissionsService = new PermissionsService(new ConditionParser(), (new PermissionsScanner().All(typeof(Permissions))), evaluator); }
public void PermissionsServiceTests_User_HasPermission_Success() { //Arrange var permissionsService = new PermissionsService(_hive, _permissions, _membershipService); //Assert // Both permissions set to allow, no node inheritance Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Copy), _userId).IsAllowed()); // One permission set to allow, one deny, no node inheritance Assert.IsFalse(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Save), _userId).IsAllowed()); Assert.IsFalse(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Publish), _userId).IsAllowed()); // One permission set to inherit, one set to allow, no node inheritance Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Hostnames), _userId).IsAllowed()); // Both permissions set to inherit, no node inheritance Assert.IsFalse(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Move), _userId).IsAllowed()); // Both permissions set to allow, no node inheritance Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Copy), _userId, _childContentNode.Id).IsAllowed()); // One permission set to allow, one deny, node inheritance Assert.IsFalse(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Save), _userId, _childContentNode.Id).IsAllowed()); Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Publish), _userId, _childContentNode.Id).IsAllowed()); // In this instance, becuase the deny permission is inherited, the allow permission takes precedence // One permission set to inherit, one set to allow, node inheritance Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Hostnames), _userId, _childContentNode.Id).IsAllowed()); // Both permissions set to inherit, node inheritance Assert.IsFalse(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.Move), _userId, _childContentNode.Id).IsAllowed()); }
private async void AddNewFileExe() { if (await PermissionsService.GetStoragePermissionsAsync()) { SelectFile(); } }
public async Task PermissionsService_GetUserPermissionsAsync_ReturnsGuestRoleIfUserNotFound() { var permissionsDataProviderLogger = new Moq.Mock <ILogger <PermissionsDataProvider> >().Object; var permissionsServiceLogger = new Moq.Mock <ILogger <PermissionsService> >().Object; var groupDataProvider = new Moq.Mock <IGroupDataProvider>().Object; var cts = new CancellationTokenSource(); var cancellationToken = cts.Token; var userId = Guid.NewGuid(); var rolesDataProvider = new Mock <IRolesDataProvider>(); IPermissionsDataProvider permissionsDataProvider = new PermissionsDataProvider(permissionsDataProviderLogger); List <string>?userRolesResponse = null; rolesDataProvider.Setup(x => x.GetUserRolesAsync(userId, cancellationToken)) .ReturnsAsync(userRolesResponse); var permissionsService = new PermissionsService(rolesDataProvider.Object, permissionsDataProvider, permissionsServiceLogger, groupDataProvider); var permissions = await permissionsService.GetUserPermissionsAsync(userId, cancellationToken); Assert.IsTrue(permissions is null); }
public async Task OpensAppSettings() { ViewModel.RequestAccess.Execute(Unit.Default); TestScheduler.Start(); PermissionsService.Received().OpenAppSettings(); }
public void TestDuplicateIndexes() { var evaluator = new ConditionEvaluator(); var sut = new PermissionsService(new ConditionParser(), (new PermissionsScanner().All(typeof(Permissions))), evaluator); sut.InsertSerialized(new GrantStub { GrantType = GrantType.Allow, Index = 1, NodeKey = Permissions.Product.Create.Key, PermissionType = PermissionType.Generic, Identifier = 1, PermissionChain = PermissionChainName }); sut.InsertSerialized(new GrantStub { GrantType = GrantType.Allow, Index = 1, NodeKey = Permissions.Product.Buy.Key, PermissionType = PermissionType.ResourceBound, Identifier = 1, PermissionChain = PermissionChainName }); sut.GetResultUsingChain(PermissionChainName, Permissions.Product.Create, 1).ShouldBe(PermissionResult.Allowed); sut.GetResultUsingChain(PermissionChainName, Permissions.Product.Buy, 1).ShouldBe(PermissionResult.Allowed); }
public static IServiceCollection AddGranularPermissions(this IServiceCollection collection, Type basePermissionsClass) { collection.AddTransient <IPermissionsScanner, PermissionsScanner>(); collection.AddScoped <IConditionEvaluator, ConditionEvaluator>(); collection.AddScoped <IConditionParser, ConditionParser>(); collection.AddScoped <IPermissionAuditLogCollector, PermissionAuditLogCollector>(); Func <IServiceProvider, PermissionsService> serviceBuilder = sp => { using (var scope = sp.CreateScope()) { var dictionary = scope.ServiceProvider.GetService <IPermissionsScanner>().All(basePermissionsClass); var parser = scope.ServiceProvider.GetService <IConditionParser>(); var evaluator = scope.ServiceProvider.GetService <IConditionEvaluator>(); var grantProvider = scope.ServiceProvider.GetService <IPermissionGrantProvider>(); var instance = new PermissionsService(parser, dictionary, evaluator); var list = grantProvider.AllGrants(); foreach (var permissionGrant in list) { instance.InsertSerialized(permissionGrant); } return(instance); } }; collection.AddSingleton <IPermissionsService>(serviceBuilder); // not pretty collection.AddSingleton <IPermissionsEventBroadcaster>(x => x.GetService <IPermissionsService>() as IPermissionsEventBroadcaster); return(collection); }
public async Task PermissionsService_GetUserPermissionsAsync_ReturnsMultipleRolesAndPermissionsForUser() { var permissionsDataProviderLogger = new Moq.Mock <ILogger <PermissionsDataProvider> >().Object; var permissionsServiceLogger = new Moq.Mock <ILogger <PermissionsService> >().Object; var groupDataProvider = new Moq.Mock <IGroupDataProvider>().Object; var cts = new CancellationTokenSource(); var cancellationToken = cts.Token; var userId = Guid.NewGuid(); var rolesDataProvider = new Mock <IRolesDataProvider>(); IPermissionsDataProvider permissionsDataProvider = new PermissionsDataProvider(permissionsDataProviderLogger); var userRolesResponse = new List <string> { "Standard Members", "Admin" }; rolesDataProvider.Setup(x => x.GetUserRolesAsync(userId, cancellationToken)) .ReturnsAsync(userRolesResponse); var permissionsService = new PermissionsService(rolesDataProvider.Object, permissionsDataProvider, permissionsServiceLogger, groupDataProvider); var permissions = await permissionsService.GetUserPermissionsAsync(userId, cancellationToken); Assert.IsTrue(permissions.Any(x => x == "https://schema.collaborate.future.nhs.uk/admin/v1/view")); }
public async Task RequestsCalendarPermission() { ViewModel.GetStarted.Execute(); TestScheduler.Start(); await PermissionsService.Received().RequestCalendarAuthorization(); }
private void GetAccessToken(HttpContext context) { GetAccessTokenRequest gat = new GetAccessTokenRequest(); String token = context.Request.Params["txtrequest_token"]; String verifier = context.Request.Params["txtverification_code"]; gat.token = token; gat.verifier = verifier; gat.requestEnvelope = new RequestEnvelope("en_US"); GetAccessTokenResponse gats = null; try { PermissionsService service = new PermissionsService(); gats = service.GetAccessToken(gat); context.Response.Write("<html><body><textarea rows=30 cols=80>"); ObjectDumper.Write(gats, 5, context.Response.Output); context.Response.Write("</textarea></body></html>"); } catch (System.Exception e) { context.Response.Write(e.Message); } }
private void AssertPermissionLevels(IEnumerable <User> owners, User user, PermissionLevel expectedLevel) { Assert.Equal(expectedLevel, PermissionsService.GetPermissionLevel(owners, user)); var principal = GetPrincipal(user); Assert.Equal(expectedLevel, PermissionsService.GetPermissionLevel(owners, principal)); }
public async Task NavigatesToTheCalendarPermissionDeniedViewModelWhenPermissionIsDenied() { PermissionsService.RequestCalendarAuthorization().Returns(Observable.Return(false)); ViewModel.GetStarted.Execute(); NavigationService.Received().Navigate <CalendarPermissionDeniedViewModel, Unit>(); }
public async Task TracksTheCalendarOnbardingStartedEvent() { PermissionsService.RequestCalendarAuthorization().Returns(Observable.Return(false)); await ViewModel.GetStartedAction.Execute(Unit.Default); AnalyticsService.CalendarOnboardingStarted.Received().Track(); }
public async Task TracksTheCalendarOnbardingStartedEvent() { PermissionsService.RequestCalendarAuthorization().Returns(Observable.Return(false)); ViewModel.GetStarted.Execute(); TestScheduler.Start(); AnalyticsService.CalendarOnboardingStarted.Received().Track(); }
/// <summary> /// Регистрация разрешений для текущего пользователя /// </summary> /// <param name="kernel">Ядро ninject</param> /// <param name="user">Пользователь</param> public void RegisterPermissionsForUser(IKernel kernel, UserModel user) { CurrentUser = user; IMapperInject mapper = kernel.Get <IMapperInject>(); UserPermissions = mapper.Map <List <PermissionDataContract>, List <PermissionModel> >( PermissionsService.GetPermissionsCollectionByPosition(mapper .Map <PositionModel, PositionDataContract>(user.Position)).Result.ToList()); }
public async Task DoesNotRequestNotificationsPermissionIfCalendarPermissionWasNotGranted() { PermissionsService.RequestCalendarAuthorization().Returns(Observable.Return(false)); NavigationService.Navigate <SelectUserCalendarsViewModel, string[]>().Returns(new string[0]); await ViewModel.GetStartedAction.Execute(Unit.Default); await PermissionsService.DidNotReceive().RequestNotificationAuthorization(); }
public async Task SetsCalendarOnboardingAsCompletedIfUserWantsToContinueWithoutGivingPermission() { PermissionsService.RequestCalendarAuthorization().Returns(Observable.Return(false)); NavigationService.Navigate <CalendarPermissionDeniedViewModel, Unit>().Returns(Unit.Default); await ViewModel.GetStartedAction.Execute(Unit.Default); OnboardingStorage.Received().SetCompletedCalendarOnboarding(); }
public ActionResult <Appointment> UpdateAppointment(string id, Appointment appointment) { if (PermissionsService.AllowEditAppointment(CurrentUser, appointment)) { DataStorage.UpdateAppointment(appointment); return(Ok(new { Message = "Success" })); } return(BadRequest(new { ErrorText = "Not Allowed" })); }
public async Task SetsCalendarOnboardingAsCompletedIfUserGrantsAccess() { PermissionsService.RequestCalendarAuthorization().Returns(Observable.Return(true)); NavigationService.Navigate <SelectUserCalendarsViewModel, string[]>().Returns(new string[0]); ViewModel.GetStarted.Execute(Unit.Default); OnboardingStorage.Received().SetCompletedCalendarOnboarding(); }
public async Task SetsTheNotificationPropertyAfterAskingForPermission(bool permissionWasGiven) { PermissionsService.RequestCalendarAuthorization().Returns(Observable.Return(true)); NavigationService.Navigate <SelectUserCalendarsViewModel, string[]>().Returns(new string[0]); PermissionsService.RequestNotificationAuthorization().Returns(Observable.Return(permissionWasGiven)); await ViewModel.GetStartedAction.Execute(Unit.Default); UserPreferences.Received().SetCalendarNotificationsEnabled(Arg.Is(permissionWasGiven)); }
public async Task RequestsNotificationsPermissionIfCalendarPermissionWasGranted() { PermissionsService.RequestCalendarAuthorization().Returns(Observable.Return(true)); NavigationService.Navigate <SelectUserCalendarsViewModel, string[]>().Returns(new string[0]); ViewModel.GetStarted.Execute(Unit.Default); TestScheduler.Start(); await PermissionsService.Received().RequestNotificationAuthorization(); }
public void PermissionsService_GetUserPermissionsForGroupAsync_ThrowsIfPermissionsDataProviderNull() { var permissionsDataProviderLogger = new Moq.Mock <ILogger <PermissionsDataProvider> >().Object; var permissionsServiceLogger = new Moq.Mock <ILogger <PermissionsService> >().Object; var groupDataProvider = new Moq.Mock <IGroupDataProvider>().Object; var rolesDataProvider = new Moq.Mock <IRolesDataProvider>().Object; _ = new PermissionsService(rolesDataProvider, null, permissionsServiceLogger, groupDataProvider); }
public ActionResult <Appointment> DeleteAppointment(string id) { var appointment = DataStorage.GetAppointment(id); if (PermissionsService.AllowEditAppointment(CurrentUser, appointment)) { DataStorage.DeleteAppointment(appointment); return(Ok(new { Message = "Success" })); } return(BadRequest(new { ErrorText = "Not Allowed" })); }
public async Task DoesNotNavigateToTheSelectUserCalendarsViewModelWhenThereAreNoCalendars() { PermissionsService.RequestCalendarAuthorization().Returns(Observable.Return(true)); InteractorFactory.GetUserCalendars().Execute().Returns( Observable.Return(new UserCalendar[0]) ); await ViewModel.GetStartedAction.Execute(Unit.Default); await NavigationService.DidNotReceive().Navigate <SelectUserCalendarsViewModel, string[]>(); }
public void PermissionsServiceTests_Non_Entity_Actions_Dont_Check_Id() { //Arrange var permissionsService = new PermissionsService(_hive, _permissions, _membershipService); //Assert // Child content node has a BackOffice permission defined and set to Deny where system root has one set to Allow // because BackOfficeAccess permission is not an entity action, it should go straight to checking the system root // so should come back as allow. Assert.IsTrue(permissionsService.GetEffectivePermission(new Guid(FixedPermissionIds.BackOfficeAccess), _userId, _childContentNode.Id).IsAllowed()); }
public HwiServer(ITransport transport, IPermissionPrompt permissionPrompt, RateLimitService rateLimitService, PermissionsService permissionsService, ILoggerFactory loggerFactory) { Transport = transport; _permissionPrompt = permissionPrompt; _rateLimitService = rateLimitService; _permissionsService = permissionsService; _logger = loggerFactory.CreateLogger(LoggerNames.HwiServer); }
public async Task NavigatesToTheSelectUserCalendarsViewModelWhenThereAreCalendars() { PermissionsService.RequestCalendarAuthorization().Returns(Observable.Return(true)); InteractorFactory.GetUserCalendars().Execute().Returns( Observable.Return(new UserCalendar[] { new UserCalendar() }) ); await ViewModel.GetStartedAction.Execute(Unit.Default); await NavigationService .Received() .Navigate <SelectUserCalendarsViewModel, bool, string[]>(Arg.Any <bool>()); }
public async Task EmitsFalseWhenUserWantsToContinueWithoutCalendarAccess() { OnboardingStorage.CompletedCalendarOnboarding().Returns(false); var observer = TestScheduler.CreateObserver <bool>(); ViewModel.ShouldShowOnboarding.Subscribe(observer); PermissionsService.RequestCalendarAuthorization().Returns(Observable.Return(false)); NavigationService.Navigate <CalendarPermissionDeniedViewModel, Unit>().Returns(Unit.Default); ViewModel.GetStarted.Execute(); TestScheduler.Start(); observer.Messages.Select(message => message.Value.Value).AssertEqual(true, false); }