public void Test_Filter_ActionRequiresParentModifyAccess(string parentEntityPermissions, string childEntityPermissions)
{
SecurityActionMenuItemFilter securityActionMenuItemFilter;
UserAccount userAccount;
EntityType parentEntityType;
EntityType childEntityType;
IEntity parentEntity;
IEntity childEntity;
const string viewResourceActionAlias = "console:viewResourceAction";
const string editResourceActionAlias = "console:editResourceAction";
const string deleteResourceActionAlias = "console:deleteResourceAction";
const string addRelationshipActionAlias = "console:addRelationshipAction";
const string removeRelationshipActionAlias = "console:removeRelationshipAction";
var splitParentEntityPermissions = parentEntityPermissions.Split(new[] { ',' },
StringSplitOptions.RemoveEmptyEntries);
var splitChildEntityPermissions = childEntityPermissions.Split(new[] { ',' },
StringSplitOptions.RemoveEmptyEntries);
userAccount = new UserAccount();
userAccount.Name = "Test user " + Guid.NewGuid();
userAccount.Save();
// parent
parentEntityType = new EntityType();
parentEntityType.Inherits.Add(UserResource.UserResource_Type);
parentEntityType.Save();
parentEntity = Entity.Create(new EntityRef(parentEntityType));
parentEntity.SetField("core:name", "A"); // "A" so it will match the access rule
parentEntity.Save();
// related child entity
childEntityType = new EntityType();
childEntityType.Inherits.Add(UserResource.UserResource_Type);
childEntityType.Save();
childEntity = Entity.Create(new EntityRef(childEntityType));
childEntity.SetField("core:name", "B"); // "B" so it will match the access rule
childEntity.Save();
// grant accesses
// parent entity
new AccessRuleFactory().AddAllowByQuery(
userAccount.As <Subject>(),
parentEntityType.As <SecurableEntity>(),
splitParentEntityPermissions.Select(s => new EntityRef(s)),
TestQueries.EntitiesWithNameA().ToReport());
// child entity
new AccessRuleFactory().AddAllowByQuery(
userAccount.As <Subject>(),
childEntityType.As <SecurableEntity>(),
splitChildEntityPermissions.Select(s => new EntityRef(s)),
TestQueries.EntitiesWithNameB().ToReport());
// actions
var dummyRequest = new ActionRequestExtended();
Func <ActionRequestExtended, ActionMenuItem, ActionTargetInfo> dummyHandler = (a, i) => new ActionTargetInfo();
var actions = new List <ActionMenuItemInfo>();
foreach (string menuItemAlias in new[]
{
viewResourceActionAlias,
editResourceActionAlias,
addRelationshipActionAlias,
removeRelationshipActionAlias,
deleteResourceActionAlias,
})
{
actions.Add(Entity.Get <ActionMenuItem>(menuItemAlias).ToInfo(dummyRequest, null, dummyHandler));
}
actions.Add(new ActionMenuItemInfo
{
EntityId = childEntityType.Id,
HtmlActionState = "createForm",
IsNew = true
});
// filter actions
using (new SetUser(userAccount))
{
securityActionMenuItemFilter = new SecurityActionMenuItemFilter();
securityActionMenuItemFilter.Filter(parentEntity.Id, new[] { childEntity.Id }, actions);
}
// checks
if (splitParentEntityPermissions.Contains("core:read") && splitParentEntityPermissions.Contains("core:modify"))
{
Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(addRelationshipActionAlias), "Missing add relationship resource action");
Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(removeRelationshipActionAlias), "Missing remove relationship resource action");
// child create
if (splitChildEntityPermissions.Contains("core:create"))
{
Assert.That(actions, Has.Exactly(1).Property("HtmlActionState").EqualTo("createForm"), "Missing create resource action");
}
else
{
Assert.That(actions, Has.None.Property("HtmlActionState").EqualTo("createForm"), "Create resource action should not be available");
}
// child read
if (splitChildEntityPermissions.Contains("core:read"))
{
Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(viewResourceActionAlias), "Missing view resource action");
}
else
{
Assert.That(actions, Has.None.Property("Alias").EqualTo(viewResourceActionAlias), "View resource action should not be available");
}
// child modify
if (splitChildEntityPermissions.Contains("core:modify"))
{
Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(editResourceActionAlias), "Missing edit resource action");
}
else
{
Assert.That(actions, Has.None.Property("Alias").EqualTo(editResourceActionAlias), "Edit resource action should not be available");
}
// child delete
if (splitChildEntityPermissions.Contains("core:delete"))
{
Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(deleteResourceActionAlias), "Missing delete resource action");
}
else
{
Assert.That(actions, Has.None.Property("Alias").EqualTo(deleteResourceActionAlias), "Delete resource action should not be available");
}
}
else if (splitParentEntityPermissions.Contains("core:read") && !splitParentEntityPermissions.Contains("core:modify"))
{
Assert.That(actions, Has.None.Property("Alias").EqualTo(addRelationshipActionAlias), "Add relationship action should not be available");
Assert.That(actions, Has.None.Property("Alias").EqualTo(removeRelationshipActionAlias), "Remove relationship action should not be available");
// child create
Assert.That(actions, Has.None.Property("HtmlActionState").EqualTo("createForm"), "Create resource action should not be available");
// child read
if (splitChildEntityPermissions.Contains("core:read"))
{
Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(viewResourceActionAlias), "Missing view resource action");
}
else
{
Assert.That(actions, Has.None.Property("Alias").EqualTo(viewResourceActionAlias), "View resource action should not be available");
}
// child modify
if (splitChildEntityPermissions.Contains("core:modify"))
{
Assert.That(actions, Has.Exactly(1).Property("Alias").EqualTo(editResourceActionAlias), "Missing edit resource action");
}
else
{
Assert.That(actions, Has.None.Property("Alias").EqualTo(editResourceActionAlias), "Edit resource action should not be available");
}
// child delete
Assert.That(actions, Has.None.Property("Alias").EqualTo(deleteResourceActionAlias), "Delete resource action should not be available");
}
}
public void Test_Writeable_Related_Entity(string toPermissionAliases, bool toEntityWriteable)
{
var userAccount = Entity.Create <UserAccount>();
userAccount.Name = "Test user " + Guid.NewGuid();
userAccount.Save();
var fromType = new EntityType();
fromType.Inherits.Add(UserResource.UserResource_Type);
fromType.Save();
var toType = new EntityType();
toType.Inherits.Add(UserResource.UserResource_Type);
toType.Save();
var relationship = new Relationship {
FromType = fromType, ToType = toType
};
relationship.Save();
IEntity fromEntity = Entity.Create(new EntityRef(fromType));
fromEntity.SetField("core:name", "A");
fromEntity.Save();
IEntity toEntity = Entity.Create(new EntityRef(toType));
toEntity.SetField("core:name", "B");
toEntity.SetRelationships(relationship, new EntityRelationshipCollection <IEntity>()
{
fromEntity
}, Direction.Reverse);
toEntity.Save();
// Read / modify from type
new AccessRuleFactory().AddAllowByQuery(userAccount.As <Subject>(), fromType.As <SecurableEntity>(),
new List <EntityRef> {
new EntityRef("core:read"), new EntityRef("core:modify")
},
TestQueries.EntitiesWithNameA().ToReport());
if (toPermissionAliases.Length > 0)
{
// Access to to type
new AccessRuleFactory().AddAllowByQuery(userAccount.As <Subject>(), toType.As <SecurableEntity>(),
toPermissionAliases.Split(',').Select(x => new EntityRef(x)),
TestQueries.EntitiesWithNameB().ToReport());
}
using (new SetUser(userAccount))
{
// The from entity should be able to be retrieved
var fromEntityWriteable = Entity.Get <IEntity>(new EntityRef(fromEntity), true);
Assert.AreEqual(fromEntity.Id, fromEntityWriteable.Id);
// Check access to to entity
IEntity entity = fromEntityWriteable.GetRelationships(relationship, Direction.Forward).FirstOrDefault( );
IEntity toEntityFromRel = null;
if (entity != null)
{
toEntityFromRel = entity.Entity;
}
if (toPermissionAliases.Length > 0)
{
Assert.AreEqual(toEntity.Id, toEntityFromRel.Id);
var toEntityWrite = toEntityFromRel.AsWritable();
toEntityWrite.SetField("core:description", "Test");
if (toEntityWriteable)
{
// Should be able to save
Assert.DoesNotThrow(() => toEntityWrite.Save());
}
else
{
// Should not be able to save
Assert.That(toEntityWrite.Save,
Throws.TypeOf <PlatformSecurityException>(), "Entity access is incorrect. Should notbe able to save.");
}
}
else
{
// We do not have read access to the to entity so it should be null
Assert.IsNull(toEntityFromRel);
}
}
}
