public void TestDenyInheritanceFlag() { SecurityServiceBase srv = new TestSecurityService(Db); string itemName = "TestUserIsAdminItem"; string itemDesciption = "Test item description"; AccessMode defaultAccess = GetDefaultPermissions(); CFAccessDefinition ad1 = new CFAccessDefinition() { Name = "Test 1", AccessModes = AccessMode.Read | AccessMode.Write }; CFAccessDefinition ad2 = new CFAccessDefinition() { Name = "Test 2", AccessModes = AccessMode.Control | AccessMode.Append }; int entityType = mDh.Ets.GetEntityTypes(CFEntityType.eTarget.Items).FirstOrDefault().Id; CFItem i1 = mDh.CreateItem(mDh.Is, entityType, itemName, itemDesciption, true); List <CFAccessGroup> groups = new List <CFAccessGroup>() { new CFAccessGroup() { AccessGuids = new List <Guid>() { Guid.Parse(Groups[0]) }, AccessDefinition = ad1 }, new CFAccessGroup() { AccessGuids = new List <Guid>() { Guid.Parse(Users[1].Guid) }, AccessDefinition = ad2 } }; i1.AccessGroups = groups; i1.BlockInheritance = true; i1.Serialize(); Db.SaveChanges(); AccessMode modes1 = srv.GetPermissions(Users[0].Guid, i1); AccessMode modes2 = srv.GetPermissions(Users[1].Guid, i1); AccessMode modes3 = srv.GetPermissions(Users[2].Guid, i1); AccessMode modes4 = srv.GetPermissions(Users[3].Guid, i1); Assert.AreEqual(ad1.AccessModes, modes1); Assert.AreEqual(ad1.AccessModes | ad2.AccessModes, modes2); Assert.AreEqual(AccessMode.None, modes3); Assert.AreEqual(AccessMode.None, modes4); }
public void TestNoAccessDefinitionNoParents() { SecurityServiceBase srv = new TestSecurityService(Db); string collectionName = "TestUserIsAdminCollection"; string collectionDesciption = "Test collection description"; string itemName = "TestUserIsAdminItem"; string itemDesciption = "Test item description"; AccessMode defaultAccess = GetDefaultPermissions(); AccessMode modes; int entityType = mDh.Ets.GetEntityTypes(CFEntityType.eTarget.Collections).FirstOrDefault().Id; CFCollection c1 = mDh.CreateCollection(mDh.Cs, entityType, collectionName, collectionDesciption, true); entityType = mDh.Ets.GetEntityTypes(CFEntityType.eTarget.Items).FirstOrDefault().Id; CFItem i1 = mDh.CreateItem(mDh.Is, entityType, itemName + "1", itemDesciption, true); CFItem i2 = mDh.CreateItem(mDh.Is, entityType, itemName + "2", itemDesciption, true); Db.SaveChanges(); c1.ChildMembers.Add(i1); c1.Serialize(); Db.Entry(c1).State = System.Data.Entity.EntityState.Modified; i2.ChildMembers.Add(i1); i2.Serialize(); Db.Entry(i2).State = System.Data.Entity.EntityState.Modified; Db.SaveChanges(); foreach (TestUser user in Users) { modes = srv.GetPermissions(user.Guid, c1); Assert.AreEqual(defaultAccess, modes); Assert.AreNotEqual(AccessMode.All, modes); modes = srv.GetPermissions(user.Guid, i2); Assert.AreEqual(defaultAccess, modes); Assert.AreNotEqual(AccessMode.All, modes); modes = srv.GetPermissions(user.Guid, i1); Assert.AreEqual(defaultAccess, modes); Assert.AreNotEqual(AccessMode.All, modes); } }
public void TestUserIsAdmin() { SecurityServiceBase srv = new TestSecurityService(Db); TestUser admin = CreateUser(srv, "A1", true); TestUser user = CreateUser(srv, "U1"); string collectionName = "TestUserIsAdminCollection"; string collectionDesciption = "Test collection description"; string itemName = "TestUserIsAdminItem"; string itemDesciption = "Test item description"; AccessMode defaultAccess = GetDefaultPermissions(); int entityType = mDh.Ets.GetEntityTypes(CFEntityType.eTarget.Collections).FirstOrDefault().Id; CFCollection c1 = mDh.CreateCollection(mDh.Cs, entityType, collectionName, collectionDesciption, true); entityType = mDh.Ets.GetEntityTypes(CFEntityType.eTarget.Items).FirstOrDefault().Id; CFItem i1 = mDh.CreateItem(mDh.Is, entityType, itemName, itemDesciption, true); Db.SaveChanges(); AccessMode modes = srv.GetPermissions(admin.Guid, c1); Assert.AreNotEqual(defaultAccess, modes); Assert.AreEqual(AccessMode.All, modes); modes = srv.GetPermissions(user.Guid, c1); Assert.AreEqual(defaultAccess, modes); Assert.AreNotEqual(AccessMode.All, modes); modes = srv.GetPermissions(admin.Guid, i1); Assert.AreNotEqual(defaultAccess, modes); Assert.AreEqual(AccessMode.All, modes); modes = srv.GetPermissions(user.Guid, i1); Assert.AreEqual(defaultAccess, modes); Assert.AreNotEqual(AccessMode.All, modes); }
public void TestCircularParents() { SecurityServiceBase srv = new TestSecurityService(Db); string collectionName = "TestUserIsAdminCollection"; string collectionDesciption = "Test collection description"; string itemName = "TestUserIsAdminItem"; string itemDesciption = "Test item description"; AccessMode defaultAccess = GetDefaultPermissions(); CFAccessDefinition ad1 = new CFAccessDefinition() { Name = "Test 1", AccessModes = AccessMode.Write }; CFAccessDefinition ad2 = new CFAccessDefinition() { Name = "Test 2", AccessModes = AccessMode.Control | AccessMode.Append }; CFAccessDefinition ad3 = new CFAccessDefinition() { Name = "Test 3", AccessModes = AccessMode.Discover }; int entityType = mDh.Ets.GetEntityTypes(CFEntityType.eTarget.Items).FirstOrDefault().Id; CFItem i1 = mDh.CreateItem(mDh.Is, entityType, itemName, itemDesciption, true); entityType = mDh.Ets.GetEntityTypes(CFEntityType.eTarget.Collections).FirstOrDefault().Id; CFCollection c1 = mDh.CreateCollection(mDh.Cs, entityType, collectionName, collectionDesciption, true); entityType = mDh.Ets.GetEntityTypes(CFEntityType.eTarget.Items).FirstOrDefault().Id; CFItem i2 = mDh.CreateItem(mDh.Is, entityType, itemName, itemDesciption, true); List <CFAccessGroup> groups = new List <CFAccessGroup>() { new CFAccessGroup() { AccessGuids = new List <Guid>() { Guid.Parse(Groups[0]) }, AccessDefinition = ad1 }, }; c1.AccessGroups = groups; c1.Serialize(); groups = new List <CFAccessGroup>() { new CFAccessGroup() { AccessGuids = new List <Guid>() { Guid.Parse(Groups[1]) }, AccessDefinition = ad2 }, new CFAccessGroup() { AccessGuids = new List <Guid>() { Guid.Parse(Groups[2]) }, AccessDefinition = ad3 } }; i2.AccessGroups = groups; i2.Serialize(); i1.Serialize(); c1.ChildMembers.Add(i1); c1.ChildMembers.Add(i2); //NOTE: Here is our circular relationship i2.ChildMembers.Add(i1); Db.SaveChanges(); AccessMode modes1 = srv.GetPermissions(Users[0].Guid, i1); AccessMode modes2 = srv.GetPermissions(Users[1].Guid, i1); AccessMode modes3 = srv.GetPermissions(Users[2].Guid, i1); AccessMode modes4 = srv.GetPermissions(Users[3].Guid, i1); Assert.AreEqual(defaultAccess | ad1.AccessModes | ad3.AccessModes, modes1); Assert.AreEqual(defaultAccess | ad1.AccessModes | ad2.AccessModes, modes2); Assert.AreEqual(defaultAccess | ad2.AccessModes, modes3); Assert.AreEqual(defaultAccess | ad2.AccessModes | ad3.AccessModes, modes4); modes1 = srv.GetPermissions(Users[0].Guid, i2); modes2 = srv.GetPermissions(Users[1].Guid, i2); modes3 = srv.GetPermissions(Users[2].Guid, i2); modes4 = srv.GetPermissions(Users[3].Guid, i2); Assert.AreEqual(defaultAccess | ad1.AccessModes | ad3.AccessModes, modes1); Assert.AreEqual(defaultAccess | ad1.AccessModes | ad2.AccessModes, modes2); Assert.AreEqual(defaultAccess | ad2.AccessModes, modes3); Assert.AreEqual(defaultAccess | ad2.AccessModes | ad3.AccessModes, modes4); modes1 = srv.GetPermissions(Users[0].Guid, c1); modes2 = srv.GetPermissions(Users[1].Guid, c1); modes3 = srv.GetPermissions(Users[2].Guid, c1); modes4 = srv.GetPermissions(Users[3].Guid, c1); Assert.AreEqual(defaultAccess | ad1.AccessModes, modes1); Assert.AreEqual(defaultAccess | ad1.AccessModes, modes2); Assert.AreEqual(defaultAccess, modes3); Assert.AreEqual(defaultAccess, modes4); }