public void ShouldWork()
{
IAclProvider categories = new MemoryProvider();
IAclProvider widgets = new MemoryProvider();
IAclProvider urls = new MemoryProvider();
widgets.SetAcls(
new Deny("/", "read", "*"),
new Allow("/", "read", "g1")
);
urls.SetAcls(
new Allow("/c", "read", "g2"),
new Deny("/c", "read", "g3"),
new Allow("/d", "read", "g3"),
new Deny("/d", "read", "*"),
new Deny("/", "read", "g2")
);
RouterProvider router = new RouterProvider();
router.Register("/a", widgets);
router.Register("/a/b", urls);
AclManager.DefaultProvider = router;
Assert.AreEqual(5, router.GetAcls("/a/b/c", "read").Count());
Assert.AreEqual(5, router.GetAcls("/a/b/d", "read").Count());
Assert.IsTrue(AclManager.IsAllowed("/a/b/c", "read", "g1", "g2"));
Assert.IsFalse(AclManager.IsAllowed("/a/b/c", "read", "g1", "g3"));
Assert.IsTrue(AclManager.IsAllowed("/a/b/d", "read", "g3"));
Assert.IsTrue(AclManager.IsAllowed("/a/b/d", "read", "g1", "g3"));
Assert.IsFalse(AclManager.IsAllowed("/a/b/d", "read", "g1", "g2"));
Assert.IsFalse(AclManager.IsAllowed("/a/b/c", "read", "g3"));
}
public void ShouldDenyNotAuthorizedByConfiguration()
{
Assert.IsTrue(AclManager.IsAllowed("/travel", "read", "s.ros"));
Assert.IsTrue(AclManager.IsAllowed("/travel/asshole", "read", "s.ros"));
Assert.IsFalse(AclManager.IsAllowed("/", "read", "s.ros"));
Assert.IsFalse(AclManager.IsAllowed("/", "read", "peter"));
Assert.IsFalse(AclManager.IsAllowed("/travel", "read", "peter"));
Assert.IsFalse(AclManager.IsAllowed("/travel/asshole", "read", "peter"));
}
public void Bug()
{
AclManager.DefaultProvider = new MemoryProvider();
AclManager.Allow("/", "read", "*");
AclManager.Deny("/travel", "read", "s.ros");
Assert.IsFalse(AclManager.IsAllowed("/travel", "read", "s.ros"));
Assert.IsFalse(AclManager.IsAllowed("/travel/asshole", "read", "s.ros"));
Assert.IsTrue(AclManager.IsAllowed("/", "read", "s.ros"));
Assert.IsTrue(AclManager.IsAllowed("/", "read", "peter"));
Assert.IsTrue(AclManager.IsAllowed("/travel", "read", "peter"));
Assert.IsTrue(AclManager.IsAllowed("/travel/asshole", "read", "peter"));
}
public void SqlAclShouldWork()
{
AclManager.DefaultProvider = new SqlAclProvider();
AclManager.Allow("/", "read", "*");
AclManager.Deny("/travel", "read", "s.ros");
Assert.IsFalse(AclManager.IsAllowed("/travel", "read", "s.ros"));
Assert.IsFalse(AclManager.IsAllowed("/travel/asshole", "read", "s.ros"));
Assert.IsTrue(AclManager.IsAllowed("/", "read", "s.ros"));
Assert.IsTrue(AclManager.IsAllowed("/", "read", "peter"));
Assert.IsTrue(AclManager.IsAllowed("/travel", "read", "peter"));
Assert.IsTrue(AclManager.IsAllowed("/travel/asshole", "read", "peter"));
}
void context_AuthorizeRequest(object sender, EventArgs e)
{
HttpContext context = HttpContext.Current;
if (!context.SkipAuthorization)
{
if (!AclManager.IsAllowed(context.Request.Url.AbsolutePath, context.Request.HttpMethod, Roles.GetRolesForUser()))
{
context.Response.StatusCode = 401;
WriteErrorMessage(context);
((HttpApplication)sender).CompleteRequest();
}
}
}
private static void HandleAclRefreshedForFrameworkElement(DependencyObject target, string resourceKey, string[] subjects)
{
FrameworkElement targetFrameworkElement = target as FrameworkElement;
if (targetFrameworkElement != null)
{
targetFrameworkElement.Visibility = AclManager.IsAllowed(resourceKey, Verbs.Visible.ToString(), subjects) ? Visibility.Visible : Visibility.Collapsed;
Control targetControl = target as Control;
if (targetControl != null)
{
targetControl.IsEnabled = AclManager.IsAllowed(resourceKey, Verbs.Enabled.ToString(), subjects);
}
}
}
public void ShouldHandleStarVerb()
{
RouterProvider router = new RouterProvider();
AclManager.DefaultProvider = router;
IAclProvider urls = new MemoryProvider();
router.Register("/Widget/Rss/Urls", urls);
IAclProvider actions = new MemoryProvider();
router.Register("/Widget", actions);
AclManager.Allow("/Widget", "*", "*");
AclManager.Deny("/Widget/Rss/Urls", "access", "~/Widgets/ClientRss/ClientRssWidget.ascx");
AclManager.Allow("/Widget/Rss/Urls/fr/happly", "Access", "~/Widgets/ClientRss/ClientRssWidget.ascx");
AclManager.Deny("/Widget/Rss/Urls/fr/happly/knowledgebank", "access", "~/Widgets/ClientRss/ClientRssWidget.ascx");
Assert.IsFalse(AclManager.IsAllowed("/Widget/Rss/Urls", "access", "~/Widgets/ClientRss/ClientRssWidget.ascx"));
Assert.IsFalse(AclManager.IsAllowed("/Widget/Rss/Urls/fr/happly/knowledgebank", "access", "~/Widgets/ClientRss/ClientRssWidget.ascx"));
Assert.IsTrue(AclManager.IsAllowed("/Widget/Rss/Urls/fr/happly/knoledgebank", "access", "~/Widgets/ClientRss/ClientRssWidget.ascx"));
Assert.IsTrue(AclManager.IsAllowed("/Widget", "read", "~/Widgets/ClientRss/ClientRssWidget.ascx"));
Assert.IsTrue(AclManager.IsAllowed("/Widget/Rss/Urls/fr/happly/knowledgebank", "read", "~/Widgets/ClientRss/ClientRssWidget.ascx"));
}
public void ShouldDenyEveryoneWhenNoRule()
{
AclManager.DefaultProvider = new MemoryProvider();
Assert.IsFalse(AclManager.IsAllowed("/", "read"));
Assert.IsFalse(AclManager.IsAllowed("/", "read", "s.ros"));
}