public void with_positive_context_allows_its_action()
{
AbilityConfiguration.ConfigureWith(c =>
c.AllowTo("edit", "order")
.If(() => true)
);
Then.IShouldBeAbleTo("edit", "order");
}
public void with_subject_context_still_allows_string_action()
{
AbilityConfiguration.ConfigureWith(c =>
c.AllowTo("edit", "order")
.If <Order>(o => o.IsPending)
);
Then.IShouldBeAbleTo("edit", "order");
}
public void with_subject_context_doesnt_allow_string_action()
{
AbilityConfiguration.ConfigureWith(c =>
c.Allow("view").On <Order>(o => o.IsPending)
);
Then.IShouldNotBeAbleTo("view", "order");
Then.IShouldNotBeAbleTo("view", "blah");
}
public void with_negative_context_denies_its_action()
{
AbilityConfiguration.ConfigureWith(c =>
c.AllowTo("edit", "order")
.If(() => false)
);
Then.IShouldNotBeAbleTo("edit", "order");
}
public void if_you_can_manage__you_can_do_anything()
{
AbilityConfiguration.ConfigureWith(c => c.AllowTo("manage", "customer"));
Then.IShouldBeAbleTo("view", "customer");
Then.IShouldBeAbleTo("create", "customer");
Then.IShouldBeAbleTo("edit", "customer");
Then.IShouldBeAbleTo("delete", "customer");
Then.IShouldBeAbleTo("discombobulate", "customer");
}
public void configured_alias_is_case_insensitive()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("view").On("customer");
c.ConfigureActionAliases("view", "ConSult");
});
Then.IShouldBeAbleTo("coNsult", "customer");
}
public void configured_alias_works()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("view").On("customer");
c.ConfigureActionAliases("view", "consult");
});
Then.IShouldBeAbleTo("consult", "customer");
}
public void no_logging_happens_when_ability_is_not_checked()
{
AbilityConfiguration.Debug(t => debugMessages.Add(t));
AbilityConfiguration.ConfigureWith(c => c.Allow("view").On("order"));
debugMessages.ShouldNotContain("user has the ability to view/order")
.ShouldNotContain("user can view/order");
}
public void allows_command_by_convention_for_manage_all_subjects()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.AllowTo("manage", "all");
c.ConfigureCommandConvention("{action}{subject}Command");
});
Then.IShouldBeAbleToExecute(new EditOrderCommand());
}
public void an_ability_can_be_checked_with_a_subject_alias()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.AllowTo("view", "customer");
c.ConfigureSubjectAliases("customer", "customers");
});
Then.IShouldBeAbleTo("view", "customers");
}
public void abilities_ignore_prefixes_and_postfixes_by_default_with_subjectAlieas()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("edit").On("customer");
c.ConfigureSubjectAliases("customer", "client");
});
Then.IShouldBeAbleTo("edit", new GetClientDetailDto());
}
public void doesn_allow_LIKE_subjects()
{
AbilityConfiguration.ConfigureWith(c =>
c.Allow("view").On <Order>(o => o.IsPending)
);
Then.IShouldNotBeAbleTo("view", new OrderDto {
IsPending = true
});
}
public void with_negative_subject_context_with_full_access_still_denies_its_action()
{
AbilityConfiguration.ConfigureWith(c =>
c.AllowAnything().On <Order>(o => o.IsPending)
);
Then.IShouldNotBeAbleTo("view", new Order {
IsPending = false
});
}
public void allows_command_by_custom_action_alias()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("edit").On("customer");
c.ConfigureActionAliases("edit", "discombobulate");
});
Then.IShouldBeAbleToExecute(new DiscombobulateCustomerCommand());
}
public void default_area_aliasing_behavior()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("area/view").On("customer");
c.ConfigureActionAliases("area", "other");
});
Then.IShouldBeAbleTo("other/view", "customer");
}
public void default_area_behavior_on_command_with_area_and_subject_alias()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("area/edit").On("customer");
c.ConfigureSubjectAliases("customer", "client");
});
Then.IShouldBeAbleToExecute("area/EditClientCommand");
}
public void allows_command_by_convention_with_action_alias()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.AllowTo("edit", "order");
c.ConfigureCommandConvention("{action}{subject}Command");
});
Then.IShouldBeAbleToExecute(new UpdateOrderCommand());
}
public void allows_command_by_custom_subject_alias()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("edit").On("customer");
c.ConfigureSubjectAliases("customer", "client");
});
Then.IShouldBeAbleToExecute(new EditClientCommand());
}
public void default_area_behavior_on_command_with_area_and_action_alias()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("area/edit").On("customer");
c.ConfigureActionAliases("edit", "promote");
});
Then.IShouldBeAbleToExecute("area/PromoteCustomerCommand");
}
public void checking_ability_with_verbosity_should_log_it()
{
AbilityConfiguration.Debug(t => debugMessages.Add(t)).Verbose();
AbilityConfiguration.ConfigureWith(c => c.Allow("view").On("order"));
Then.IShouldBeAbleTo("view", "order");
debugMessages.ShouldContain("user has the ability to view/order")
.ShouldContain("user can view/order");
}
public void with_positive_subject_context_allows_its_action()
{
AbilityConfiguration.ConfigureWith(c =>
c.Allow("view").On <Order>(o => o.IsPending)
);
Then.IShouldBeAbleTo("view", new Order {
IsPending = true
});
}
public void area_behavior_on_model_with_denied_data()
{
AbilityConfiguration.ConfigureWith(c => c.Allow("area/delete").On("customer"));
Then.IShouldNotBeAbleTo("delete", new CustomerWithPermissionDto {
CanDelete = false
});
Then.IShouldNotBeAbleTo("area/delete", new CustomerWithPermissionDto {
CanDelete = false
});
}
public void area_behavior_on_model_with_action_alias()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("area/view").On("customer");
c.ConfigureActionAliases("area", "other");
});
Then.IShouldNotBeAbleTo("view", new CustomerDto());
Then.IShouldBeAbleTo("other/view", new CustomerDto());
}
public void subject_alias_is_case_insensitive()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("view").On("customer");
c.ConfigureSubjectAliases("cusTomEr", "cuStoMErs");
});
Then.IShouldBeAbleTo("view", "cUstoMer");
Then.IShouldBeAbleTo("view", "cusTOmers");
}
public static void Configure()
{
AbilityConfiguration.Debug(message => Trace.Write(string.Format("Authorization: {0}", message))).Verbose();
AbilityConfiguration.ConfigureCache(new PerRequestHttpCache());
AbilityConfiguration.ConfigureWith(
config => new AbilityConfigurator(config, System.Web.HttpContext.Current.User)
);
AbilityMvcConfiguration.ConfigureUnauthorizedActionResult(new HttpUnauthorizedResult());
}
public void allow_all__allows_anything_on_the_subject()
{
AbilityConfiguration.ConfigureWith(c => c.AllowAnything().On("customer"));
Then.IShouldBeAbleTo("view", "customer");
Then.IShouldBeAbleTo("create", "customer");
Then.IShouldBeAbleTo("edit", "customer");
Then.IShouldBeAbleTo("delete", "customer");
Then.IShouldBeAbleTo("discombobulate", "customer");
Then.IShouldNotBeAbleTo("view", "order");
}
public void with_negative_subject_context_allows_its_action()
{
AbilityConfiguration.ConfigureWith(c =>
c.AllowTo("edit", "order")
.If <Order>(o => o.IsPending)
);
Then.IShouldNotBeAbleTo("edit", new Order {
IsPending = false
});
}
public void abilities_ignore_postfixes_case_insensitive()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.AllowTo("view", "customer");
c.IgnoreSubjectPostfixes("viewmodel");
});
Then.IShouldBeAbleTo("view", new CustomerViewModel());
}
public void redundant_subject_alias_doesnt_crash()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("view").On("customer");
c.ConfigureSubjectAliases("customer", "customers");
c.ConfigureSubjectAliases("customer", "customers");
});
Then.IShouldBeAbleTo("view", "customer");
Then.IShouldBeAbleTo("view", "customers");
}
public void overwriting_alias_configures_the_last_one()
{
AbilityConfiguration.ConfigureWith(c =>
{
c.Allow("update").On("customer");
c.ConfigureActionAliases("view", "consult");
c.ConfigureActionAliases("edit", "consult");
});
Then.IShouldBeAbleTo("update", "customer");
Then.IShouldBeAbleTo("consult", "customer");
}