示例#1
0
        public void InheritingRowPermissions()
        {
            InsertCurrentPrincipal(); // Not related to row permissions.

            // Insert the test data (server code bypasses row permissions):

            using (var scope = TestScope.Create())
            {
                var repository = scope.Resolve <Common.DomRepository>();
                var context    = scope.Resolve <Common.ExecutionContext>();
                repository.DemoRowPermissions2.DocumentApproval.Delete(repository.DemoRowPermissions2.DocumentApproval.Query());
                repository.DemoRowPermissions2.DocumentComment.Delete(repository.DemoRowPermissions2.DocumentComment.Query());
                repository.DemoRowPermissions2.Document.Delete(repository.DemoRowPermissions2.Document.Query());
                repository.DemoRowPermissions2.RegionSupervisor.Delete(repository.DemoRowPermissions2.RegionSupervisor.Query());
                repository.DemoRowPermissions2.Employee.Delete(repository.DemoRowPermissions2.Employee.Query());
                repository.DemoRowPermissions2.Division.Delete(repository.DemoRowPermissions2.Division.Query());
                repository.DemoRowPermissions2.Region.Delete(repository.DemoRowPermissions2.Region.Query());

                var reg3 = new DemoRowPermissions2.Region {
                    Name = "reg3"
                };
                repository.DemoRowPermissions2.Region.Insert(new[] { reg3 });

                var div1 = new DemoRowPermissions2.Division {
                    Name = "div1"
                };
                var div2 = new DemoRowPermissions2.Division {
                    Name = "div2"
                };
                var div3 = new DemoRowPermissions2.Division {
                    Name = "div3", RegionID = reg3.ID
                };
                repository.DemoRowPermissions2.Division.Insert(new[] { div1, div2, div3 });

                // The current user:
                var emp1 = new DemoRowPermissions2.Employee
                {
                    UserName   = context.UserInfo.UserName,
                    DivisionID = div1.ID
                };
                var emp2 = new DemoRowPermissions2.Employee
                {
                    UserName = "******"
                };
                repository.DemoRowPermissions2.Employee.Insert(new[] { emp1, emp2 });

                var sup3 = new DemoRowPermissions2.RegionSupervisor
                {
                    EmployeeID = emp1.ID,
                    RegionID   = reg3.ID
                };
                repository.DemoRowPermissions2.RegionSupervisor.Insert(new[] { sup3 });

                // The current user can access doc1, because it's in the same division:
                var doc1 = new DemoRowPermissions2.Document {
                    Title = "doc1", DivisionID = div1.ID
                };
                // The current user cannot access doc2:
                var doc2 = new DemoRowPermissions2.Document {
                    Title = "doc2", DivisionID = div2.ID
                };
                // The current user can access doc3, because it's in the region he supervises:
                var doc3 = new DemoRowPermissions2.Document {
                    Title = "doc3", DivisionID = div3.ID
                };
                repository.DemoRowPermissions2.Document.Insert(new[] { doc1, doc2, doc3 });

                // The current user can access com1, because it is related to his document:
                var com1 = new DemoRowPermissions2.DocumentComment {
                    DocumentID = doc1.ID, Comment = "com1"
                };
                // The current user cannot access com2:
                var com2 = new DemoRowPermissions2.DocumentComment {
                    DocumentID = doc2.ID, Comment = "com2"
                };
                repository.DemoRowPermissions2.DocumentComment.Insert(new[] { com1, com2 });

                // The current user can access app1, because it is related to his document:
                var app1 = new DemoRowPermissions2.DocumentApproval {
                    ID = doc1.ID, ApprovedByID = emp1.ID, Note = "app1"
                };
                // The current user cannot access app2:
                var app2 = new DemoRowPermissions2.DocumentApproval {
                    ID = doc2.ID, ApprovedByID = emp1.ID, Note = "app2"
                };
                // The current user can read app3, but cannot write it, because it is approved by a different user:
                var app3 = new DemoRowPermissions2.DocumentApproval {
                    ID = doc3.ID, ApprovedByID = emp2.ID, Note = "app3"
                };
                repository.DemoRowPermissions2.DocumentApproval.Insert(new[] { app1, app2, app3 });

                scope.CommitAndClose();
            }

            // Test the current user's row permissions:
            // The test will not execute client requests, but simply directly check the row permissions filters.

            using (var scope = TestScope.Create())
            {
                var allowedReadBrowse =
                    scope.Resolve <GenericRepository <DemoRowPermissions2.DocumentBrowse> >()
                    .Load <Common.RowPermissionsReadItems>();
                Assert.AreEqual("doc1, doc3", TestUtility.DumpSorted(allowedReadBrowse, browse => browse.Title));

                var allowedReadComment =
                    scope.Resolve <GenericRepository <DemoRowPermissions2.DocumentComment> >()
                    .Load <Common.RowPermissionsReadItems>();
                Assert.AreEqual("com1", TestUtility.DumpSorted(allowedReadComment, comment => comment.Comment));

                var allowedReadApproval =
                    scope.Resolve <GenericRepository <DemoRowPermissions2.DocumentApproval> >()
                    .Load <Common.RowPermissionsReadItems>();
                Assert.AreEqual("app1, app3", TestUtility.DumpSorted(allowedReadApproval, approval => approval.Note));

                var allowedWriteApproval =
                    scope.Resolve <GenericRepository <DemoRowPermissions2.DocumentApproval> >()
                    .Load <Common.RowPermissionsWriteItems>();
                Assert.AreEqual("app1", TestUtility.DumpSorted(allowedWriteApproval, approval => approval.Note));

                var allowedReadInfo =
                    scope.Resolve <GenericRepository <DemoRowPermissions2.DocumentInfo> >()
                    .Load <Common.RowPermissionsReadItems>();
                Assert.AreEqual("doc1_2, doc3_2", TestUtility.DumpSorted(allowedReadInfo, info => info.Title2));
            }
        }
示例#2
0
        public void InheritingRowPermissions()
        {
            InsertCurrentPrincipal(); // Not related to row permissions.

            // Insert the test data (server code bypasses row permissions):

            using (var container = new RhetosTestContainer(commitChanges: true))
            {
                var repository = container.Resolve<Common.DomRepository>();
                var context = container.Resolve<Common.ExecutionContext>();
                repository.DemoRowPermissions2.DocumentApproval.Delete(repository.DemoRowPermissions2.DocumentApproval.All());
                repository.DemoRowPermissions2.DocumentComment.Delete(repository.DemoRowPermissions2.DocumentComment.All());
                repository.DemoRowPermissions2.Document.Delete(repository.DemoRowPermissions2.Document.All());
                repository.DemoRowPermissions2.RegionSupervisor.Delete(repository.DemoRowPermissions2.RegionSupervisor.All());
                repository.DemoRowPermissions2.Employee.Delete(repository.DemoRowPermissions2.Employee.All());
                repository.DemoRowPermissions2.Division.Delete(repository.DemoRowPermissions2.Division.All());
                repository.DemoRowPermissions2.Region.Delete(repository.DemoRowPermissions2.Region.All());

                var reg3 = new DemoRowPermissions2.Region { Name = "reg3" };
                repository.DemoRowPermissions2.Region.Insert(new[] { reg3 });

                var div1 = new DemoRowPermissions2.Division { Name = "div1" };
                var div2 = new DemoRowPermissions2.Division { Name = "div2" };
                var div3 = new DemoRowPermissions2.Division { Name = "div3", RegionID = reg3.ID };
                repository.DemoRowPermissions2.Division.Insert(new[] { div1, div2, div3 });

                // The current user:
                var emp1 = new DemoRowPermissions2.Employee
                {
                    UserName = context.UserInfo.UserName,
                    DivisionID = div1.ID
                };
                var emp2 = new DemoRowPermissions2.Employee
                {
                    UserName = "******"
                };
                repository.DemoRowPermissions2.Employee.Insert(new[] { emp1, emp2 });

                var sup3 = new DemoRowPermissions2.RegionSupervisor
                {
                    EmployeeID = emp1.ID,
                    RegionID = reg3.ID
                };
                repository.DemoRowPermissions2.RegionSupervisor.Insert(new[] { sup3 });

                // The current user can access doc1, because it's in the same division:
                var doc1 = new DemoRowPermissions2.Document { Title = "doc1", DivisionID = div1.ID };
                // The current user cannot access doc2:
                var doc2 = new DemoRowPermissions2.Document { Title = "doc2", DivisionID = div2.ID };
                // The current user can access doc3, because it's in the region he supervises:
                var doc3 = new DemoRowPermissions2.Document { Title = "doc3", DivisionID = div3.ID };
                repository.DemoRowPermissions2.Document.Insert(new[] { doc1, doc2, doc3 });

                // The current user can access com1, because it is related to his document:
                var com1 = new DemoRowPermissions2.DocumentComment { DocumentID = doc1.ID, Comment = "com1" };
                // The current user cannot access com2:
                var com2 = new DemoRowPermissions2.DocumentComment { DocumentID = doc2.ID, Comment = "com2" };
                repository.DemoRowPermissions2.DocumentComment.Insert(new[] { com1, com2 });

                // The current user can access app1, because it is related to his document:
                var app1 = new DemoRowPermissions2.DocumentApproval { ID = doc1.ID, ApprovedByID = emp1.ID, Note = "app1" };
                // The current user cannot access app2:
                var app2 = new DemoRowPermissions2.DocumentApproval { ID = doc2.ID, ApprovedByID = emp1.ID, Note = "app2" };
                // The current user can read app3, but cannot write it, because it is approved by a different user:
                var app3 = new DemoRowPermissions2.DocumentApproval { ID = doc3.ID, ApprovedByID = emp2.ID, Note = "app3" };
                repository.DemoRowPermissions2.DocumentApproval.Insert(new[] { app1, app2, app3 });
            }

            // Test the current user's row permissions:
            // The test will not execute client requests, but simply directly check the row permissions filters.

            using (var container = new RhetosTestContainer())
            {
                var allowedReadBrowse =
                    container.Resolve<GenericRepository<DemoRowPermissions2.DocumentBrowse>>()
                    .Load<Common.RowPermissionsReadItems>();
                Assert.AreEqual("doc1, doc3", TestUtility.DumpSorted(allowedReadBrowse, browse => browse.Title));

                var allowedReadComment =
                    container.Resolve<GenericRepository<DemoRowPermissions2.DocumentComment>>()
                    .Load<Common.RowPermissionsReadItems>();
                Assert.AreEqual("com1", TestUtility.DumpSorted(allowedReadComment, comment => comment.Comment));

                var allowedReadApproval =
                    container.Resolve<GenericRepository<DemoRowPermissions2.DocumentApproval>>()
                    .Load<Common.RowPermissionsReadItems>();
                Assert.AreEqual("app1, app3", TestUtility.DumpSorted(allowedReadApproval, approval => approval.Note));

                var allowedWriteApproval =
                    container.Resolve<GenericRepository<DemoRowPermissions2.DocumentApproval>>()
                    .Load<Common.RowPermissionsWriteItems>();
                Assert.AreEqual("app1", TestUtility.DumpSorted(allowedWriteApproval, approval => approval.Note));
            }
        }