public void Operation_Deny_Direct_To_User() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); ISecurityItem operation1 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation1"); ISecurityItem operation2 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation2"); ISecurityItem task = engine.Store.AddSecurityItem().AddBagItem(Name, "Task"); task.Children.Add(operation1); task.Children.Add(operation2); ISecurityItem hasNoAccessFromUserOperation = engine.Store.AddSecurityItem().AddBagItem(Name, "HasNoAccessFromUserOperation"); ISecurityIdentity user = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user"); engine.Store.AccessAuthorize(user, task); engine.Store.AccessAuthorize(user, operation1).Deny(); ICheckAccessResult operation1AccessResult = engine.CheckAccess(user, operation1); ICheckAccessResult operation2AccessResult = engine.CheckAccess(user, operation2); ICheckAccessResult taskAccessResult = engine.CheckAccess(user, task); ICheckAccessResult hasNoAccessFromUserOperationAccessResult = engine.CheckAccess(user, hasNoAccessFromUserOperation); Assert.False(operation1AccessResult.HasAccess()); Assert.True(operation2AccessResult.HasAccess()); Assert.True(taskAccessResult.HasAccess()); Assert.False(hasNoAccessFromUserOperationAccessResult.HasAccess()); }
public void Operation_Access_Operation_Direct_To_User() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); ISecurityItem operation = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation"); ISecurityItem hasNoAccessFromUserOperation = engine.Store.AddSecurityItem().AddBagItem(Name, "HasNoAccessFromUserOperation"); ISecurityIdentity user = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user"); engine.Store.AccessAuthorize(user, operation); ICheckAccessResult operationAccessResult = engine.CheckAccess(user, operation); ICheckAccessResult hasNoAccessFromUserOperationAccessResult = engine.CheckAccess(user, hasNoAccessFromUserOperation); Assert.True(operationAccessResult.HasAccess()); Assert.False(hasNoAccessFromUserOperationAccessResult.HasAccess()); }
public void Operation_Access_To_Group() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); ISecurityItem operation = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation"); ISecurityIdentity user1 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user1"); ISecurityIdentity user2 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user2"); ISecurityIdentity adminGroup = engine.Store.AddSecurityIdentity().AddBagItem(Name, "adminGroup"); adminGroup.Children.Add(user1); engine.Store.AccessAuthorize(adminGroup, operation); ICheckAccessResult user1AccessResult = engine.CheckAccess(user1, operation); ICheckAccessResult user2AccessResult = engine.CheckAccess(user2, operation); Assert.True(user1AccessResult.HasAccess()); Assert.False(user2AccessResult.HasAccess()); }
public ICheckAccessResult CheckAccess(ISecurityItem securityItem) { ICheckAccessResult checkAccessResult = OnlyCheckAccessSelf(securityItem); if (checkAccessResult.AccessType == AccessType.Deny) return checkAccessResult; IList<ICheckAccessResult> allowedParentCheckAccessResults = new List<ICheckAccessResult>(); foreach (ISecurityIdentity parent in _securityIdentity.Parents) { ISecurityIdentityAuthorizer securityIdentityAuthorizer = _securityIdentityAuthorizerFactory.CreateCache(parent); ICheckAccessResult parentCheckAccessResult = securityIdentityAuthorizer.CheckAccess(securityItem); if (parentCheckAccessResult.AccessType == AccessType.Deny) return parentCheckAccessResult; if (parentCheckAccessResult.AccessType == AccessType.Allow) allowedParentCheckAccessResults.Add(parentCheckAccessResult); } if (checkAccessResult.AccessType == AccessType.Allow) return checkAccessResult; if (allowedParentCheckAccessResults.Count>0) return new CheckAccessResult(AccessType.Allow, allowedParentCheckAccessResults.SelectMany(r => r.AffectedAuthorizations)); return new CheckAccessResult(AccessType.Neutral,Enumerable.Empty<IAccessAuthorization>()); }
public static bool HasAccess(this ICheckAccessResult checkAccessResult) { return(checkAccessResult.AccessType == AccessType.Allow); }