示例#1
0
 /// <summary>
 /// Blog owners have full access to posts.
 /// The author of the post has full access to the post.
 /// Blog authors can create posts.
 /// </summary>
 /// <param name="instance"></param>
 public BlogPostClassACL(BlogPost instance)
 {
     // allow the blog owner to do everything with the post
     this.Add(new ACLAccount(instance.Blog.Account, DataOperation.All));
     // allow the author of the post to do everything with the post
     this.Add(new ACLAccount(instance.Account, DataOperation.AllExceptCreate));
     // allow blog authors to create posts
     if (instance.Blog.BlogAuthors != null)
     {
         foreach (BlogAuthor author in instance.Blog.BlogAuthors)
         {
             this.Add(new ACLAccount(author.Account, DataOperation.Create));
         }
     }
 }
 public void TestCreateAccessDenied()
 {
     Account user2 = CreateUser();
     using (new Impersonator(new UserContext(user2)))
     {
         try
         {
             BlogPost post = new BlogPost();
             // another user cannot post
             post.Account = user2;
             post.Blog = _blog;
             post.Title = Guid.NewGuid().ToString();
             post.Body = Guid.NewGuid().ToString();
             post.Created = DateTime.UtcNow;
             Session.Save(post);
             Session.Flush();
         }
         finally
         {
             DeleteUser(user2);
         }
     }
 }
 public void TestCreateDelete()
 {
     // current user, also blog owner can create posts
     BlogPost post = new BlogPost();
     post.Account = _user;
     post.Blog = _blog;
     post.Title = Guid.NewGuid().ToString();
     post.Body = Guid.NewGuid().ToString();
     post.Created = DateTime.UtcNow;
     Session.Save(post);
     Session.Flush();
     Session.Delete(post);
     Session.Flush();
 }
        public void TestCreateRetrieve()
        {
            // current user, also blog owner can create posts
            BlogPost post = new BlogPost();
            post.Account = _user;
            post.Blog = _blog;
            post.Title = Guid.NewGuid().ToString();
            post.Body = Guid.NewGuid().ToString();
            post.Created = DateTime.UtcNow;
            Session.Save(post);
            Session.Flush();

            try
            {
                Account user2 = CreateUser();
                // another user cannot read posts, he's not a blog author
                using (new Impersonator(new UserContext(user2)))
                {
                    BlogPost postCopy = Session.Load<BlogPost>(post.Id);
                    // if you don't resolve a field an object proxy is loaded
                    Console.WriteLine("Post: {0}", postCopy.Body);
                    Session.Flush();
                }
            }
            catch (ADOException ex)
            {
                throw ex.InnerException;
            }
            finally
            {
                Session.Delete(post);
                Session.Flush();
            }
        }