public void Test_BasicSave(bool allowCreate) { UserAccount userAccount = null; EntityType entityType = null; IEntity entity = null; string userName; userAccount = Entity.Create <UserAccount>(); userAccount.Name = "Test user " + Guid.NewGuid().ToString(); userAccount.Save(); entityType = new EntityType(); entityType.Inherits.Add(UserResource.UserResource_Type); entityType.Save(); if (allowCreate) { new AccessRuleFactory().AddAllow(userAccount.As <Subject>(), new [] { Permissions.Create }, entityType.As <SecurableEntity>()); } userName = userAccount.Name; using (new SetUser(userAccount)) { Assert.That(() => entity = Entity.Create(entityType), Throws.Nothing); Assert.That(() => entity.Save(), allowCreate ? (Constraint)Throws.Nothing : Throws.TypeOf <PlatformSecurityException>() .And.EqualTo(new PlatformSecurityException(userName, new[] { Permissions.Create }, new [] { new EntityRef(entity) }))); } }
public void TestOnDeleteAccessRule() { bool success = true; string subjectName = "Role" + Guid.NewGuid(); string typeName = "Type" + Guid.NewGuid(); string reportName = "Report" + Guid.NewGuid(); var mockAuditLog = new Mock <IAuditLog>(MockBehavior.Strict); mockAuditLog.Setup(al => al.OnDeleteAccessRule(success, subjectName, typeName, reportName)); var eventTarget = new AuditLogAccessRuleEventTarget(mockAuditLog.Object); var subject = new Role { Name = subjectName }; var type = new EntityType { Name = typeName }; var report = new Report { Name = reportName }; var accessRule = new AccessRule { AllowAccessBy = subject.As <Subject>(), ControlAccess = type.As <SecurableEntity>(), AccessRuleReport = report }; IDictionary <string, object> state = new Dictionary <string, object>(); eventTarget.GatherAuditLogEntityDetailsForDelete(accessRule, state); eventTarget.WriteDeleteAuditLogEntries(success, accessRule.Id, state); mockAuditLog.VerifyAll(); }
public void Test_GetDisplayReportForSecurableEntity_EnsureDifferent() { EntityType entityType; IAccessRuleReportFactory accessRuleReportFactory; Report report1; Report report2; entityType = new EntityType(); entityType.Save(); accessRuleReportFactory = new AccessRuleDisplayReportFactory(); report1 = accessRuleReportFactory.GetDisplayReportForSecurableEntity(entityType.As <SecurableEntity>()); report2 = accessRuleReportFactory.GetDisplayReportForSecurableEntity(entityType.As <SecurableEntity>()); Assert.That(report1, Has.Property("Id").Not.EqualTo(report2.Id)); }
public void Test_EnableCreateRule() { UserAccount userAccount; EntityType entityType1; AccessRule accessRule; IEntityAccessControlService entityAccessControlService; using (var ctx = DatabaseContext.GetContext(true, preventPostSaveActionsPropagating: true)) using (new SecurityBypassContext()) { userAccount = new UserAccount(); userAccount.Name = Guid.NewGuid().ToString(); userAccount.Save(); entityType1 = new EntityType(); entityType1.Inherits.Add(UserResource.UserResource_Type); entityType1.Save(); entityAccessControlService = Factory.EntityAccessControlService; ctx.CommitTransaction(); } using (new SetUser(userAccount)) { Assert.That(entityAccessControlService.CanCreate(entityType1), Is.False, "User can somehow initially create entities (!?)"); } using (var ctx = DatabaseContext.GetContext(true, preventPostSaveActionsPropagating: true)) using (new SecurityBypassContext()) { accessRule = new AccessRuleFactory().AddAllowCreate( userAccount.As <Subject>(), entityType1.As <SecurableEntity>()); ctx.CommitTransaction(); } using (new SetUser(userAccount)) { Assert.That(entityAccessControlService.CanCreate(entityType1), Is.True, "User cannot initially create entities"); } using (var ctx = DatabaseContext.GetContext(true, preventPostSaveActionsPropagating: true)) { accessRule.AccessRuleEnabled = false; accessRule.Save(); ctx.CommitTransaction(); } using (new SetUser(userAccount)) { Assert.That(entityAccessControlService.CanCreate(entityType1), Is.False, "User can create entities afterwards (!?)"); } }
//[TestCase("core:modify", false, true)] // unsupported //[TestCase("core:delete", false, false)] // unsupported //[TestCase( "core:modify,core:delete", false, true )] // unsupported public void Test_Save(string permissionAliases, bool canGetEntity, bool canSaveEntity) { UserAccount userAccount = null; EntityType entityType = null; IEntity entity1 = null; IEntity entity2 = null; IEntity loadedEntity; userAccount = Entity.Create <UserAccount>(); userAccount.Name = "Test user " + Guid.NewGuid().ToString(); userAccount.Save(); entityType = new EntityType(); entityType.Inherits.Add(UserResource.UserResource_Type); entityType.Save(); entity1 = Entity.Create(new EntityRef(entityType)); entity1.SetField("core:name", "A"); entity1.Save(); entity2 = Entity.Create(new EntityRef(entityType)); entity2.SetField("core:name", "B"); entity2.Save(); if (permissionAliases.Length > 0) { new AccessRuleFactory().AddAllowByQuery(userAccount.As <Subject>(), entityType.As <SecurableEntity>(), permissionAliases.Split(',').Select(x => new EntityRef(x)), TestQueries.EntitiesWithNameA().ToReport()); } using (new SetUser(userAccount)) { // Only check read permission, even when getting a writable version loadedEntity = null; Assert.That(() => loadedEntity = Entity.Get <IEntity>(new EntityRef(entity1), true), canGetEntity ? (Constraint)Is.EqualTo(entity1).Using(EntityRefComparer.Instance) : (Constraint)Throws.TypeOf <PlatformSecurityException>(), "Entity 1 Get is incorrect"); Assert.That(() => Entity.Get <IEntity>(new EntityRef(entity2), true), Throws.TypeOf <PlatformSecurityException>(), "Entity 2 access failed"); if (canGetEntity) { // Requires modify permission Assert.That(() => loadedEntity.Save(), canSaveEntity ? (Constraint)Throws.Nothing : (Constraint)Throws.TypeOf <PlatformSecurityException>()); } } }
public void Test_AuthorizationDeletion() { UserAccount userAccount; EntityType entityType; IEntity entity; Authorization authorization; CachingQueryRepository cachingQueryRepository; cachingQueryRepository = (CachingQueryRepository) new EntityAccessControlFactory().Caches.First(c => c is CachingQueryRepository); userAccount = new UserAccount(); userAccount.Name = Guid.NewGuid().ToString(); userAccount.Save(); entityType = new EntityType(); entityType.Save(); entity = Entity.Create(entityType); entity.Save(); authorization = new AccessControlHelper().AddAllowReadQuery(userAccount.As <Subject>(), entityType.As <SecurableEntity>(), TestQueries.GetAllEntitiesReport()); Assert.That(cachingQueryRepository.Cache, Has.Exactly(0) .Property("Key").Property("SubjectId").EqualTo(userAccount.Id) .And.Property("Key").Property("PermissionId").EqualTo(Permission.Read.Id) .And.Property("Key").Property("EntityTypes").Contains(entityType.Id), "Entry initially present in cache"); using (new SetUser(userAccount)) { Assert.That(() => Entity.Get(entity.Id), Throws.Nothing); } Assert.That(cachingQueryRepository.Cache, Has.Exactly(1) .Property("Key").Property("SubjectId").EqualTo(userAccount.Id) .And.Property("Key").Property("PermissionId").EqualTo(Permission.Read.Id) .And.Property("Key").Property("EntityTypes").Contains(entityType.Id), "Entry not added to cache"); authorization.Delete(); Assert.That(cachingQueryRepository.Cache, Has.Exactly(0) .Property("Key").Property("SubjectId").EqualTo(userAccount.Id) .And.Property("Key").Property("PermissionId").EqualTo(Permission.Read.Id) .And.Property("Key").Property("EntityTypes").Contains(entityType.Id), "Entry not removed from cache"); }
public void TestOnChangeAccessRulePermissions() { bool success = true; string subjectName = "Role" + Guid.NewGuid(); string typeName = "Type" + Guid.NewGuid(); string reportName = "Report" + Guid.NewGuid(); var read = Entity.Get <Permission>("read"); var delete = Entity.Get <Permission>("delete"); ISet <string> oldPerm = new SortedSet <string> { read.Name }; ISet <string> newPerm = new SortedSet <string> { read.Name, delete.Name }; var mockAuditLog = new Mock <IAuditLog>(MockBehavior.Strict); mockAuditLog.Setup(al => al.OnChangeAccessRulePermissions(success, subjectName, typeName, reportName, It.Is <ISet <string> >(p => oldPerm.SetEquals(p)), It.Is <ISet <string> >(p => newPerm.SetEquals(p)))); var eventTarget = new AuditLogAccessRuleEventTarget(mockAuditLog.Object); var subject = new Role { Name = subjectName }; var type = new EntityType { Name = typeName }; var report = new Report { Name = reportName }; var accessRule = new AccessRule { AllowAccessBy = subject.As <Subject>(), ControlAccess = type.As <SecurableEntity>(), AccessRuleReport = report }; accessRule.PermissionAccess.Add(read); accessRule.Save(); // Change permissions accessRule.PermissionAccess.Add(delete); IDictionary <string, object> state = new Dictionary <string, object>(); eventTarget.GatherAuditLogEntityDetailsForSave(accessRule, state); eventTarget.WriteSaveAuditLogEntries(success, accessRule.Id, state); mockAuditLog.VerifyAll(); }
public void Test_BasicSecurity() { UserAccount userAccount = null; EntityType entityType = null; IEntity entity1 = null; IEntity entity2 = null; userAccount = Entity.Create <UserAccount>(); userAccount.Name = "GetEntitiesOfType test user " + Guid.NewGuid().ToString(); userAccount.Save(); entityType = new EntityType(); entityType.Inherits.Add(UserResource.UserResource_Type); entityType.Save(); entity1 = Entity.Create(new EntityRef(entityType)); entity1.SetField("core:name", "A"); entity1.Save(); entity2 = Entity.Create(new EntityRef(entityType)); entity2.SetField("core:name", "B"); entity2.Save(); new AccessRuleFactory().AddAllowReadQuery(userAccount.As <Subject>(), entityType.As <SecurableEntity>(), TestQueries.EntitiesWithNameA().ToReport()); // Sanity Check. Check directly to avoid any caching or side effect issue. IDictionary <long, bool> results = new EntityAccessControlChecker().CheckAccess( new[] { new EntityRef(entity1), new EntityRef(entity2) }, new[] { Permissions.Read }, new EntityRef(userAccount)); Assert.That(results, Has.Exactly(1).Property("Key").EqualTo(entity1.Id).And.Property("Value").True, "EntityAccessControlChecker.CheckAccess: No access to Entity ID 1"); Assert.That(results, Has.Exactly(1).Property("Key").EqualTo(entity2.Id).And.Property("Value").False, "EntityAccessControlChecker.CheckAccess: Access to Entity ID 2"); using (new SetUser(userAccount)) { IEnumerable <IEntity> entities = Entity.GetInstancesOfType(entityType, true, "name"); Assert.That(entities.Count(), Is.EqualTo(1), "Entity.GetInstancesOfType: Incorrect count"); Assert.That(entities, Has.Exactly(1).Property("Id").EqualTo(entity1.Id), "Entity.GetInstancesOfType: Incorrect Id"); } }
public void Test_GetDisplayReportForSecurableEntity_ValidSecurityQuery() { EntityType entityType; IAccessRuleReportFactory accessRuleReportFactory; Report report; StructuredQuery reportStructuredQuery; entityType = new EntityType(); entityType.Save(); accessRuleReportFactory = new AccessRuleDisplayReportFactory(); report = accessRuleReportFactory.GetDisplayReportForSecurableEntity(entityType.As <SecurableEntity>()); reportStructuredQuery = ReportToQueryConverter.Instance.Convert(report); Assert.That(reportStructuredQuery, Has.Property("SelectColumns").Count.EqualTo(reportStructuredQuery.SelectColumns.Count), "Select column mismatch"); Assert.That(reportStructuredQuery.SelectColumns.Any(sc => sc.Expression is IdExpression), Is.EqualTo(reportStructuredQuery.SelectColumns.Any(sc => sc.Expression is IdExpression)), "Id Expression mismatch"); }
public void Test_CanCreate_InheritedTypes() { EntityType baseEntityType; EntityType derivedEntityType; UserAccount userAccount; derivedEntityType = new EntityType(); derivedEntityType.Name = "Derived Type " + Guid.NewGuid(); derivedEntityType.Save(); baseEntityType = new EntityType(); baseEntityType.Name = "Base Type " + Guid.NewGuid(); baseEntityType.DerivedTypes.Add(derivedEntityType); baseEntityType.Inherits.Add(UserResource.UserResource_Type); baseEntityType.Save(); derivedEntityType = Entity.Get <EntityType>(derivedEntityType.Id); Assert.That(derivedEntityType.GetAncestorsAndSelf(), Is.EquivalentTo(new [] { baseEntityType, derivedEntityType, UserResource.UserResource_Type, Entity.Get <EntityType>("core:resource") }) .Using(new EntityIdEqualityComparer <EntityType>())); Assert.That(derivedEntityType.IsDerivedFrom(baseEntityType), Is.True, "Not derived form base type"); userAccount = new UserAccount(); userAccount.Name = "Test User Account " + Guid.NewGuid(); userAccount.Save(); new AccessRuleFactory().AddAllowCreate( userAccount.As <Subject>(), baseEntityType.As <SecurableEntity>()); using (new SetUser(userAccount)) { Assert.That( Factory.EntityAccessControlService.CanCreate(baseEntityType), "Cannot create base type"); Assert.That( Factory.EntityAccessControlService.CanCreate(derivedEntityType), "Cannot create derived type"); } }
//[TestCase("core:modify", false)] // unsupported //[TestCase("core:delete", true)] // unsupported //[TestCase("core:modify,core:delete", true)] // unsupported public void Test_Delete(string permissionAliases, bool canDeleteEntity1) { UserAccount userAccount = null; EntityType entityType = null; IEntity entity1 = null; IEntity entity2 = null; userAccount = Entity.Create <UserAccount>(); userAccount.Name = "Test user " + Guid.NewGuid().ToString(); userAccount.Save(); entityType = new EntityType(); entityType.Inherits.Add(UserResource.UserResource_Type); entityType.Save(); entity1 = Entity.Create(new EntityRef(entityType)); entity1.SetField("core:name", "A"); entity1.Save(); entity2 = Entity.Create(new EntityRef(entityType)); entity2.SetField("core:name", "B"); entity2.Save(); if (permissionAliases.Length > 0) { new AccessRuleFactory().AddAllowByQuery(userAccount.As <Subject>(), entityType.As <SecurableEntity>(), permissionAliases.Split(',').Select(x => new EntityRef(x)), TestQueries.EntitiesWithNameA().ToReport()); } using (new SetUser(userAccount)) { Assert.That(() => entity1.Delete(), canDeleteEntity1 ? (Constraint)Throws.Nothing : (Constraint)Throws.TypeOf <PlatformSecurityException>()); Assert.That(() => Entity.Get <IEntity>(new EntityRef(entity2)), Throws.TypeOf <PlatformSecurityException>(), "Entity 2 delete somehow worked"); } }
public void Test_TemporaryIds(long id, bool shouldRaiseException) { UserAccount userAccount = null; EntityType entityType = null; MockRepository mockRepository; Mock <IEntity> mockEntity = null; Mock <IEntityInternal> mockEntityInternal = null; EntityModificationToken entityModificationToken; userAccount = Entity.Create <UserAccount>(); userAccount.Name = "Test user " + Guid.NewGuid().ToString(); userAccount.Save(); entityType = new EntityType(); entityType.Inherits.Add(UserResource.UserResource_Type); entityType.Save(); new AccessRuleFactory().AddAllowCreate(userAccount.As <Subject>(), entityType.As <SecurableEntity>()); // Mock an Entity. Yes, I am completely insane. mockRepository = new MockRepository(MockBehavior.Loose); mockEntity = mockRepository.Create <IEntity>(); mockEntity.SetupGet(e => e.TypeIds).Returns(() => new[] { entityType.Id }); mockEntity.SetupGet(e => e.EntityTypes).Returns(() => new[] { entityType }); mockEntity.Setup(e => e.IsReadOnly).Returns(() => false); mockEntity.SetupGet(e => e.Id).Returns(() => id); mockEntityInternal = mockEntity.As <IEntityInternal>(); mockEntityInternal.SetupGet(ei => ei.IsTemporaryId).Returns(() => EntityTemporaryIdAllocator.IsAllocatedId(id)); entityModificationToken = new EntityModificationToken(); mockEntityInternal.SetupGet(ei => ei.ModificationToken).Returns(() => entityModificationToken); using (new SetUser(userAccount)) { Assert.That(() => Entity.Save(new [] { mockEntity.Object }, false), shouldRaiseException ? (Constraint)Throws.Nothing : Throws.TypeOf <PlatformSecurityException>()); } }
public void Test_Relationship(Direction direction, string identityType, int count) { // Create schema EntityType type = Entity.Create <EntityType>( ); type.Name = "Test Type"; type.Inherits.Add(Entity.Get <EntityType>("core:resource")); type.Save( ); Field stringField = new StringField( ).As <Field>( ); Field intField = new IntField( ).As <Field>( ); EntityType type2 = Entity.Create <EntityType>( ); type2.Name = "Test Type2"; type2.Fields.Add(stringField); type2.Fields.Add(intField); type.Inherits.Add(Entity.Get <EntityType>("core:resource")); type2.Save( ); Relationship relationship = Entity.Create <Relationship>( ); relationship.Name = "Rel1"; relationship.Cardinality_Enum = CardinalityEnum_Enumeration.ManyToMany; relationship.FromType = direction == Direction.Forward ? type : type2; relationship.ToType = direction == Direction.Forward ? type2 : type; relationship.Save( ); var targets = new List <Resource>( ); for (int i = 0; i < count; i++) { string name = "Target" + Guid.NewGuid( ); string stringVal = "StringVal" + i; int intVal = 100 + i; Resource target = Entity.Create(type2.Id).AsWritable <Resource>( ); target.SetField(stringField.Id, stringVal); target.SetField(intField.Id, intVal); target.Name = name; target.Save( ); targets.Add(target); } using (new SecurityBypassContext( )) { new AccessRuleFactory( ).AddAllowByQuery(Entity.Get <Subject>("core:everyoneRole").AsWritable <Subject>( ), type.As <SecurableEntity>( ), new [] { Permissions.Read, Permissions.Modify }, TestQueries.Entities(type.Id).ToReport( )); new AccessRuleFactory( ).AddAllowByQuery(Entity.Get <Subject>("core:everyoneRole").AsWritable <Subject>( ), type2.As <SecurableEntity>( ), new [] { Permissions.Read, Permissions.Modify }, TestQueries.Entities(type2.Id).ToReport( )); } Field lookupField = null; if (identityType.Contains("StringField")) { lookupField = stringField; } else if (identityType.Contains("IntField")) { lookupField = intField; } var identities = new List <string>( ); for (int i = 0; i < count; i++) { var target = targets[i]; string identity; if (identityType.Contains("Null")) { continue; } if (identityType == "Name") { identity = "\"" + target.Name + "\""; } else if (identityType == "Guid") { identity = "\"" + target.UpgradeId + "\""; } else if (identityType == "StringField") { identity = "\"StringVal" + i + "\""; } else if (identityType == "IntField") { identity = (100 + i).ToString( ); } else { throw new InvalidOperationException( ); } identities.Add(identity); } // Create JSON string jsonMember = "rel1"; string json = "{\"" + jsonMember + "\":[" + string.Join(", ", identities) + "]}"; // Create a mapping var mapping = CreateApiResourceMapping(new EntityRef(type.Id)); var relMapping = CreateApiRelationshipMapping(mapping, new EntityRef(relationship.Id), jsonMember, direction == Direction.Reverse); relMapping.MappedRelationshipLookupField = lookupField; relMapping.Save( ); // Fill entity IEntity entity = RunTest(json, mapping); IEntityRelationshipCollection <IEntity> value = entity.GetRelationships(relationship.Id, direction); // Assert mapping Assert.That(value, Is.Not.Null); if (identityType == "Null") { Assert.That(value, Has.Count.EqualTo(0)); } else { Assert.That(value, Has.Count.EqualTo(targets.Count)); var actual = value.Select(e => e.Id).OrderBy(id => id).ToList( ); var expected = targets.Select(e => e.Id).OrderBy(id => id).ToList( ); Assert.That(actual, Is.EquivalentTo(expected)); } }
public void Test_Filter_ActionRequiresParentModifyAccess(string parentEntityPermissions, string childEntityPermissions) { SecurityActionMenuItemFilter securityActionMenuItemFilter; UserAccount userAccount; EntityType parentEntityType; EntityType childEntityType; IEntity parentEntity; IEntity childEntity; const string viewResourceActionAlias = "console:viewResourceAction"; const string editResourceActionAlias = "console:editResourceAction"; const string deleteResourceActionAlias = "console:deleteResourceAction"; const string addRelationshipActionAlias = "console:addRelationshipAction"; const string removeRelationshipActionAlias = "console:removeRelationshipAction"; var splitParentEntityPermissions = parentEntityPermissions.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries); var splitChildEntityPermissions = childEntityPermissions.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries); userAccount = new UserAccount(); userAccount.Name = "Test user " + Guid.NewGuid(); userAccount.Save(); // parent parentEntityType = new EntityType(); parentEntityType.Inherits.Add(UserResource.UserResource_Type); parentEntityType.Save(); parentEntity = Entity.Create(new EntityRef(parentEntityType)); parentEntity.SetField("core:name", "A"); // "A" so it will match the access rule parentEntity.Save(); // related child entity childEntityType = new EntityType(); childEntityType.Inherits.Add(UserResource.UserResource_Type); childEntityType.Save(); childEntity = Entity.Create(new EntityRef(childEntityType)); childEntity.SetField("core:name", "B"); // "B" so it will match the access rule childEntity.Save(); // grant accesses // parent entity new AccessRuleFactory().AddAllowByQuery( userAccount.As <Subject>(), parentEntityType.As <SecurableEntity>(), splitParentEntityPermissions.Select(s => new EntityRef(s)), TestQueries.EntitiesWithNameA().ToReport()); // child entity new AccessRuleFactory().AddAllowByQuery( userAccount.As <Subject>(), childEntityType.As <SecurableEntity>(), splitChildEntityPermissions.Select(s => new EntityRef(s)), TestQueries.EntitiesWithNameB().ToReport()); // actions var dummyRequest = new ActionRequestExtended(); Func <ActionRequestExtended, ActionMenuItem, ActionTargetInfo> dummyHandler = (a, i) => new ActionTargetInfo(); var actions = new List <ActionMenuItemInfo>(); foreach (string menuItemAlias in new[] { viewResourceActionAlias, editResourceActionAlias, addRelationshipActionAlias, removeRelationshipActionAlias, deleteResourceActionAlias, }) { actions.Add(Entity.Get <ActionMenuItem>(menuItemAlias).ToInfo(dummyRequest, null, dummyHandler)); } actions.Add(new ActionMenuItemInfo { EntityId = childEntityType.Id, HtmlActionState = "createForm", IsNew = true }); // filter actions using (new SetUser(userAccount)) { securityActionMenuItemFilter = new SecurityActionMenuItemFilter(); securityActionMenuItemFilter.Filter(parentEntity.Id, new[] { childEntity.Id }, actions); } // checks if (splitParentEntityPermissions.Contains("core:read") && splitParentEntityPermissions.Contains("core:modify")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(addRelationshipActionAlias), "Missing add relationship resource action"); Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(removeRelationshipActionAlias), "Missing remove relationship resource action"); // child create if (splitChildEntityPermissions.Contains("core:create")) { Assert.That(actions, Has.Exactly(1).Property("HtmlActionState").EqualTo("createForm"), "Missing create resource action"); } else { Assert.That(actions, Has.None.Property("HtmlActionState").EqualTo("createForm"), "Create resource action should not be available"); } // child read if (splitChildEntityPermissions.Contains("core:read")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(viewResourceActionAlias), "Missing view resource action"); } else { Assert.That(actions, Has.None.Property("Alias").EqualTo(viewResourceActionAlias), "View resource action should not be available"); } // child modify if (splitChildEntityPermissions.Contains("core:modify")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(editResourceActionAlias), "Missing edit resource action"); } else { Assert.That(actions, Has.None.Property("Alias").EqualTo(editResourceActionAlias), "Edit resource action should not be available"); } // child delete if (splitChildEntityPermissions.Contains("core:delete")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(deleteResourceActionAlias), "Missing delete resource action"); } else { Assert.That(actions, Has.None.Property("Alias").EqualTo(deleteResourceActionAlias), "Delete resource action should not be available"); } } else if (splitParentEntityPermissions.Contains("core:read") && !splitParentEntityPermissions.Contains("core:modify")) { Assert.That(actions, Has.None.Property("Alias").EqualTo(addRelationshipActionAlias), "Add relationship action should not be available"); Assert.That(actions, Has.None.Property("Alias").EqualTo(removeRelationshipActionAlias), "Remove relationship action should not be available"); // child create Assert.That(actions, Has.None.Property("HtmlActionState").EqualTo("createForm"), "Create resource action should not be available"); // child read if (splitChildEntityPermissions.Contains("core:read")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(viewResourceActionAlias), "Missing view resource action"); } else { Assert.That(actions, Has.None.Property("Alias").EqualTo(viewResourceActionAlias), "View resource action should not be available"); } // child modify if (splitChildEntityPermissions.Contains("core:modify")) { Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(editResourceActionAlias), "Missing edit resource action"); } else { Assert.That(actions, Has.None.Property("Alias").EqualTo(editResourceActionAlias), "Edit resource action should not be available"); } // child delete Assert.That(actions, Has.None.Property("Alias").EqualTo(deleteResourceActionAlias), "Delete resource action should not be available"); } }
private void CreateScenarioImpl(string testInstanceName, Func <EntityRef[]> permissionsCallback) { // Define key and user using (new TenantAdministratorContext(TenantName)) { // Define schema type = new EntityType( ); type.Inherits.Add(UserResource.UserResource_Type); type.Name = "Test type " + Guid.NewGuid( ); type.Save( ); type2 = new EntityType( ); type2.Inherits.Add(UserResource.UserResource_Type); type2.Name = "Test type2 " + Guid.NewGuid( ); type2.Save( ); stringField = new StringField( ); stringField.Name = "Field 1"; stringField.FieldIsOnType = type; stringField.MaxLength = 50; stringField.Save( ); lookup = new Relationship( ); lookup.Cardinality_Enum = CardinalityEnum_Enumeration.OneToOne; lookup.FromType = type; lookup.ToType = type2; relationship = new Relationship( ); relationship.Cardinality_Enum = CardinalityEnum_Enumeration.ManyToMany; relationship.FromType = type; relationship.ToType = type2; // Define API mapping = new ApiResourceMapping( ); mapping.Name = "Test mapping " + Guid.NewGuid( );; mapping.MappedType = type; mapping.Save( ); fieldMapping = new ApiFieldMapping( ); fieldMapping.Name = "field1"; fieldMapping.MappedField = stringField.As <Field>( ); fieldMapping.MemberForResourceMapping = mapping; fieldMapping.Save( ); lookupMapping = new ApiRelationshipMapping( ); lookupMapping.Name = "lookup1"; lookupMapping.MappedRelationship = lookup; lookupMapping.MemberForResourceMapping = mapping; lookupMapping.Save( ); relationshipMapping = new ApiRelationshipMapping( ); relationshipMapping.Name = "rel1"; relationshipMapping.MappedRelationship = relationship; relationshipMapping.MemberForResourceMapping = mapping; relationshipMapping.Save( ); endpoint = new ApiResourceEndpoint( ); endpoint.Name = "Test endpoint " + Guid.NewGuid( );; endpoint.ApiEndpointAddress = EndpointAddress; endpoint.EndpointResourceMapping = mapping; endpoint.ApiEndpointEnabled = true; endpoint.EndpointCanCreate = true; endpoint.EndpointCanUpdate = true; endpoint.EndpointCanDelete = true; endpoint.Save( ); api = new Api( ); api.Name = "Test API " + Guid.NewGuid( );; api.ApiAddress = ApiAddress; api.ApiEnabled = true; api.ApiEndpoints.Add(endpoint.As <ApiEndpoint>( )); api.Save( ); // Define access userAccount = new UserAccount( ); userAccount.Name = "Test user " + Guid.NewGuid( ); userAccount.AccountStatus_Enum = UserAccountStatusEnum_Enumeration.Active; userAccount.Password = "******"; userAccount.Save( ); key = new ApiKey( ); key.Name = ApiKey; key.ApiKeyUserAccount = userAccount; key.ApiKeyEnabled = true; key.KeyForApis.Add(api); key.Save( ); if (testInstanceName != null) { scenarioInstance = Entity.Create(type); scenarioInstance.SetField("core:name", testInstanceName); scenarioInstance.Save( ); } foreignName = "Foreign" + Guid.NewGuid( ).ToString( ); foreignInstance = Entity.Create(type2); foreignInstance.SetField("core:name", foreignName); foreignInstance.Save( ); // Grant create var permissions = permissionsCallback( ); IAccessRuleFactory accessControlHelper = new AccessRuleFactory( ); if (permissions [0] == Permissions.Create) { accessControlHelper.AddAllowCreate(userAccount.As <Subject>( ), type.As <SecurableEntity>( )); } else if (permissions.Length > 0) { accessControlHelper.AddAllowByQuery(userAccount.As <Subject>( ), type.As <SecurableEntity>( ), permissions, TestQueries.Entities(type).ToReport( )); } accessControlHelper.AddAllowByQuery(userAccount.As <Subject>( ), type2.As <SecurableEntity>( ), new [] { Permissions.Read, Permissions.Modify }, TestQueries.Entities(type2).ToReport( )); } }
public void Setup( ) { // Getting Forbidden? Or ConnectorConfigException? // Maybe there's duplicate copies of these objects in the DB. // Define key and user using (new TenantAdministratorContext(TenantName)) { // Define schema type = new EntityType( ); type.Inherits.Add(UserResource.UserResource_Type); type.Name = "Test type " + Guid.NewGuid( ); type.Save( ); type2 = new EntityType(); type2.Inherits.Add(UserResource.UserResource_Type); type2.Name = "Test type2 " + Guid.NewGuid(); type2.Save(); stringField = new StringField( ); stringField.Name = "Field 1"; stringField.FieldIsOnType = type; stringField.Save( ); lookup = new Relationship(); lookup.Cardinality_Enum = CardinalityEnum_Enumeration.OneToOne; lookup.FromType = type; lookup.ToType = type2; // Define API mapping = new ApiResourceMapping( ); mapping.Name = "Test mapping " + Guid.NewGuid( );; mapping.MappedType = type; mapping.Save( ); lookupMapping = new ApiRelationshipMapping(); lookupMapping.Name = "lookup1"; lookupMapping.MappedRelationship = lookup; lookupMapping.MemberForResourceMapping = mapping; lookupMapping.Save(); fieldMapping = new ApiFieldMapping( ); fieldMapping.Name = "field1"; fieldMapping.MappedField = stringField.As <Field>( ); fieldMapping.MemberForResourceMapping = mapping; fieldMapping.Save( ); endpoint = new ApiResourceEndpoint( ); endpoint.Name = "Test endpoint " + Guid.NewGuid( ); endpoint.ApiEndpointAddress = EndpointAddress; endpoint.EndpointResourceMapping = mapping; endpoint.ApiEndpointEnabled = true; endpoint.EndpointCanCreate = true; endpoint.EndpointCanDelete = true; endpoint.EndpointCanUpdate = true; endpoint.Save( ); api = new Api( ); api.Name = "Test API " + Guid.NewGuid( );; api.ApiAddress = ApiAddress; api.ApiEnabled = true; api.ApiEndpoints.Add(endpoint.As <ApiEndpoint>( )); api.Save( ); // Define access userAccount = new UserAccount( ); userAccount.Name = "Test user " + Guid.NewGuid( ); userAccount.AccountStatus_Enum = UserAccountStatusEnum_Enumeration.Active; userAccount.Password = "******"; userAccount.Save( ); key = new ApiKey( ); key.Name = ApiKey; key.ApiKeyUserAccount = userAccount; key.ApiKeyEnabled = true; key.KeyForApis.Add(api); key.Save( ); updateInstance = Entity.Create(type).AsWritable <Resource>( ); updateInstance.Name = updateInstanceName = "ResourceToUpdate" + Guid.NewGuid( ); updateInstance.Description = updateInstanceDesc = "ResourceToUpdate" + Guid.NewGuid( ); updateInstance.Save( ); updateInstanceGuid = updateInstance.UpgradeId; IAccessRuleFactory accessControlHelper = new AccessRuleFactory( ); accessRule = accessControlHelper.AddAllowCreate(userAccount.As <Subject>( ), type.As <SecurableEntity>( )); accessRule = accessControlHelper.AddAllowByQuery(userAccount.As <Subject>( ), type.As <SecurableEntity>( ), new[] { Permissions.Read, Permissions.Modify, Permissions.Delete }, TestQueries.Entities(type).ToReport( )); } cleanup = new List <IEntity> { userAccount, key, api, type, mapping, endpoint, fieldMapping, stringField, accessRule, updateInstance }; }
public void Test_RelationshipInstance(string action, string fromPerms, string toPerms, Direction direction, bool saveBothEnds, bool haveFieldChanges, bool expectAllow) { if (fromPerms == "modify") { fromPerms = "read,modify"; } if (toPerms == "modify") { toPerms = "read,modify"; } // Create schema EntityType fromType = new EntityType(); fromType.Inherits.Add(UserResource.UserResource_Type); fromType.Name = Guid.NewGuid().ToString(); fromType.Save(); EntityType toType = new EntityType(); toType.Inherits.Add(UserResource.UserResource_Type); toType.Name = Guid.NewGuid().ToString(); toType.Save(); Relationship rel = new Relationship(); rel.Name = Guid.NewGuid().ToString(); rel.FromType = fromType; rel.ToType = toType; rel.Cardinality_Enum = CardinalityEnum_Enumeration.ManyToMany; rel.Save(); // Create data IEntity toInst = new Entity(toType); toInst.Save(); IEntity fromInst = new Entity(fromType); if (action != "Create") { fromInst.SetRelationships(rel, new EntityRelationshipCollection <IEntity> { toInst }); } fromInst.Save(); // Create test user UserAccount userAccount = Entity.Create <UserAccount>(); userAccount.Name = Guid.NewGuid().ToString(); userAccount.Save(); // Grant access if (!string.IsNullOrEmpty(fromPerms)) { new AccessRuleFactory().AddAllowByQuery( userAccount.As <Subject>(), fromType.As <SecurableEntity>(), fromPerms.Split(',').Select(pa => new EntityRef(pa)), TestQueries.Entities().ToReport()); } if (!string.IsNullOrEmpty(toPerms)) { new AccessRuleFactory().AddAllowByQuery( userAccount.As <Subject>(), toType.As <SecurableEntity>(), toPerms.Split(',').Select(pa => new EntityRef(pa)), TestQueries.Entities().ToReport()); } // Test bool allowed = false; try { using (new SetUser(userAccount)) { IEntity source = Entity.Get(direction == Direction.Forward ? fromInst.Id : toInst.Id); if (action != "Read") { source = source.AsWritable(); } Func <IEntity> target = () => Entity.Get(direction == Direction.Forward ? toInst.Id : fromInst.Id); IEntityRelationshipCollection <IEntity> relCol = null; switch (action) { case "Read": relCol = source.GetRelationships(rel.Id, direction); IEntity entity = relCol.FirstOrDefault(); allowed = entity != null; break; case "Create": relCol = new EntityRelationshipCollection <IEntity> { target() }; source.SetRelationships(rel, relCol); if (haveFieldChanges) { source.SetField("core:name", Guid.NewGuid().ToString()); } if (saveBothEnds) { Entity.Save(new[] { source, target() }); } else { source.Save(); } allowed = true; break; case "Remove": relCol = source.GetRelationships(rel.Id, direction); relCol.Remove(target()); source.SetRelationships(rel, relCol); if (haveFieldChanges) { source.SetField("core:name", Guid.NewGuid().ToString()); } if (saveBothEnds) { Entity.Save(new[] { source, target() }); } else { source.Save(); } allowed = true; break; case "Clear": relCol = source.GetRelationships(rel.Id, direction); relCol.Clear(); source.SetRelationships(rel, relCol); if (haveFieldChanges) { source.SetField("core:name", Guid.NewGuid().ToString()); } if (saveBothEnds) { Entity.Save(new[] { source, target() }); } else { source.Save(); } allowed = true; break; default: throw new InvalidOperationException("Unknown " + action); } } Assert.That(allowed, Is.EqualTo(expectAllow)); } catch (PlatformSecurityException) { Assert.That(false, Is.EqualTo(expectAllow)); } }
public void Test_Writeable_Related_Entity(string toPermissionAliases, bool toEntityWriteable) { var userAccount = Entity.Create <UserAccount>(); userAccount.Name = "Test user " + Guid.NewGuid(); userAccount.Save(); var fromType = new EntityType(); fromType.Inherits.Add(UserResource.UserResource_Type); fromType.Save(); var toType = new EntityType(); toType.Inherits.Add(UserResource.UserResource_Type); toType.Save(); var relationship = new Relationship { FromType = fromType, ToType = toType }; relationship.Save(); IEntity fromEntity = Entity.Create(new EntityRef(fromType)); fromEntity.SetField("core:name", "A"); fromEntity.Save(); IEntity toEntity = Entity.Create(new EntityRef(toType)); toEntity.SetField("core:name", "B"); toEntity.SetRelationships(relationship, new EntityRelationshipCollection <IEntity>() { fromEntity }, Direction.Reverse); toEntity.Save(); // Read / modify from type new AccessRuleFactory().AddAllowByQuery(userAccount.As <Subject>(), fromType.As <SecurableEntity>(), new List <EntityRef> { new EntityRef("core:read"), new EntityRef("core:modify") }, TestQueries.EntitiesWithNameA().ToReport()); if (toPermissionAliases.Length > 0) { // Access to to type new AccessRuleFactory().AddAllowByQuery(userAccount.As <Subject>(), toType.As <SecurableEntity>(), toPermissionAliases.Split(',').Select(x => new EntityRef(x)), TestQueries.EntitiesWithNameB().ToReport()); } using (new SetUser(userAccount)) { // The from entity should be able to be retrieved var fromEntityWriteable = Entity.Get <IEntity>(new EntityRef(fromEntity), true); Assert.AreEqual(fromEntity.Id, fromEntityWriteable.Id); // Check access to to entity IEntity entity = fromEntityWriteable.GetRelationships(relationship, Direction.Forward).FirstOrDefault( ); IEntity toEntityFromRel = null; if (entity != null) { toEntityFromRel = entity.Entity; } if (toPermissionAliases.Length > 0) { Assert.AreEqual(toEntity.Id, toEntityFromRel.Id); var toEntityWrite = toEntityFromRel.AsWritable(); toEntityWrite.SetField("core:description", "Test"); if (toEntityWriteable) { // Should be able to save Assert.DoesNotThrow(() => toEntityWrite.Save()); } else { // Should not be able to save Assert.That(toEntityWrite.Save, Throws.TypeOf <PlatformSecurityException>(), "Entity access is incorrect. Should notbe able to save."); } } else { // We do not have read access to the to entity so it should be null Assert.IsNull(toEntityFromRel); } } }
public void Setup( ) { // Getting Forbidden? Or ConnectorConfigException? // Maybe there's duplicate copies of these objects in the DB. UserAccount userAccount; AccessRule accessRule; Api api; // Define key and user using (new TenantAdministratorContext(TenantName)) { // Create Type type = new EntityType { Fields = { new StringField { Name = "Incident Description" }.As <Field>( ) } }; type.Inherits.Add(UserResource.UserResource_Type); type.Save( ); // Define access userAccount = new UserAccount { Name = "Test user " + Guid.NewGuid( ), AccountStatus_Enum = UserAccountStatusEnum_Enumeration.Active, Password = "******" }; userAccount.Save( ); var field = type.Fields [0]; // Create import config importConfig = new ImportConfig { Name = "Test import config " + Guid.NewGuid( ), ImportFileType_Enum = ImportFileTypeEnum_Enumeration.ImportFileTypeExcel, ImportConfigMapping = new ApiResourceMapping { MappingSourceReference = "Incident", ImportHeadingRow = 4, ImportDataRow = 5, MappedType = type, ResourceMemberMappings = { new ApiFieldMapping { Name = "A", MappedField = Resource.Name_Field.As <Field>( ), }.As <ApiMemberMapping>( ), new ApiFieldMapping { Name = "B", MappedField = field }.As <ApiMemberMapping>( ) } } }; // Create API api = new Api { Name = "Test API " + Guid.NewGuid( ), ApiAddress = ApiAddress, ApiEnabled = true, ApiEndpoints = { new ApiSpreadsheetEndpoint { Name = "Test spreadsheet endpoint " + Guid.NewGuid( ), ApiEndpointAddress = EndpointAddress, ApiEndpointEnabled = true, EndpointImportConfig = importConfig }.As <ApiEndpoint>( ) }, ApiKeys = { new ApiKey { Name = ApiKey, ApiKeyUserAccount = userAccount, ApiKeyEnabled = true } } }; api.Save( ); IAccessRuleFactory accessControlHelper = new AccessRuleFactory( ); accessRule = accessControlHelper.AddAllowCreate(userAccount.As <Subject>( ), type.As <SecurableEntity>( )); //accessRule2 = accessControlHelper.AddAllowByQuery( userAccount.As<Subject>( ), type.As<SecurableEntity>( ), new [ ] { Permissions.Read, Permissions.Modify }, TestQueries.Entities( type ).ToReport( ) ); IEntity apiKey = api.ApiKeys? [0]; cleanup = new List <IEntity> { userAccount, api, type, accessRule, importConfig, apiKey }; } }
public void Test_ChangeAccessRuleForPermissions() { UserAccount userAccount; EntityType entityType; IEntity entity; EntityRef entityRef; AccessRule accessRule; IEntityAccessControlService entityAccessControlService; Permission readPermission; Permission modifyPermission; using (var ctx = DatabaseContext.GetContext(true, preventPostSaveActionsPropagating: true)) using (new SecurityBypassContext()) { userAccount = new UserAccount(); userAccount.Name = Guid.NewGuid().ToString(); userAccount.Save(); entityType = new EntityType(); entityType.Inherits.Add(UserResource.UserResource_Type); entityType.Save(); entity = Entity.Create(entityType); entity.Save(); entityRef = new EntityRef(entity); entityAccessControlService = Factory.EntityAccessControlService; ctx.CommitTransaction(); } using (new SetUser(userAccount)) { Assert.That(entityAccessControlService.Check(entityRef, new[] { Permissions.Read }), Is.False, "User can somehow initially read entities (!?)"); Assert.That(entityAccessControlService.Check(entityRef, new[] { Permissions.Modify }), Is.False, "User can somehow initially write entities (!?)"); } using (var ctx = DatabaseContext.GetContext(true, preventPostSaveActionsPropagating: true)) using (new SecurityBypassContext()) { accessRule = new AccessRuleFactory().AddAllowByQuery( userAccount.As <Subject>(), entityType.As <SecurableEntity>(), new[] { Permissions.Read, Permissions.Modify }, TestQueries.Entities(entityType).ToReport()); ctx.CommitTransaction(); } readPermission = Entity.Get <Permission>(Permissions.Read, true); modifyPermission = Entity.Get <Permission>(Permissions.Modify, true); using (new SetUser(userAccount)) { Assert.That(entityAccessControlService.Check(entityRef, new[] { Permissions.Read }), Is.True, "User cannot read entity after access rule creation"); Assert.That(entityAccessControlService.Check(entityRef, new[] { Permissions.Modify }), Is.True, "User cannot modify entity after access rule creation"); } using (var ctx = DatabaseContext.GetContext(true, preventPostSaveActionsPropagating: true)) { modifyPermission.PermissionAccessBy.Remove(accessRule); modifyPermission.Save(); ctx.CommitTransaction(); } using (new SetUser(userAccount)) { Assert.That(entityAccessControlService.Check(entityRef, new[] { Permissions.Read }), Is.True, "User cannot read entity after removing modify access"); Assert.That(entityAccessControlService.Check(entityRef, new[] { Permissions.Modify }), Is.False, "User can modify entity after removing modify access"); } using (var ctx = DatabaseContext.GetContext(true, preventPostSaveActionsPropagating: true)) { readPermission.PermissionAccessBy.Remove(accessRule); readPermission.Save(); ctx.CommitTransaction(); } using (new SetUser(userAccount)) { Assert.That(entityAccessControlService.Check(entityRef, new[] { Permissions.Read }), Is.False, "User can read entity after removing read access"); Assert.That(entityAccessControlService.Check(entityRef, new[] { Permissions.Modify }), Is.False, "User can modify entity after removing read access"); } using (var ctx = DatabaseContext.GetContext(true, preventPostSaveActionsPropagating: true)) { readPermission.PermissionAccessBy.Add(accessRule); readPermission.Save(); ctx.CommitTransaction(); } using (new SetUser(userAccount)) { Assert.That(entityAccessControlService.Check(entityRef, new[] { Permissions.Read }), Is.True, "User cannot read entity after re-adding read access"); Assert.That(entityAccessControlService.Check(entityRef, new[] { Permissions.Modify }), Is.False, "User can modify entity after re-adding read access"); } }
public void Test_Lookup_NotFound( ) { // Create schema EntityType type = Entity.Create <EntityType>( ); type.Name = "Test Type"; type.Inherits.Add(Entity.Get <EntityType>("core:resource")); type.Save( ); EntityType type2 = Entity.Create <EntityType>( ); type2.Name = "Test Type2"; type.Inherits.Add(Entity.Get <EntityType>("core:resource")); type2.Save( ); Relationship relationship = Entity.Create <Relationship>( ); relationship.Name = "Rel1"; relationship.Cardinality_Enum = CardinalityEnum_Enumeration.OneToOne; relationship.FromType = type; relationship.ToType = type2; relationship.Save( ); using (new SecurityBypassContext( )) { new AccessRuleFactory( ).AddAllowByQuery(Entity.Get <Subject>("core:everyoneRole").AsWritable <Subject>( ), type.As <SecurableEntity>( ), new [] { Permissions.Read, Permissions.Modify }, TestQueries.Entities(type.Id).ToReport( )); new AccessRuleFactory( ).AddAllowByQuery(Entity.Get <Subject>("core:everyoneRole").AsWritable <Subject>( ), type2.As <SecurableEntity>( ), new [] { Permissions.Read, Permissions.Modify }, TestQueries.Entities(type2.Id).ToReport( )); } string identity = "I dont exist"; // Create JSON string jsonMember = "rel1"; string json = "{\"" + jsonMember + "\":\"" + identity + "\"}"; // Create a mapping var mapping = CreateApiResourceMapping(new EntityRef(type.Id)); CreateApiRelationshipMapping(mapping, new EntityRef(relationship.Id), jsonMember, false); // Attempt to fill entity Assert.Throws <ConnectorRequestException>(() => RunTest(json, mapping), "E1003 No resources were found that matched 'I dont exist'."); }
public void Test_Lookup(Direction direction, string identityType) { string name = "Target" + Guid.NewGuid(); // Create schema EntityType type = Entity.Create <EntityType>( ); type.Name = "Test Type"; type.Inherits.Add(Entity.Get <EntityType>("core:resource")); type.Save( ); Field stringField = new StringField( ).As <Field>( ); Field intField = new IntField( ).As <Field>( ); EntityType type2 = Entity.Create <EntityType>( ); type2.Fields.Add(stringField); type2.Fields.Add(intField); type2.Name = "Test Type2"; type.Inherits.Add(Entity.Get <EntityType>("core:resource")); type2.Save( ); Relationship relationship = Entity.Create <Relationship>( ); relationship.Name = "Rel1"; relationship.Cardinality_Enum = CardinalityEnum_Enumeration.OneToOne; relationship.FromType = direction == Direction.Forward ? type : type2; relationship.ToType = direction == Direction.Forward ? type2 : type; relationship.Save( ); Resource target = Entity.Create(type2.Id).AsWritable <Resource>(); target.Name = name; target.SetField(stringField.Id, "StringVal"); target.SetField(intField.Id, 101); target.Save( ); using (new SecurityBypassContext( )) { new AccessRuleFactory( ).AddAllowByQuery(Entity.Get <Subject>("core:everyoneRole").AsWritable <Subject>( ), type.As <SecurableEntity>( ), new [] { Permissions.Read, Permissions.Modify }, TestQueries.Entities(type.Id).ToReport( )); new AccessRuleFactory( ).AddAllowByQuery(Entity.Get <Subject>("core:everyoneRole").AsWritable <Subject>( ), type2.As <SecurableEntity>( ), new [] { Permissions.Read, Permissions.Modify }, TestQueries.Entities(type2.Id).ToReport( )); } Field lookupField = null; string identity; if (identityType == "Name") { identity = "\"" + name + "\""; } else if (identityType == "Guid") { identity = "\"" + target.UpgradeId.ToString() + "\""; } else if (identityType.Contains("Null")) { identity = "null"; } else if (identityType == "StringField") { identity = "\"StringVal\""; } else if (identityType == "IntField") { identity = "101"; } else { throw new InvalidOperationException(); } if (identityType.Contains("StringField")) { lookupField = stringField; } else if (identityType.Contains("IntField")) { lookupField = intField; } // Create JSON string jsonMember = "rel1"; string json = "{\"" + jsonMember + "\":" + identity + "}"; // Create a mapping var mapping = CreateApiResourceMapping(new EntityRef(type.Id)); var relMapping = CreateApiRelationshipMapping(mapping, new EntityRef(relationship.Id), jsonMember, direction == Direction.Reverse); relMapping.MappedRelationshipLookupField = lookupField; relMapping.Save( ); // Fill entity IEntity entity = RunTest(json, mapping); IEntityRelationshipCollection <IEntity> value = entity.GetRelationships(relationship.Id, direction); // Assert mapping Assert.That(value, Is.Not.Null); if (identityType.Contains("Null")) { Assert.That(value, Has.Count.EqualTo(0)); } else { Assert.That(value, Has.Count.EqualTo(1)); Assert.That(value.First( ).Id, Is.EqualTo(target.Id)); } }
public void Test_GetImplicitRelated(string instructions, bool expectReturned) { if (_runner == "EntityInfoService") { Assert.Ignore(); } bool securesTo = instructions.Contains("securesTo"); bool securesFrom = instructions.Contains("securesFrom"); bool isReverse = instructions.Contains("reverse"); UserAccount userAccount; EntityType entityType; Relationship relationship; IEntity entity; IEntity relatedEntity; // Create user userAccount = Entity.Create <UserAccount>(); userAccount.Name = "Test user " + Guid.NewGuid(); userAccount.Save(); // Create type (used for both ends) entityType = new EntityType(); entityType.Inherits.Add(UserResource.UserResource_Type); entityType.Save(); // Create relationship relationship = new Relationship(); relationship.Cardinality_Enum = CardinalityEnum_Enumeration.ManyToMany; relationship.FromType = entityType; relationship.ToType = entityType; relationship.SecuresTo = securesTo; relationship.SecuresFrom = securesFrom; relationship.Save(); // Create related entity (the one that may or may not be visible) relatedEntity = Entity.Create(new EntityRef(entityType)); relatedEntity.SetField("core:name", "B"); // "B" so it does not match the access rule relatedEntity.Save(); // Create initial entity (the one that will be explicitly granted permissions, and queried) entity = Entity.Create(new EntityRef(entityType)); entity.SetField("core:name", "A"); // "A" so it will match the access rule var relInstances = entity.GetRelationships(relationship.Id, isReverse ? Direction.Reverse : Direction.Forward); relInstances.Add(relatedEntity); entity.SetRelationships(relationship.Id, relInstances, isReverse ? Direction.Reverse : Direction.Forward); entity.Save(); // Grant access to initial entity new AccessRuleFactory().AddAllowReadQuery(userAccount.As <Subject>(), entityType.As <SecurableEntity>(), TestQueries.EntitiesWithNameA().ToReport()); // Build request string query = string.Format("name,{0}#{1}.name", isReverse ? "-" : "", relationship.Id); EntityMemberRequest request = EntityRequestHelper.BuildRequest(query); var svc = GetService(); // Run request EntityData result; using (new SetUser(userAccount)) { result = svc.GetEntityData(new EntityRef(entity.Id), request); } // Check results Assert.That(result, Is.Not.Null); Assert.That(result.Relationships, Has.Exactly(1).Not.Null); if (expectReturned) { Assert.That(result.Relationships[0].Instances, Has.Exactly(1).Not.Null); Assert.That(result.Relationships[0].Instances[0].Entity.Id.Id, Is.EqualTo(relatedEntity.Id)); } else { Assert.That(result.Relationships[0].Instances, Is.Empty); } }