public void GetAzManagerAcl()
{
AzManager azMan = new AzManager(Domain.RoleProvider, Domain.PermissionProvider);
AzManager.AzManagerAcl acl = null;
//необходимо проверить не для объектов:
//1. отсутствие установок
//2. явная установка
//3. явная установка и явное запрещение
//4. явное запрещение
acl = azMan.GetAzManagerAcl(Constants.Admin, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
//пусто - запрещено
acl = azMan.GetAzManagerAcl(Constants.Everyone, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Constants.Owner, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Constants.Self, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Constants.User, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.roleAVS, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.roleHR, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.roleNET, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.roleAdministration, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountAlient, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountAnton, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountKat, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountLev, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountNik, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountValery, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
}
public void GetAzManagerAcl()
{
AzManager azMan = new AzManager(Domain.RoleProvider, Domain.PermissionProvider);
AzManager.AzManagerAcl acl = null;
acl = azMan.GetAzManagerAcl(Constants.Admin, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Constants.Everyone, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Constants.Owner, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Constants.Self, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Constants.User, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.roleAVS, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.roleHR, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.roleNET, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.roleAdministration, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountAlient, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountAnton, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountKat, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountLev, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountNik, Domain.actionAddUser, null, null);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountValery, Domain.actionAddUser, null, null);
Assert.IsFalse(acl.IsAllow);
}
public void GetAzManagerObjectAcl()
{
AzManager azMan = new AzManager(Domain.RoleProvider, Domain.PermissionProvider);
AzManager.AzManagerAcl acl = null;
var c1 = new Class1(1);
var c2 = new Class1(2);
var sop = new Class1SecurityProvider();
var c1Id = new SecurityObjectId(c1.Id, typeof(Class1));
var c2Id = new SecurityObjectId(c2.Id, typeof(Class1));
Domain.PermissionProvider.SetObjectAcesInheritance(c1Id, false);
Domain.PermissionProvider.SetObjectAcesInheritance(c2Id, false);
Domain.PermissionProvider.AddAce(Constants.Owner, Domain.actionAddUser, c1Id, AceType.Allow);
acl = azMan.GetAzManagerAcl(Domain.accountNik, Domain.actionAddUser, c1Id, sop);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountNik, Domain.actionAddUser, c2Id, sop);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountAnton, Domain.actionAddUser, c1Id, sop);
Assert.IsFalse(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountAnton, Domain.actionAddUser, c2Id, sop);
Assert.IsFalse(acl.IsAllow);
Domain.PermissionProvider.SetObjectAcesInheritance(c2Id, true);
acl = azMan.GetAzManagerAcl(Domain.accountNik, Domain.actionAddUser, c2Id, sop);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountAnton, Domain.actionAddUser, c1Id, sop);
Assert.IsFalse(acl.IsAllow);
Domain.PermissionProvider.SetObjectAcesInheritance(c1Id, true);
acl = azMan.GetAzManagerAcl(Domain.accountNik, Domain.actionAddUser, c2Id, sop);
Assert.IsTrue(acl.IsAllow);
acl = azMan.GetAzManagerAcl(Domain.accountLev, Domain.actionAddUser, c2Id, sop);
Assert.IsFalse(acl.IsAllow);
}
