public void Delete_Trash_WithoutAddNewPermission()
{
Test(true, () =>
{
var originalUser = AccessProvider.Current.GetCurrentUser();
File file;
using (new SystemAccount())
{
file = CreateTestFile();
// give Visitor Delete permission to the file, but not AddNew
// (workaround: add permissions for Visitor to the user content and to the Trash to make this test work)
Providers.Instance.SecurityHandler.CreateAclEditor()
.Allow(file.Id, Identifiers.VisitorUserId, false,
PermissionType.OpenMinor, PermissionType.Delete)
.Allow(TrashBin.Instance.Id, Identifiers.VisitorUserId, false, PermissionType.Open)
.Allow(Identifiers.VisitorUserId, Identifiers.VisitorUserId, false, PermissionType.Open)
.Apply();
}
try
{
AccessProvider.Current.SetCurrentUser(User.Visitor);
// action: try to trash the file as Visitor - it should succeed
TrashBin.DeleteNode(file);
}
finally
{
AccessProvider.Current.SetCurrentUser(originalUser);
}
});
}
public void Delete_Trash_WithoutDeletePermission()
{
Test(true, () =>
{
var originalUser = AccessProvider.Current.GetCurrentUser();
File file;
using (new SystemAccount())
{
file = CreateTestFile();
// give Visitor only Open permission, not Delete
// (workaround: add permissions for Visitor to the user content and to the Trash to make this test work)
Providers.Instance.SecurityHandler.CreateAclEditor()
.Allow(file.Id, Identifiers.VisitorUserId, false, PermissionType.OpenMinor)
.Allow(TrashBin.Instance.Id, Identifiers.VisitorUserId, false, PermissionType.Open)
.Allow(Identifiers.VisitorUserId, Identifiers.VisitorUserId, false, PermissionType.Open)
.Apply();
}
var thrown = false;
try
{
AccessProvider.Current.SetCurrentUser(User.Visitor);
// action: try to trash the file as Visitor
TrashBin.DeleteNode(file);
}
catch (InvalidOperationException ex)
{
if (ex.Message.Contains("You do not have enough permissions to delete this content"))
{
thrown = true;
}
}
finally
{
AccessProvider.Current.SetCurrentUser(originalUser);
}
Assert.IsTrue(thrown, "The expected exception was not thrown.");
});
}