public void It_should_authorize_operations_and_targets() { var target = new object(); var authResult = new DefaultAuthorizationResult(new Mock<IUser>().Object, "Foo"); var isAuthAttr = new IsAuthorizedAttribute("Foo", "theTarget"); this.securityProviderMock.Setup(x => x.GetAuthorizationResult(It.IsAny<IContext>(), "Foo", It.IsAny<object>())) .Returns(authResult); authResult.SetResult(true); var filterContext = new ActionExecutingContext { ActionParameters = new Dictionary<string, object> { { "theTarget", target } } }; isAuthAttr.OnActionExecuting(filterContext); this.securityProviderMock.Verify(x => x.GetAuthorizationResult(Context.Current, "Foo", target)); filterContext.Result.Should().BeNull(); authResult.SetResult(false); filterContext = new ActionExecutingContext { ActionParameters = new Dictionary<string, object> { { "theTarget", target } } }; isAuthAttr.OnActionExecuting(filterContext); this.securityProviderMock.Verify(x => x.GetAuthorizationResult(Context.Current, "Foo", target)); filterContext.Result.Should().BeOfType<HttpUnauthorizedResult>(); authResult.SetResult(false); filterContext = new ActionExecutingContext { ActionParameters = new Dictionary<string, object>() }; isAuthAttr.OnActionExecuting(filterContext); this.securityProviderMock.Verify(x => x.GetAuthorizationResult(Context.Current, "Foo", null)); filterContext.Result.Should().BeOfType<HttpUnauthorizedResult>(); }
/// <summary> /// Gets the <see cref="AuthorizationResult"/> for the current context and current user. /// </summary> /// <param name="context"> /// The context. /// </param> /// <param name="operation"> /// The operation. /// </param> /// <param name="target"> /// The target. /// </param> /// <param name="field"> /// The field. /// </param> /// <returns> /// The <see cref="AuthorizationResult"/>. /// </returns> public AuthorizationResult GetAuthorizationResult(IContext context, string operation, object target, string field) { var result = new DefaultAuthorizationResult(this.GetCurrentUser(context), operation, target, field); result.SetResult(true); result.AddReason(Resources.UsingDefaultNoSecurityProvider); return result; }
public void It_should_authorize_operations() { var authResult = new DefaultAuthorizationResult(new Mock<IUser>().Object, "Foo"); var isAuthAttr = new IsAuthorizedAttribute("Foo"); this.securityProviderMock.Setup(x => x.GetAuthorizationResult(It.IsAny<IContext>(), "Foo")) .Returns(authResult); authResult.SetResult(true); var filterContext = new ActionExecutingContext(); isAuthAttr.OnActionExecuting(filterContext); this.securityProviderMock.Verify(x => x.GetAuthorizationResult(Context.Current, "Foo")); filterContext.Result.Should().BeNull(); authResult.SetResult(false); filterContext = new ActionExecutingContext(); isAuthAttr.OnActionExecuting(filterContext); this.securityProviderMock.Verify(x => x.GetAuthorizationResult(Context.Current, "Foo")); filterContext.Result.Should().BeOfType<HttpUnauthorizedResult>(); }