public IList <Claim> GetRequiredClaims(ICommandInfo info)
{
SaveEntityCommandInfo commandInfo = (SaveEntityCommandInfo)info;
List <Claim> claims = new List <Claim>();
if (commandInfo.DataToInsert != null && commandInfo.DataToInsert.Length > 0)
{
claims.Add(new Claim(commandInfo.Entity, "New"));
}
if (commandInfo.DataToUpdate != null && commandInfo.DataToUpdate.Length > 0)
{
claims.Add(new Claim(commandInfo.Entity, "Edit"));
}
if (commandInfo.DataToDelete != null && commandInfo.DataToDelete.Length > 0)
{
claims.Add(new Claim(commandInfo.Entity, "Remove"));
}
return(claims);
}
public void CombiningMultipleRules()
{
InsertCurrentPrincipal(); // Not related to row permissions.
// Insert the test data (server code bypasses row permissions):
using (var container = new RhetosTestContainer(commitChanges: true))
{
var repository = container.Resolve<Common.DomRepository>();
var context = container.Resolve<Common.ExecutionContext>();
repository.DemoRowPermissions2.DocumentApproval.Delete(repository.DemoRowPermissions2.DocumentApproval.All());
repository.DemoRowPermissions2.DocumentComment.Delete(repository.DemoRowPermissions2.DocumentComment.All());
repository.DemoRowPermissions2.Document.Delete(repository.DemoRowPermissions2.Document.All());
repository.DemoRowPermissions2.RegionSupervisor.Delete(repository.DemoRowPermissions2.RegionSupervisor.All());
repository.DemoRowPermissions2.Employee.Delete(repository.DemoRowPermissions2.Employee.All());
repository.DemoRowPermissions2.Division.Delete(repository.DemoRowPermissions2.Division.All());
repository.DemoRowPermissions2.Region.Delete(repository.DemoRowPermissions2.Region.All());
var reg3 = new DemoRowPermissions2.Region { Name = "reg3" };
repository.DemoRowPermissions2.Region.Insert(new[] { reg3 });
var div1 = new DemoRowPermissions2.Division { Name = "div1" };
var div2 = new DemoRowPermissions2.Division { Name = "div2" };
var div3 = new DemoRowPermissions2.Division { Name = "div3", RegionID = reg3.ID };
repository.DemoRowPermissions2.Division.Insert(new[] { div1, div2, div3 });
// The current user:
var emp1 = new DemoRowPermissions2.Employee
{
UserName = context.UserInfo.UserName,
DivisionID = div1.ID
};
repository.DemoRowPermissions2.Employee.Insert(new[] { emp1 });
var sup3 = new DemoRowPermissions2.RegionSupervisor
{
EmployeeID = emp1.ID,
RegionID = reg3.ID
};
repository.DemoRowPermissions2.RegionSupervisor.Insert(new[] { sup3 });
// The user can access doc1, because it's in the same division:
var doc1 = new DemoRowPermissions2.Document { Title = "doc1", DivisionID = div1.ID };
// The user cannot access doc2:
var doc2 = new DemoRowPermissions2.Document { Title = "doc2", DivisionID = div2.ID };
// The user can access doc3, because it's in the region he supervises:
var doc3 = new DemoRowPermissions2.Document { Title = "doc3", DivisionID = div3.ID };
// The user can access doc4 (same division), but cannot edit it (previous year):
var doc4 = new DemoRowPermissions2.Document { Title = "doc4", DivisionID = div1.ID, Created = DateTime.Now.AddYears(-1) };
repository.DemoRowPermissions2.Document.Insert(new[] { doc1, doc2, doc3, doc4 });
}
// Simulate client request: Reading all documents (access denied)
using (var container = new RhetosTestContainer())
{
container.AddIgnoreClaims();
var processingEngine = container.Resolve<IProcessingEngine>();
var serverCommand = new ReadCommandInfo
{
DataSource = typeof(DemoRowPermissions2.Document).FullName,
ReadRecords = true
};
var serverResponse = processingEngine.Execute(new[] { serverCommand });
var report = GenerateReport(serverResponse);
Console.WriteLine("Server response: " + report);
Assert.IsTrue(report.Contains("You are not authorized"));
}
// Simulate client request: Reading the user's documents
using (var container = new RhetosTestContainer())
{
container.AddIgnoreClaims();
var processingEngine = container.Resolve<IProcessingEngine>();
var serverCommand = new ReadCommandInfo
{
DataSource = typeof(DemoRowPermissions2.Document).FullName,
ReadRecords = true,
Filters = new[] { new FilterCriteria(typeof(Common.RowPermissionsReadItems)) }
};
var serverResponse = processingEngine.Execute(new[] { serverCommand });
var report = GenerateReport(serverResponse);
Console.WriteLine("Server response: " + report);
Assert.AreEqual("doc1, doc3, doc4", report);
}
// Simulate client request: Edit doc1 (ok)
using (var container = new RhetosTestContainer())
{
container.AddIgnoreClaims();
var repository = container.Resolve<Common.DomRepository>();
var doc1 = repository.DemoRowPermissions2.Document.Query().Where(d => d.Title == "doc1").Single();
doc1.Title += "x";
var processingEngine = container.Resolve<IProcessingEngine>();
var serverCommand = new SaveEntityCommandInfo
{
Entity = typeof(DemoRowPermissions2.Document).FullName,
DataToUpdate = new[] { doc1 }
};
var serverResponse = processingEngine.Execute(new[] { serverCommand });
var report = GenerateReport(serverResponse);
Console.WriteLine("Server response: " + report);
Assert.AreEqual("Comand executed", report);
var documents = repository.DemoRowPermissions2.Document.Query().Select(d => d.Title).OrderBy(t => t);
Assert.AreEqual("doc1x, doc2, doc3, doc4", string.Join(", ", documents));
}
// Simulate client request: Edit doc4 (acces denied)
using (var container = new RhetosTestContainer())
{
container.AddIgnoreClaims();
var repository = container.Resolve<Common.DomRepository>();
var doc4 = repository.DemoRowPermissions2.Document.Query().Where(d => d.Title == "doc4").Single();
doc4.Title += "x";
var processingEngine = container.Resolve<IProcessingEngine>();
var serverCommand = new SaveEntityCommandInfo
{
Entity = typeof(DemoRowPermissions2.Document).FullName,
DataToUpdate = new[] { doc4 }
};
var serverResponse = processingEngine.Execute(new[] { serverCommand });
var report = GenerateReport(serverResponse);
Console.WriteLine("Server response: " + report);
Assert.IsTrue(report.Contains("Insufficient permissions"));
}
}
public void RulesWrite()
{
using (var container = new RhetosTestContainer())
{
var repositories = container.Resolve<Common.DomRepository>();
var emptyRP = repositories.TestRowPermissions.RPWriteRulesEmpty;
var writeRP = repositories.TestRowPermissions.RPWriteRules;
var commandImplementations = container.Resolve<IPluginsContainer<ICommandImplementation>>();
var saveCommand = commandImplementations.GetImplementations(typeof(SaveEntityCommandInfo)).Single();
{
emptyRP.Delete(emptyRP.All());
var saveInfo = new SaveEntityCommandInfo() {Entity = "TestRowPermissions.RPWriteRulesEmpty"};
saveInfo.DataToInsert = new[] {new RPWriteRulesEmpty()};
TestUtility.ShouldFail(() => saveCommand.Execute(saveInfo), _writeException);
}
{
writeRP.Delete(writeRP.All());
var saveInfo = new SaveEntityCommandInfo() { Entity = "TestRowPermissions.RPWriteRules" };
saveInfo.DataToInsert = (new[] {10}).Select(item => new RPWriteRules() {value = item}).ToArray();
TestUtility.ShouldFail(() => saveCommand.Execute(saveInfo), _writeException);
}
{
writeRP.Delete(writeRP.All());
var saveInfo = new SaveEntityCommandInfo() { Entity = "TestRowPermissions.RPWriteRules" };
saveInfo.DataToInsert = (new[] { 5 }).Select(item => new RPWriteRules() { value = item }).ToArray();
TestUtility.ShouldFail(() => saveCommand.Execute(saveInfo), _writeException);
}
{
writeRP.Delete(writeRP.All());
var saveInfo = new SaveEntityCommandInfo() { Entity = "TestRowPermissions.RPWriteRules" };
saveInfo.DataToInsert = (new[] { 1, 2, 8 }).Select(item => new RPWriteRules() { value = item }).ToArray();
TestUtility.ShouldFail(() => saveCommand.Execute(saveInfo), _writeException);
}
{
writeRP.Delete(writeRP.All());
var saveInfo = new SaveEntityCommandInfo() { Entity = "TestRowPermissions.RPWriteRules" };
saveInfo.DataToDelete = (new[] { 7 }).Select(item => new RPWriteRules() { value = item, ID = Guid.NewGuid()}).ToArray();
writeRP.Insert((RPWriteRules[])saveInfo.DataToDelete);
TestUtility.ShouldFail(() => saveCommand.Execute(saveInfo), _writeException);
}
{
writeRP.Delete(writeRP.All());
var saveInfo = new SaveEntityCommandInfo() { Entity = "TestRowPermissions.RPWriteRules" };
saveInfo.DataToInsert = (new[] { 1, 2, 3, 4, 6, 9 }).Select(item => new RPWriteRules() { value = item, ID = Guid.NewGuid() }).ToArray();
saveCommand.Execute(saveInfo);
saveInfo.DataToDelete = saveInfo.DataToInsert;
saveInfo.DataToInsert = null;
saveCommand.Execute(saveInfo);
Assert.AreEqual(0, writeRP.All().Count());
}
// update to legal
{
writeRP.Delete(writeRP.All());
var saveInfo = new SaveEntityCommandInfo() { Entity = "TestRowPermissions.RPWriteRules" };
var items = (new[] { 12 }).Select(item => new RPWriteRules() { value = item, ID = Guid.NewGuid() }).ToArray();
writeRP.Insert(items);
items[0].value = 1;
saveInfo.DataToUpdate = items;
TestUtility.ShouldFail(() => saveCommand.Execute(saveInfo), _writeException);
}
// update from legal
{
writeRP.Delete(writeRP.All());
var saveInfo = new SaveEntityCommandInfo() { Entity = "TestRowPermissions.RPWriteRules" };
var items = (new[] { 1 }).Select(item => new RPWriteRules() { value = item, ID = Guid.NewGuid() }).ToArray();
writeRP.Insert(items);
items[0].value = 12;
saveInfo.DataToUpdate = items;
TestUtility.ShouldFail(() => saveCommand.Execute(saveInfo), _writeException);
}
{
writeRP.Delete(writeRP.All());
var saveInfo = new SaveEntityCommandInfo() { Entity = "TestRowPermissions.RPWriteRules" };
var items = (new[] { 1 }).Select(item => new RPWriteRules() { value = item, ID = Guid.NewGuid() }).ToArray();
writeRP.Insert(items);
items[0].value = 2;
saveInfo.DataToUpdate = items;
saveCommand.Execute(saveInfo);
}
{
writeRP.Delete(writeRP.All());
var saveInfo = new SaveEntityCommandInfo() { Entity = "TestRowPermissions.RPWriteRules" };
saveInfo.DataToInsert = (new[] { 20 }).Select(item => new RPWriteRules() { value = item, ID = Guid.NewGuid() }).ToArray();
saveCommand.Execute(saveInfo);
}
}
}
public void ProcessingEngineUniqueConstraintError()
{
using (var container = new RhetosTestContainer())
{
container.AddIgnoreClaims();
var processingEngine = container.Resolve<IProcessingEngine>();
var saveDuplicates = new SaveEntityCommandInfo
{
Entity = "TestUnique.E",
DataToInsert = new[]
{
new TestUnique.E { I = 123, S = "abc" },
new TestUnique.E { I = 123, S = "abc" },
}
};
var processingEngineResult = processingEngine.Execute(new[] { saveDuplicates });
Assert.IsFalse(processingEngineResult.Success);
TestUtility.AssertContains(processingEngineResult.UserMessage, "duplicate");
}
}