public void EvaluateSpecificRule_DefaultAllow_ExpectAllowUpdate()
{
_securityOptions
.Setup(x => x.DefaultSecurityRules)
.Returns(SecurityOptions <FakeEntityContext> .CreateDefaultAllowRule());
var ruleId = Guid.NewGuid();
var entityId = Guid.NewGuid();
var node = new EntityNode
{
EntityId = entityId,
IdPath = $"/{Guid.NewGuid()}/{Guid.NewGuid()}/{entityId}",
};
var rules = new List <EntityNodeRuleContainer>
{
new EntityNodeRuleContainer(node, new EntitySecurityRule
{
Id = ruleId,
EntityId = entityId,
Rule = new SecurityRule
{
Right = SecurityRight.Read,
Type = RuleType.Deny,
Inherit = false,
}
})
};
var result = _matcher.EvaluateRule(node, rules, SecurityRight.Update);
Assert.True(result.IsRightGranted);
Assert.Equal(entityId, result.EntityId);
Assert.Equal(SecurityRight.Update, result.AccessRight);
Assert.NotNull(result.MatchedRule);
Assert.Equal(Guid.Empty, result.MatchedRule.Id);
}
public async Task EvaluateRootDefaultAllow()
{
_securityOptions
.Setup(x => x.UseAuthorization)
.Returns(true);
_securityOptions
.Setup(x => x.DefaultSecurityRules)
.Returns(SecurityOptions <FakeEntityContext> .CreateDefaultAllowRule());
var result = await _evaluator.EvaluateRoot(SecurityRight.Read);
Assert.True(result.IsRightGranted);
}
public void Evaluate_DefaultAllowRule_ExpectAllowRead()
{
_securityOptions
.Setup(x => x.DefaultSecurityRules)
.Returns(SecurityOptions <FakeEntityContext> .CreateDefaultAllowRule());
var entityId = Guid.NewGuid();
var node = new EntityNode
{
EntityId = entityId,
IdPath = $"/{Guid.NewGuid()}/{Guid.NewGuid()}/{entityId}",
};
var rules = new List <EntityNodeRuleContainer>();
var result = _matcher.EvaluateRule(node, rules, SecurityRight.Read);
Assert.True(result.IsRightGranted);
Assert.Equal(entityId, result.EntityId);
Assert.Equal(SecurityRight.Read, result.AccessRight);
Assert.Equal(Guid.Empty, result.MatchedRule.Id);
}
public SecurityContext_Tests()
{
_securityOptions
.Setup(x => x.AdminRoles)
.Returns(() => new List <string> {
"admin"
});
_securityOptions
.Setup(x => x.UseAuthorization)
.Returns(() => true);
_securityOptions
.Setup(x => x.DefaultSecurityRules)
.Returns(() => SecurityOptions <FakeEntityContext> .CreateDefaultAllowRule());
_impersonationService
.Setup(x => x.ImpersonatedPrincipal)
.Returns((ImpersonatedPrincipal)null);
_securityContext = new SecurityContext <FakeEntityContext>(_securityOptions.Object, _impersonationService.Object, _securityContextProvider.Object);
}
public void SetDenyAllowDefaultSecurityRule()
{
_securityOptions.DefaultSecurityRules = SecurityOptions <TContext> .CreateDefaultAllowRule();
}
