public void HowToUnitTestItemSecurityWithFakeProvider()
{
// create sample item
using (Sitecore.FakeDb.Db db = new Sitecore.FakeDb.Db
{
new Sitecore.FakeDb.DbItem("home")
})
{
Sitecore.Data.Items.Item home = db.GetItem("/sitecore/content/home");
// call your business logic that changes the item security, e.g. denies Read
// for Editors
var account = Sitecore.Security.Accounts.Role.FromName(@"sitecore\Editors");
var accessRight = Sitecore.Security.AccessControl.AccessRight.ItemRead;
var propagationType = Sitecore.Security.AccessControl.PropagationType.Entity;
var permission = Sitecore.Security.AccessControl.AccessPermission.Deny;
Sitecore.Security.AccessControl.AccessRuleCollection rules =
new Sitecore.Security.AccessControl.AccessRuleCollection
{
Sitecore.Security.AccessControl.AccessRule.Create
(account, accessRight, propagationType, permission)
};
Sitecore.Security.AccessControl.AuthorizationManager.SetAccessRules(home, rules);
// check the account cannot read the item
Xunit.Assert.False(home.Security.CanRead(account));
}
}
public void HowToUnitTestItemSecurityWithMockedProvider()
{
// create sample item
using (Sitecore.FakeDb.Db db = new Sitecore.FakeDb.Db
{
new Sitecore.FakeDb.DbItem("home")
})
{
Sitecore.Data.Items.Item home = db.GetItem("/sitecore/content/home");
// substitute the authorization provider
var provider =
Substitute.For <Sitecore.Security.AccessControl.AuthorizationProvider>();
#pragma warning disable 618
using (new Sitecore.FakeDb.Security.AccessControl.AuthorizationSwitcher(provider))
#pragma warning restore 618
{
// call your business logic that changes the item security, e.g. denies Read
// for Editors
var account = Sitecore.Security.Accounts.Role.FromName(@"sitecore\Editors");
var accessRight = Sitecore.Security.AccessControl.AccessRight.ItemRead;
var propagationType = Sitecore.Security.AccessControl.PropagationType.Entity;
var permission = Sitecore.Security.AccessControl.AccessPermission.Deny;
Sitecore.Security.AccessControl.AccessRuleCollection rules =
new Sitecore.Security.AccessControl.AccessRuleCollection
{
Sitecore.Security.AccessControl.AccessRule.Create
(account, accessRight, propagationType, permission)
};
Sitecore.Security.AccessControl.AuthorizationManager.SetAccessRules(home, rules);
// check the provider is called with proper arguments
provider
.Received()
.SetAccessRules(
home,
NSubstitute.Arg.Is <Sitecore.Security.AccessControl.AccessRuleCollection>(
r => r[0].Account.Name == @"sitecore\Editors" &&
r[0].AccessRight.Name == "item:read" &&
r[0].PropagationType.ToString() == "Entity" &&
r[0].SecurityPermission.ToString() == "DenyAccess"));
}
}
}
public void HowToUnitTestItemSecurityWithFakeProvider()
{
// create sample item
using (Sitecore.FakeDb.Db db = new Sitecore.FakeDb.Db
{
new Sitecore.FakeDb.DbItem("home")
})
{
Sitecore.Data.Items.Item home = db.GetItem("/sitecore/content/home");
// call your business logic that changes the item security, e.g. denies Read
// for Editors
var account = Sitecore.Security.Accounts.Role.FromName(@"sitecore\Editors");
var accessRight = Sitecore.Security.AccessControl.AccessRight.ItemRead;
var propagationType = Sitecore.Security.AccessControl.PropagationType.Entity;
var permission = Sitecore.Security.AccessControl.AccessPermission.Deny;
Sitecore.Security.AccessControl.AccessRuleCollection rules =
new Sitecore.Security.AccessControl.AccessRuleCollection
{
Sitecore.Security.AccessControl.AccessRule.Create
(account, accessRight, propagationType, permission)
};
Sitecore.Security.AccessControl.AuthorizationManager.SetAccessRules(home, rules);
// check the account cannot read the item
Xunit.Assert.False(home.Security.CanRead(account));
}
}
public void HowToUnitTestItemSecurityWithMockedProvider()
{
// create sample item
using (Sitecore.FakeDb.Db db = new Sitecore.FakeDb.Db
{
new Sitecore.FakeDb.DbItem("home")
})
{
Sitecore.Data.Items.Item home = db.GetItem("/sitecore/content/home");
// substitute the authorization provider
var provider =
Substitute.For<Sitecore.Security.AccessControl.AuthorizationProvider>();
using (new Sitecore.FakeDb.Security.AccessControl.AuthorizationSwitcher(provider))
{
// call your business logic that changes the item security, e.g. denies Read
// for Editors
var account = Sitecore.Security.Accounts.Role.FromName(@"sitecore\Editors");
var accessRight = Sitecore.Security.AccessControl.AccessRight.ItemRead;
var propagationType = Sitecore.Security.AccessControl.PropagationType.Entity;
var permission = Sitecore.Security.AccessControl.AccessPermission.Deny;
Sitecore.Security.AccessControl.AccessRuleCollection rules =
new Sitecore.Security.AccessControl.AccessRuleCollection
{
Sitecore.Security.AccessControl.AccessRule.Create
(account, accessRight, propagationType, permission)
};
Sitecore.Security.AccessControl.AuthorizationManager.SetAccessRules(home, rules);
// check the provider is called with proper arguments
provider
.Received()
.SetAccessRules(
home,
NSubstitute.Arg.Is<Sitecore.Security.AccessControl.AccessRuleCollection>(
r => r[0].Account.Name == @"sitecore\Editors"
&& r[0].AccessRight.Name == "item:read"
&& r[0].PropagationType.ToString() == "Entity"
&& r[0].SecurityPermission.ToString() == "DenyAccess"));
}
}
}
