public void SetUp() { SystemUser user = new SystemUser(); SystemProfile profile = new SystemProfile(); this._permission = new SystemPermission(user, profile); }
public void testGrandBy_UnixPermissionRequired_Granted() { var user = new SystemUser(); var profile = new SystemProfile(true); var permission = new SystemPermission(user, profile); var admin = new SystemAdmin(); permission.grantBy(admin); Assert.AreEqual(SystemPermission.REQUESTED, permission.State(), "requested"); Assert.AreEqual(false, permission.IsGranted(), "not granted"); permission.claimBy(admin); Assert.AreEqual(SystemPermission.CLAIMED, permission.State(), "claimed"); Assert.AreEqual(false, permission.IsGranted(), "not granted"); permission.grantBy(admin); Assert.AreEqual(SystemPermission.UNIX_REQUESTED, permission.State(), "Unix requested"); Assert.AreEqual(false, permission.IsGranted(), "not granted"); permission.claimBy(admin); Assert.AreEqual(SystemPermission.UNIX_CLAIMED, permission.State(), "Unix Claimed"); Assert.AreEqual(false, permission.IsGranted(), "not granted"); permission.grantBy(admin); Assert.AreEqual(SystemPermission.GRANTED, permission.State(), "granted"); Assert.AreEqual(true, permission.IsGranted(), "granted"); }
public async Task <IActionResult> OnPostSaveAsync() { if (!ModelState.IsValid) { return(ModelState.ToJsonResult()); } var entity = await _db.Permissions .Where(x => x.Id == this.Id) .SingleOrDefaultAsync(); if (entity == null) { entity = new SystemPermission { Id = this.Id ?? Guid.NewGuid(), PermissionType = this.Data.PermissionType, CreatedBy = this.User.Identity.Name, CreatedDate = DateTime.Now, }; _db.Add(entity); } entity.Name = this.Data.Name; entity.Code = this.Data.Code; entity.UpdatedBy = this.User.Identity.Name; entity.UpdatedDate = DateTime.Now; await _db.SaveChangesAsync(); return(new SuccessResult()); }
public void CreateSystemPermission_NoDuplicateGrantSystemPermissionWithContext_ValidationFailureEventIsRaised() { using (var serviceLocatorFixture = new ServiceLocatorFixture()) { // Setup SetupServiceLocatorFixture(serviceLocatorFixture); // Register var eventRaised = false; DomainEvent.Register <RuleViolationEvent> (p => eventRaised = true); var systemRoleRepositoryMock = new Mock <ISystemRoleRepository> (); var systemRoleFactory = new SystemRoleFactory(systemRoleRepositoryMock.Object); // Exercise var systemRole = systemRoleFactory.CreateSystemRole("RoleName", "Role description.", SystemRoleType.Task); var systemPermission1 = new SystemPermission("WellKnownName1", "Permission display name.", "Permission description."); systemRole.GrantSystemPermission(systemPermission1); var systemPermission2 = new SystemPermission("WellKnownName1", "Permission display name", "Permission description."); systemRole.GrantSystemPermission(systemPermission2); // Verify Assert.IsTrue(eventRaised); } }
public void TestDefaultsToPermissionRequested() { // Arrange SystemPermission systemPermission = new SystemPermission(); // Act // Assert Assert.AreEqual(SystemPermission.Requested, systemPermission.GetState()); Assert.AreEqual("REQUESTED", systemPermission.GetState()); }
public override void deniedBy(SystemAdmin admin, SystemPermission systemPermission) { if (!admin.Equals(admin)) { return; } systemPermission.IsGranted = false; systemPermission.IsUnixPermissionGranted = false; systemPermission.State = PermissionState.DENIED; systemPermission.notifyAdminOfPermissionRequest(); }
public override void DeniedBy(SystemAdmin admin, SystemPermission systemPermission) { if (!systemPermission.GetAdmin().Equals(admin)) { return; } systemPermission.SetIsGranted(false); systemPermission.SetIsUnixPermissionGranted(false); systemPermission.SetState(PermissionState.DENIED); systemPermission.NotifyUserOfPermissionRequestResult(); }
/// <summary> /// Delete a permission /// </summary> /// <param name="permission">Permission</param> public virtual void DeleteSystemPermission(SystemPermission permission) { if (permission == null) throw new ArgumentNullException("permission"); using (var context = new SsepsIIEntities()) { context.SystemPermissions.Attach(permission); ((IObjectContextAdapter)context).ObjectContext.ObjectStateManager.ChangeObjectState(permission, System.Data.EntityState.Modified); context.SystemPermissions.Remove(permission); context.SaveChanges(); } ClearCache(); }
public void TestClaimedBy() { SystemUser user = new SystemUser(); SystemProfile profile = new SystemProfile(); SystemPermission permission = new SystemPermission(user, profile); Assert.AreEqual(PermissionState.REQUESTED, permission.GetState()); SystemAdmin admin = new SystemAdmin(); permission.ClaimedBy(admin); Assert.AreEqual(PermissionState.CLAIMED, permission.GetState()); Assert.AreEqual(false, permission.IsGranted()); }
/// <summary> /// Checks if the employee has the specified permission and throws a <see cref="SystemPermissionException"/> if they do not /// </summary> /// <param name="permission">The permission to check for</param> /// <param name="employee">The employee to check</param> /// <exception cref="SystemPermissionException">Throws exception if employee doesn't have the specified permission</exception> /// <returns></returns> public static async Task EnforceAsync(SystemPermission permission, Employee employee) { using (var context = new ngenDbContext()) { var role = await context.SystemRoles.FirstAsync(r => r.Id == employee.SystemRoleId); var perms = SystemRolePermissions.FromBytes(role.Permissions); if (!perms.Has(permission)) { throw new SystemPermissionException("You do not have permission to do this!", employee, permission); } } }
public void testGrandBy_NoUnixPermissionRequired_NoClaimed_Denied() { var user = new SystemUser(); var profile = new SystemProfile(false); var permission = new SystemPermission(user, profile); var admin = new SystemAdmin(); permission.grantBy(admin); Assert.AreEqual(SystemPermission.REQUESTED, permission.State(), "requested"); Assert.AreEqual(false, permission.IsGranted(), "not granted"); permission.deniedBy(admin); Assert.AreEqual(SystemPermission.REQUESTED, permission.State(), "requested"); Assert.AreEqual(false, permission.IsGranted(), "not granted"); }
public void TestClaimedByWithUnixConcerned() { SystemUser user = new SystemUser(); SystemProfile profile = new SystemProfile(); profile.SetUnixPermissionRequired(true); SystemPermission permission = new SystemPermission(user, profile); Assert.AreEqual(PermissionState.UNIX_REQUESTED, permission.GetState()); SystemAdmin admin = new SystemAdmin(); permission.ClaimedBy(admin); Assert.AreEqual(PermissionState.UNIX_CLAIMED, permission.GetState()); Assert.AreEqual(false, permission.IsGranted()); }
public override void GrantedBy(SystemAdmin admin, SystemPermission systemPermission) { if (!systemPermission.GetAdmin().Equals(admin)) { return; } if (systemPermission.IsUnixPermissionDesiredButNotRequested()) { systemPermission.SetState(PermissionState.UNIX_REQUESTED); systemPermission.NotifyUnixAdminsOfPermissionRequest(); return; } systemPermission.SetState(PermissionState.GRANTED); systemPermission.SetIsGranted(true); systemPermission.NotifyUserOfPermissionRequestResult(); }
public override void grantBy(SystemAdmin admin, SystemPermission systemPermission) { if (!admin.Equals(admin)) { return; } if (systemPermission.isUnixPermissionRequestedAndClaimed()) { systemPermission.IsUnixPermissionGranted = true; } else if (systemPermission.isUnixPermissionDesiredButNotRequested()) { systemPermission.State = PermissionState.UNIX_REQUESTED; systemPermission.notifyAdminOfPermissionRequest(); return; } systemPermission.State = PermissionState.GRANTED; systemPermission.IsGranted = true; systemPermission.notifyAdminOfPermissionRequest(); }
public void CreateSystemPermission_CannotGrantSystemPermissionToTaskGroup_ValidationFailureEventIsRaised() { using (var serviceLocatorFixture = new ServiceLocatorFixture()) { // Setup SetupServiceLocatorFixture(serviceLocatorFixture); // Register var eventRaised = false; DomainEvent.Register <RuleViolationEvent> (p => eventRaised = true); var systemRoleRepositoryMock = new Mock <ISystemRoleRepository> (); var systemRoleFactory = new SystemRoleFactory(systemRoleRepositoryMock.Object); // Exercise var systemRole = systemRoleFactory.CreateSystemRole("RoleName", "Role description.", SystemRoleType.TaskGroup); var systemPermission = new SystemPermission("WellKnownName", "MyPermission", "My permission description."); systemRole.GrantSystemPermission(systemPermission); // Verify Assert.IsTrue(eventRaised); } }
public abstract void deniedBy(SystemAdmin admin, SystemPermission systemPermission);
/// <summary> /// Inserts a permission /// </summary> /// <param name="permission">Permission</param> public virtual void InsertSystemPermission(SystemPermission permission) { if (permission == null) throw new ArgumentNullException("permission"); using (var context = new SsepsIIEntities()) { context.SystemPermissions.Add(permission); context.SaveChanges(); } ClearCache(); }
public async Task UpdateAsyncTest() { IServiceCollection services = new ServiceCollection(); services.AddAuthorizationExtension(); services.AddScoped <ISystemPermissionRoleStore <SystemPermissionRole> >(sp => new Mock <ISystemPermissionRoleStore <SystemPermissionRole> >().Object); services.AddScoped <ISystemPermissionUserStore <SystemPermissionUser> >(sp => new Mock <ISystemPermissionUserStore <SystemPermissionUser> >().Object); services.AddScoped <ISystemPermissionStore <SystemPermission> >(sp => { var mockSystemPermissionStore = new Mock <ISystemPermissionStore <SystemPermission> >(); mockSystemPermissionStore.Setup(s => s.UpdateAsync(It.IsAny <SystemPermission>(), It.IsAny <CancellationToken>())) .Returns((SystemPermission p, CancellationToken _) => Task.FromResult(p)); SystemPermission[] permissions = new SystemPermission[] { new SystemPermission() { Id = "permission0", Name = "permission0", AllowedAllRoles = true }, new SystemPermission() { Id = "permission1", Name = "permission1", AllowedAnonymous = true }, new SystemPermission() { Id = "permission2", Name = "permission2", DeniedAll = true }, new SystemPermission() { Id = "permission3", Name = "permission3" }, }; mockSystemPermissionStore.Setup(s => s.FindByIdAsync(It.IsIn("permission0", "permission1", "permission2", "permission3", "permission4"), It.IsAny <CancellationToken>())) .Returns((string id, CancellationToken _) => Task.FromResult(permissions.FirstOrDefault(p => p.Id == id))); return(mockSystemPermissionStore.Object); }); var mockPermissionMonitor = new Mock <IPermissionMonitor>(); services.AddScoped <IPermissionMonitor>(sp => { mockPermissionMonitor.Setup(p => p.OnPermissionChangedAsync(It.IsAny <string>())); return(mockPermissionMonitor.Object); }); IServiceProvider serviceProvider = services.BuildServiceProvider(); using IServiceScope serviceScope = serviceProvider.CreateScope(); ISystemPermissionService <SystemPermission> systemPermissionService = serviceScope.ServiceProvider.GetRequiredService <ISystemPermissionService <SystemPermission> >(); CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(); await systemPermissionService.UpdateAsync(new SystemPermission() { Id = "permission0", Name = "permission00", AllowedAllRoles = true }, cancellationTokenSource.Token); mockPermissionMonitor.Verify(p => p.OnPermissionChangedAsync("permission0"), Times.Never(), "未改动相关属性,触发调用了OnPermissionChangedAsync(\"permission0\")"); await systemPermissionService.UpdateAsync(new SystemPermission() { Id = "permission0", Name = "permission00", AllowedAllRoles = false }, cancellationTokenSource.Token); mockPermissionMonitor.Verify(p => p.OnPermissionChangedAsync("permission0"), Times.AtLeastOnce(), "改动相关属性AllowedAllRoles,未调用OnPermissionChangedAsync(\"permission0\")"); await systemPermissionService.UpdateAsync(new SystemPermission() { Id = "permission1", Name = "permission1", AllowedAnonymous = false }, cancellationTokenSource.Token); mockPermissionMonitor.Verify(p => p.OnPermissionChangedAsync("permission1"), Times.AtLeastOnce(), "改动相关属性AllowedAnonymous,未调用OnPermissionChangedAsync(\"permission1\")"); await systemPermissionService.UpdateAsync(new SystemPermission() { Id = "permission2", Name = "permission2", DeniedAll = false }, cancellationTokenSource.Token); mockPermissionMonitor.Verify(p => p.OnPermissionChangedAsync("permission2"), Times.AtLeastOnce(), "改动相关属性DeniedAll,未调用OnPermissionChangedAsync(\"permission2\")"); await systemPermissionService.UpdateAsync(new SystemPermission() { Id = "permission3", Name = "permission3", AllowedAllRoles = true, AllowedAnonymous = true, DeniedAll = true }, cancellationTokenSource.Token); mockPermissionMonitor.Verify(p => p.OnPermissionChangedAsync("permission3"), Times.AtLeastOnce(), "改动相关属性,未调用OnPermissionChangedAsync(\"permission3\")"); Task task = systemPermissionService.UpdateAsync(new SystemPermission() { Id = "permission4", Name = "permission3", AllowedAllRoles = true, AllowedAnonymous = true, DeniedAll = true }, cancellationTokenSource.Token); await ShouldThrowAsyncExtensions.ShouldThrowAsync <Exception>(task); // cacheManager.Set() //await systemPermissionRoleService.AddToRoleAsync(permissionId,roleId,CancellationToken.None); }
/// <summary> /// Install permissions /// </summary> /// <param name="permissionProvider">Permission provider</param> public virtual void InstallPermissions(IPermissionProvider permissionProvider) { //NB Can we find a way to automatically delete permissions? //install new permissions var permissions = permissionProvider.GetPermissions(); foreach (var permission in permissions) { var permission1 = GetSystemPermissionBySystemName(permission.SystemName); if (permission1 == null) { //new permission (install it) permission1 = new SystemPermission { Name = permission.Name, SystemName = permission.SystemName, Category = permission.Category, DateCreated = DateTime.UtcNow, DateUpdated = DateTime.UtcNow }; //save new permission InsertSystemPermission(permission1); //default customer role mappings var defaultPermissions = permissionProvider.GetDefaultPermissions(); foreach (var defaultPermission in defaultPermissions) { var role = SystemUserService.GetSystemRoleBySystemName(defaultPermission.RoleSystemName); if (role == null) { //new role (save it) role = new SystemRole { Name = defaultPermission.RoleSystemName, Active = true, SystemName = defaultPermission.RoleSystemName, DateCreated = DateTime.UtcNow, DateModified = DateTime.UtcNow }; SystemUserService.InsertRole(role); } role = SystemUserService.GetSystemRoleById(role.SystemRoleId, false); var defaultMappingProvided = (from p in defaultPermission.SystemPermissions where p.SystemName == permission1.SystemName select p).Any(); var mappingExists = (from p in role.SystemRolePermissions.Select(rpr => rpr.SystemPermission) where p.SystemName == permission1.SystemName select p).Any(); if (defaultMappingProvided && !mappingExists) { InsertSystemRolePermission(new SystemRolePermission { DateCreated = DateTime.UtcNow, SystemRoleId = role.SystemRoleId, SystemPermissionId = permission1.SystemPermissionId }); } } } } ClearCache(); }
/// <summary> /// Authorize permission /// </summary> /// <param name="permission">Permission record</param> /// <returns>true - authorized; otherwise, false</returns> public virtual bool Authorize(SystemPermission permission, IUserContext userContext) { if (permission == null) return false; if (userContext.CurrentUser == null) return false; var customerRoles = userContext.CurrentUser.SystemUserRoles.Where(cr => cr.SystemRole.Active); foreach (var role in customerRoles) { foreach (var permission1 in GetSystemRolePermissions(role.SystemRoleId)) { if (permission1.SystemName.Equals(permission.SystemName, StringComparison.InvariantCultureIgnoreCase)) return true; } } return false; }
public virtual void DeniedBy(SystemAdmin admin, SystemPermission systemPermission) { }
public bool Has(SystemPermission permission) { // administrator permission overrides all others return(_permissions.Has(SystemPermission.Administrator) || _permissions.Has(permission)); }
public override void ClaimedBy(SystemAdmin admin, SystemPermission systemPermission) { systemPermission.WillBeHandledBy(admin); systemPermission.SetState(new PermissionClaimed()); }
public override void claimBy(SystemAdmin admin, SystemPermission systemPermission) { }
public SystemPermissionException(string message, Employee employee, SystemPermission permission) : base(message) { Employee = employee; Permission = permission; ThrownAt = DateTime.Now; }
public virtual void GrantedBy(SystemAdmin admin, SystemPermission systemPermission) { }
public virtual void ClaimedBy(SystemAdmin admin, SystemPermission systemPermission) { }
public override void claimBy(SystemAdmin admin, SystemPermission systemPermission) { systemPermission.willBeHandleBy(admin); systemPermission.State = PermissionState.CLAIMED; }
public abstract void grantBy(SystemAdmin admin, SystemPermission systemPermission);
public override void ClaimedBy(SystemAdmin admin, SystemPermission systemPermission) { systemPermission.WillBeHandledBy(admin); systemPermission.SetState(PermissionState.CLAIMED); }
public override void deniedBy(SystemAdmin admin, SystemPermission systemPermission) { }
public void Grant(SystemPermission permission) { _permissions = _permissions.Add(permission); }
public override void grantBy(SystemAdmin admin, SystemPermission systemPermission) { }
public void Deny(SystemPermission permission) { _permissions = _permissions.Remove(permission); }