public void AuthorizeCore_GivenUnauthorisedUser_UnauthorisedViewShouldBeReturned()
{
const string userName = "******";
A.CallTo(() => _userPrincipalProvider.CurrentUserName).Returns(userName);
A.CallTo(() => _windowsTokenRoleProviderWrapper.IsUserInRole(userName, GroupName)).Returns(false);
_authoriseMcaUsersAttribute.OnAuthorization(_authorisationContext);
var result = _authorisationContext.Result as ViewResult;
result.ViewName.Should().BeSameAs(MVC.Shared.Views.Unauthorised);
}
public void AuthorizeCore_GivenPrincipalIsNotAMemberOfSpecifiedGroup_AuthorisationShouldFail()
{
const string groups = "group";
_authorizeActiveDirectoryAttribute.Groups = groups;
const string userName = "******";
A.CallTo(() => _userPrincipalProvider.CurrentUserName).Returns(userName);
A.CallTo(() => _windowsTokenRoleProviderWrapper.IsUserInRole(userName, groups)).Returns(false);
_authorizeActiveDirectoryAttribute.Invoking(x => x.OnAuthorization(_authorisationContext))
.ShouldThrow <HttpException>()
.Where(x => x.GetHttpCode() == 403);
}
public bool CurrentUserInAdministratorRole()
{
var role = _configurationManagerWrapper.AppSettings[ApplicationSettingConstants.McaAdministratorsActiveDirectoryGroup];
if (string.IsNullOrWhiteSpace(role))
{
throw new ConfigurationErrorsException();
}
return(_windowsTokenRoleProviderWrapper.IsUserInRole(_userPrincipalProvider.CurrentUserName, role));
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (!base.AuthorizeCore(httpContext))
{
return(false);
}
if (String.IsNullOrEmpty(_groups))
{
return(true);
}
var groups = _groups.Split(',').ToList();
return(groups.Any(@group => _windowsTokenRoleProviderWrapper.IsUserInRole(_userPrincipalProvider.CurrentUserName, @group)));
}
public void UserInAdministratorRole_GivenUserIsInRole_TrueShouldBeReturned()
{
A.CallTo(() => _windowsTokenRoleProviderWrapper.IsUserInRole(_username, _administratorsgroup)).Returns(true);
_userRoleProvider.CurrentUserInAdministratorRole().Should().BeTrue();
}