/// <inheritdoc/> protected override Task <bool> IsAuthorized(AuthorizationHandlerContext context, ContentPermissionsResourceRequirement requirement, ContentPermissionsResource resource) { ContentPermissions.ContentAccess permissionResult = resource.NodeId.HasValue ? _contentPermissions.CheckPermissions( resource.NodeId.Value, _backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser, out IContent? _, resource.PermissionsToCheck) : _contentPermissions.CheckPermissions( resource.Content, _backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser, resource.PermissionsToCheck); return(Task.FromResult(permissionResult != ContentPermissions.ContentAccess.Denied)); }
public void No_Access_By_Path() { // Arrange IUser user = CreateUser(id: 9, startContentId: 9876); var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); IContent content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); IContentService contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection(); var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet); IUserService userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>())) .Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") }); IEntityService entityService = entityServiceMock.Object; var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled); // Act ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' }); // Assert Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result); }
public void No_Content_Found() { // Arrange IUser user = CreateUser(id: 9); var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); IContent content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(0)).Returns(content); IContentService contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection(); var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet); IUserService userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); IEntityService entityService = entityServiceMock.Object; var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled); // Act ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' }); // Assert Assert.AreEqual(ContentPermissions.ContentAccess.NotFound, result); }
public void No_Access_To_Recycle_Bin_By_Permission() { // Arrange IUser user = CreateUser(withUserGroup: false); var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1234, new string[] { "A" }) }; var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet); IUserService userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); IEntityService entityService = entityServiceMock.Object; var contentServiceMock = new Mock <IContentService>(); IContentService contentService = contentServiceMock.Object; var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled); // Act ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent foundContent, new[] { 'B' }); // Assert Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result); }
public void Access_To_Recycle_Bin_By_Permission() { // Arrange var user = CreateUser(); var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection { new(9876, 1234, new[] { "A" }) }; var permissionSet = new EntityPermissionSet(-20, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; var contentServiceMock = new Mock <IContentService>(); var contentService = contentServiceMock.Object; var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled); // Act var result = contentPermissions.CheckPermissions(-20, user, out IContent _, new[] { 'A' }); // Assert Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result); }
public void Access_Allowed_By_Permission() { // Arrange var user = CreateUser(9); var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); var contentService = contentServiceMock.Object; var permissions = new EntityPermissionCollection { new(9876, 1234, new[] { "A", "F", "C" }) }; var permissionSet = new EntityPermissionSet(1234, permissions); var userServiceMock = new Mock <IUserService>(); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled); // Act var result = contentPermissions.CheckPermissions(1234, user, out IContent _, new[] { 'F' }); // Assert Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result); }
public void Access_To_Recycle_Bin_By_Path() { // Arrange IUser user = CreateUser(); var contentServiceMock = new Mock <IContentService>(); IContentService contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); IUserService userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); IEntityService entityService = entityServiceMock.Object; var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled); // Act ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent _); // Assert Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result); }
public void No_Access_To_Recycle_Bin_By_Path() { // Arrange IUser user = CreateUser(startContentId: 1234); var contentServiceMock = new Mock <IContentService>(); IContentService contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); IUserService userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>())) .Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 1234 && entity.Path == "-1,1234") }); IEntityService entityService = entityServiceMock.Object; var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled); // Act ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent foundContent); // Assert Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result); }
/// <inheritdoc /> protected override Task<bool> IsAuthorized(AuthorizationHandlerContext context, ContentPermissionsPublishBranchRequirement requirement, IContent resource) { IUser? currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser; var denied = new List<IUmbracoEntity>(); var page = 0; const int pageSize = 500; var total = long.MaxValue; while (page * pageSize < total) { // Order descendents by shallowest to deepest, this allows us to check permissions from top to bottom so we can exit // early if a permission higher up fails. IEnumerable<IEntitySlim> descendants = _entityService.GetPagedDescendants( resource.Id, UmbracoObjectTypes.Document, page++, pageSize, out total, ordering: Ordering.By("path")); foreach (IEntitySlim c in descendants) { // If this item's path has already been denied or if the user doesn't have access to it, add to the deny list. if (denied.Any(x => c.Path.StartsWith($"{x.Path},")) || _contentPermissions.CheckPermissions( c, currentUser, requirement.Permission) == ContentPermissions.ContentAccess.Denied) { denied.Add(c); } } } return Task.FromResult(denied.Count == 0); }
public void Access_Allowed_By_Path() { // Arrange IUser user = CreateUser(id: 9); var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); IContent content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); IContentService contentService = contentServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); IEntityService entityService = entityServiceMock.Object; var userServiceMock = new Mock <IUserService>(); IUserService userService = userServiceMock.Object; var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled); // Act ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent); // Assert Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result); }