public ActionResult GetHeaderNavigation()
{
// TODO: It is a temporary solution for custom header in manager's pages
// Correct it when there is more than one custom header in views
string requestedController = HttpContext.Request.RequestContext.RouteData.Values["controller"].ToString();
if (string.Compare(requestedController, "Manager") == 0)
{
return(PartialView("Manager/_CustomManagerNavigation"));
}
var multiplePartialViewResult = new MultiplePartialViewResult();
var roleComparer = new RoleComparer(new Dictionary <RoleType, int>
{
{ RoleType.ScrumMaster, 1 },
{ RoleType.Mentor, 2 }
});
var userRoles = CurrentUser.GetUserRoles().OrderBy(r => r, roleComparer);
foreach (var role in userRoles)
{
multiplePartialViewResult.PartialViews.Add(PartialView($"{role}/_HeaderNavigation"));
}
return(multiplePartialViewResult);
}
public void RoleComparer_ComparedCorrectly()
{
var exceptedResult = new List <RoleType>
{
RoleType.HR,
RoleType.Manager,
RoleType.ScrumMaster,
RoleType.Mentor
};
var testData = new List <RoleType>
{
RoleType.ScrumMaster,
RoleType.Mentor,
RoleType.Manager,
RoleType.HR
};
var roleComparer = new RoleComparer(new Dictionary <RoleType, int>
{
{ RoleType.ScrumMaster, 3 },
{ RoleType.Mentor, 4 },
{ RoleType.Manager, 2 },
{ RoleType.HR, 1 }
});
var actualResult = testData.OrderBy(r => r, roleComparer).ToList();
for (int i = 0; i < exceptedResult.Count; i++)
{
Assert.AreEqual(exceptedResult[i], actualResult[i], "Sequence is not sorted");
}
}
private async Task <IList <RoleType> > GetSortedUserRoles(int userId)
{
var userRoles = await GetUserRoles(userId);
var roleComparer = new RoleComparer(new Dictionary <RoleType, int>
{
{ RoleType.Mentor, 1 },
{ RoleType.ScrumMaster, 2 }
});
return(userRoles.OrderBy(r => r, roleComparer).ToList());
}
public RolesControllerFixture()
{
_sutBuilder = new RolesControllerBuilder();
_resourceStore =
new ResourceStoreBuilder()
.WithDefaultResources()
.Build();
_roleStore =
new RoleStoreBuilder(_resourceStore)
.WithDefaultRoles()
.Build();
_sut = new RolesController(_roleStore, _resourceStore);
_permissionComparer = new PermissionComparer();
_roleComparer = new RoleComparer(_permissionComparer);
}
public async Task <bool> IsResourceAuthorizedAsync(string resourceName)
{
// we need to check if this resource is protected
if (string.IsNullOrEmpty(resourceName))
{
throw new InternalError("Missing resource name");
}
if (IsBackDoorWideOpen())
{
return(true);
}
if (YetaWFManager.IsDemo || Manager.IsDemoUser)
{
return(true);
}
// check if this is the superuser
if (Manager.HasSuperUserRole)
{
return(true);
}
using (AuthorizationDataProvider authDP = new AuthorizationDataProvider()) {
Authorization auth = await authDP.GetItemAsync(resourceName);
if (auth == null)
{
Logging.AddLog("Resource {0} doesn't exist", resourceName);
#if DEBUG
throw new InternalError("Resource {0} doesn't exist", resourceName);
#else
return(false);// not authorized, there is no such resource
#endif
}
RoleComparer roleComp = new RoleComparer();
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
if (!Manager.HaveUser)
{
// check if anonymous user allowed
if (auth.AllowedRoles.Contains(new Role {
RoleId = roleDP.GetAnonymousRoleId()
}, roleComp))
{
return(true);
}
return(false);
}
// authenticated user
// check if any authenticated user allowed
if (auth.AllowedRoles.Contains(new Role {
RoleId = roleDP.GetUserRoleId()
}, roleComp))
{
return(true);
}
}
string userName = Manager.UserName;
UserDefinition user = (UserDefinition)Manager.UserObject;// get the saved user
if (user == null)
{
throw new InternalError("UserObject missing for authenticated user");
}
// check if this user is allowed
if (auth.AllowedUsers.Contains(new User {
UserId = user.UserId
}, new UserComparer()))
{
return(true);
}
// check if this user is in a permitted role
foreach (Role loginRole in user.RolesList)
{
if (auth.AllowedRoles.Contains(new Role {
RoleId = loginRole.RoleId
}, roleComp))
{
return(true);
}
}
} // simply not authorized
return(false);
}
