public void Operation_Deny_Direct_To_User() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); ISecurityItem operation1 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation1"); ISecurityItem operation2 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation2"); ISecurityItem task = engine.Store.AddSecurityItem().AddBagItem(Name, "Task"); task.Children.Add(operation1); task.Children.Add(operation2); ISecurityItem hasNoAccessFromUserOperation = engine.Store.AddSecurityItem().AddBagItem(Name, "HasNoAccessFromUserOperation"); ISecurityIdentity user = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user"); engine.Store.AccessAuthorize(user, task); engine.Store.AccessAuthorize(user, operation1).Deny(); ICheckAccessResult operation1AccessResult = engine.CheckAccess(user, operation1); ICheckAccessResult operation2AccessResult = engine.CheckAccess(user, operation2); ICheckAccessResult taskAccessResult = engine.CheckAccess(user, task); ICheckAccessResult hasNoAccessFromUserOperationAccessResult = engine.CheckAccess(user, hasNoAccessFromUserOperation); Assert.False(operation1AccessResult.HasAccess()); Assert.True(operation2AccessResult.HasAccess()); Assert.True(taskAccessResult.HasAccess()); Assert.False(hasNoAccessFromUserOperationAccessResult.HasAccess()); }
internal static void SaveToken(ISecurityIdentity identity) { if (userTokens[identity.UserName] == null) { userTokens.Add(identity.UserName, identity.Token); } }
private void ParentsChanged(object sender, NotifyCollectionChangedEventArgs e) { if (e.Action == NotifyCollectionChangedAction.Add) { ISecurityIdentity parent = (ISecurityIdentity)e.NewItems[0]; parent.Children.Add(this); _store.OnSecurityIdentityRelationAdded(parent, this); } if (e.Action == NotifyCollectionChangedAction.Remove) { ISecurityIdentity parent = (ISecurityIdentity)e.OldItems[0]; parent.Children.Remove(this); _store.OnSecurityIdentityRelationRemoved(parent, this); } if (e.Action == NotifyCollectionChangedAction.Reset) { foreach (ISecurityIdentity parent in e.OldItems) { parent.Children.Remove(this); _store.OnSecurityIdentityRelationRemoved(parent, this); } } }
public void OnSecurityIdentityRelationRemoved(ISecurityIdentity parent, ISecurityIdentity child) { if (_ignoreEvents) { return; } AddNewAction(StorageActionType.Remove, new StorageSecurityIdentityRelation(parent.Id, child.Id)); }
public void OnSecurityIdentityRemoved(ISecurityIdentity securityIdentity) { if (_ignoreEvents) { return; } AddNewAction(StorageActionType.Remove, new StorageSecurityIdentity(securityIdentity.Id)); }
public IEnumerable <IAuthorization> GetSecurityIdentityAuthorizations(ISecurityIdentity securityIdentity) { if (_securityIdentityAuthorizations.TryGetValue(securityIdentity, out HashSet <IAuthorization> authorizations)) { return(authorizations); } return(Enumerable.Empty <IAuthorization>()); }
// TODO: Here is where you would validate the username and password. private static bool CheckPassword(string username, string password) { bool succeded = false; if (HttpContext.Current.User != null) { ISecurityIdentity identity = (ISecurityIdentity)HttpContext.Current.User; //succeded = (username == identity.UserName && password == identity.Token); succeded = userTokens[username] == password; } return(succeded); }
public ISecurityIdentityAuthorizer CreateCache(ISecurityIdentity securityIdentity) { lock (this) { if (!_securityIdentitiesCache.TryGetValue(securityIdentity, out ISecurityIdentityAuthorizer result)) { result = new SecurityIdentityAuthorizer(securityIdentity, this, this); _securityIdentitiesCache[securityIdentity] = result; } return(result); } }
private static IEnumerable <ISecurityIdentity> InternalGetAllAncestors(this ISecurityIdentity securityIdentity) { foreach (ISecurityIdentity securityIdentityParent in securityIdentity.Parents) { yield return(securityIdentityParent); foreach (ISecurityIdentity parentOfParent in securityIdentityParent.InternalGetAllAncestors()) { yield return(parentOfParent); } } }
public void Add_SecurityIdentity_Bag() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); TestSecurityStorage securityStorage = new TestSecurityStorage(); engine.Store.AttachToStorage(securityStorage); ISecurityIdentity securityIdentity = engine.Store.AddSecurityIdentity("AC2ECB1E-AFE1-46EA-B9A7-F1593E2C92C6"); securityIdentity.Bag["Name"] = "Test"; Assert.Contains("AC2ECB1E-AFE1-46EA-B9A7-F1593E2C92C6", securityStorage.StorageEntities.Keys); }
public void Add_SecurityIdentity_Relation() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); TestSecurityStorage securityStorage = new TestSecurityStorage(); engine.Store.AttachToStorage(securityStorage); ISecurityIdentity parentSecurityIdentity = engine.Store.AddSecurityIdentity("77A018B1-EC20-41F1-951D-549193486D4B"); ISecurityIdentity childSecurityIdentity = engine.Store.AddSecurityIdentity("4B64042A-B5DE-4BDF-8A5D-60112F65275B"); parentSecurityIdentity.Children.Add(childSecurityIdentity); Assert.Contains("77A018B1-EC20-41F1-951D-549193486D4B_4B64042A-B5DE-4BDF-8A5D-60112F65275B", securityStorage.StorageEntities.Keys); }
public void Operation_Access_Operation_Direct_To_User() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); ISecurityItem operation = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation"); ISecurityItem hasNoAccessFromUserOperation = engine.Store.AddSecurityItem().AddBagItem(Name, "HasNoAccessFromUserOperation"); ISecurityIdentity user = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user"); engine.Store.AccessAuthorize(user, operation); ICheckAccessResult operationAccessResult = engine.CheckAccess(user, operation); ICheckAccessResult hasNoAccessFromUserOperationAccessResult = engine.CheckAccess(user, hasNoAccessFromUserOperation); Assert.True(operationAccessResult.HasAccess()); Assert.False(hasNoAccessFromUserOperationAccessResult.HasAccess()); }
public void Engine_Instantiate() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); ISecurityItem operation1 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation1"); ISecurityItem operation2 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation2"); ISecurityItem task = engine.Store.AddSecurityItem().AddBagItem(Name, "Task"); task.Children.Add(operation1); task.Children.Add(operation2); ISecurityIdentity user1 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user1"); ISecurityIdentity user2 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user2"); ISecurityIdentity group = engine.Store.AddSecurityIdentity().AddBagItem(Name, "group"); group.Children.Add(user1); group.Children.Add(user2); IAccessAuthorization user1ToOperationAccessAuthorization = engine.Store.AccessAuthorize(user1, operation1); }
public void Operation_Access_To_Group() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); ISecurityItem operation = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation"); ISecurityIdentity user1 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user1"); ISecurityIdentity user2 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user2"); ISecurityIdentity adminGroup = engine.Store.AddSecurityIdentity().AddBagItem(Name, "adminGroup"); adminGroup.Children.Add(user1); engine.Store.AccessAuthorize(adminGroup, operation); ICheckAccessResult user1AccessResult = engine.CheckAccess(user1, operation); ICheckAccessResult user2AccessResult = engine.CheckAccess(user2, operation); Assert.True(user1AccessResult.HasAccess()); Assert.False(user2AccessResult.HasAccess()); }
private void ChildrenChanged(object sender, NotifyCollectionChangedEventArgs e) { if (e.Action == NotifyCollectionChangedAction.Add) { ISecurityIdentity child = (ISecurityIdentity)e.NewItems[0]; child.Parents.Add(this); } if (e.Action == NotifyCollectionChangedAction.Remove) { ISecurityIdentity child = (ISecurityIdentity)e.OldItems[0]; child.Parents.Remove(this); } if (e.Action == NotifyCollectionChangedAction.Reset) { foreach (ISecurityIdentity child in e.OldItems) { child.Parents.Remove(this); } } }
public IConditionResult GetConditions(ISecurityIdentity securityIdentity, ISecurityItem securityItem) { ISecurityIdentityAuthorizer securityIdentityAuthorizer = CreateCache(securityIdentity); return(securityIdentityAuthorizer.GetConditions(securityItem)); }
public ICheckAccessResult CheckAccess(ISecurityIdentity securityIdentity, ISecurityItem securityItem) { ISecurityIdentityAuthorizer securityIdentityAuthorizer = CreateCache(securityIdentity); return(securityIdentityAuthorizer.CheckAccess(securityItem)); }
public void OnSecurityIdentityRelationRemoved(ISecurityIdentity parent, ISecurityIdentity child) { _storageSynchronizer?.OnSecurityIdentityRelationRemoved(parent, child); }
public SecurityIdentityAuthorizer(ISecurityIdentity securityIdentity, ISecurityIdentityAuthorizerFactory securityIdentityAuthorizerFactory, ISecurityItemAuthorizationsResolverFactory securityItemAuthorizationsResolverFactory) { _securityIdentity = securityIdentity; _securityIdentityAuthorizerFactory = securityIdentityAuthorizerFactory; _securityItemAuthorizationsResolverFactory = securityItemAuthorizationsResolverFactory; }
private void OnSecurityIdentityRemoved(ISecurityIdentity securityIdentity) { _storageSynchronizer?.OnSecurityIdentityRemoved(securityIdentity); }
public static IEnumerable <ISecurityIdentity> GetAllAncestors(this ISecurityIdentity securityIdentity) { return(InternalGetAllAncestors(securityIdentity).Distinct()); }
public static IConditionalAuthorization ConditionalAuthorize(this ISecurityStore store, ISecurityIdentity securityIdentity, ISecurityItem securityItem, string id = null) { if (string.IsNullOrEmpty(id)) { id = Guid.NewGuid().ToString(); } SecurityStore securityStore = (SecurityStore)store; ConditionalAuthorization conditionalAuthorization = new ConditionalAuthorization((SecurityStore)store, id) { SecurityIdentity = securityIdentity, SecurityItem = securityItem }; securityStore.Authorizations.Add(conditionalAuthorization); return(conditionalAuthorization); }