449 lines
19 KiB
C#
449 lines
19 KiB
C#
// Copyright (c) Umbraco.
|
|
// See LICENSE for more details.
|
|
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using Moq;
|
|
using NUnit.Framework;
|
|
using Umbraco.Cms.Core;
|
|
using Umbraco.Cms.Core.Cache;
|
|
using Umbraco.Cms.Core.Editors;
|
|
using Umbraco.Cms.Core.Models;
|
|
using Umbraco.Cms.Core.Models.Entities;
|
|
using Umbraco.Cms.Core.Models.Membership;
|
|
using Umbraco.Cms.Core.Services;
|
|
using Umbraco.Cms.Tests.Common.Builders;
|
|
using Umbraco.Cms.Tests.Common.Builders.Extensions;
|
|
using Constants = Umbraco.Cms.Core.Constants;
|
|
|
|
namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Infrastructure.Editors
|
|
{
|
|
[TestFixture]
|
|
public class UserEditorAuthorizationHelperTests
|
|
{
|
|
[Test]
|
|
public void Admin_Is_Authorized()
|
|
{
|
|
IUser currentUser = CreateAdminUser();
|
|
IUser savingUser = CreateUser();
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
var mediaService = new Mock<IMediaService>();
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new int[0], new string[0]);
|
|
|
|
Assert.IsTrue(result.Success);
|
|
}
|
|
|
|
[Test]
|
|
public void Non_Admin_Cannot_Save_Admin()
|
|
{
|
|
IUser currentUser = CreateUser();
|
|
IUser savingUser = CreateAdminUser();
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
var mediaService = new Mock<IMediaService>();
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new int[0], new string[0]);
|
|
|
|
Assert.IsFalse(result.Success);
|
|
}
|
|
|
|
[Test]
|
|
public void Cannot_Grant_Group_Membership_Without_Being_A_Member()
|
|
{
|
|
IUser currentUser = CreateUser(withGroup: true);
|
|
IUser savingUser = CreateUser();
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
var mediaService = new Mock<IMediaService>();
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new int[0], new[] { "FunGroup" });
|
|
|
|
Assert.IsFalse(result.Success);
|
|
}
|
|
|
|
[Test]
|
|
public void Can_Grant_Group_Membership_With_Being_A_Member()
|
|
{
|
|
IUser currentUser = CreateUser(withGroup: true);
|
|
IUser savingUser = CreateUser();
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
var mediaService = new Mock<IMediaService>();
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new int[0], new[] { "test" });
|
|
|
|
Assert.IsTrue(result.Success);
|
|
}
|
|
|
|
[Test]
|
|
[TestCase(Constants.Security.AdminGroupAlias, Constants.Security.AdminGroupAlias, ExpectedResult = true)]
|
|
[TestCase(Constants.Security.AdminGroupAlias, "SomethingElse", ExpectedResult = true)]
|
|
[TestCase(Constants.Security.EditorGroupAlias, Constants.Security.AdminGroupAlias, ExpectedResult = false)]
|
|
[TestCase(Constants.Security.EditorGroupAlias, "SomethingElse", ExpectedResult = false)]
|
|
[TestCase(Constants.Security.EditorGroupAlias, Constants.Security.EditorGroupAlias, ExpectedResult = true)]
|
|
public bool Can_only_add_user_groups_you_are_part_of_yourself_unless_you_are_admin(string groupAlias, string groupToAdd)
|
|
{
|
|
var currentUser = Mock.Of<IUser>(user => user.Groups == new[]
|
|
{
|
|
new ReadOnlyUserGroup(1, "CurrentUser", "icon-user", null, null, groupAlias, new int[0], new string[0], new string[0])
|
|
});
|
|
IUser savingUser = null; // This means it is a new created user
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
var mediaService = new Mock<IMediaService>();
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
var result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new int[0], new[] { groupToAdd });
|
|
|
|
return result.Success;
|
|
}
|
|
|
|
[Test]
|
|
public void Can_Add_Another_Content_Start_Node_On_User_With_Access()
|
|
{
|
|
var nodePaths = new Dictionary<int, string>
|
|
{
|
|
{ 1234, "-1,1234" },
|
|
{ 9876, "-1,9876" },
|
|
{ 5555, "-1,9876,5555" },
|
|
{ 4567, "-1,4567" },
|
|
};
|
|
|
|
IUser currentUser = CreateUser(startContentIds: new[] { 9876 });
|
|
IUser savingUser = CreateUser(startContentIds: new[] { 1234 });
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
contentService.Setup(x => x.GetById(It.IsAny<int>()))
|
|
.Returns((int id) => Mock.Of<IContent>(content => content.Path == nodePaths[id]));
|
|
var mediaService = new Mock<IMediaService>();
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
|
|
.Returns((UmbracoObjectTypes objType, int[] ids) => ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
// adding 5555 which currentUser has access to since it's a child of 9876 ... adding is still ok even though currentUser doesn't have access to 1234
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new[] { 1234, 5555 }, new int[0], new string[0]);
|
|
|
|
Assert.IsTrue(result.Success);
|
|
}
|
|
|
|
[Test]
|
|
public void Can_Remove_Content_Start_Node_On_User_Without_Access()
|
|
{
|
|
var nodePaths = new Dictionary<int, string>
|
|
{
|
|
{ 1234, "-1,1234" },
|
|
{ 9876, "-1,9876" },
|
|
{ 5555, "-1,9876,5555" },
|
|
{ 4567, "-1,4567" },
|
|
};
|
|
|
|
IUser currentUser = CreateUser(startContentIds: new[] { 9876 });
|
|
IUser savingUser = CreateUser(startContentIds: new[] { 1234, 4567 });
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
contentService.Setup(x => x.GetById(It.IsAny<int>()))
|
|
.Returns((int id) => Mock.Of<IContent>(content => content.Path == nodePaths[id]));
|
|
var mediaService = new Mock<IMediaService>();
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
|
|
.Returns((UmbracoObjectTypes objType, int[] ids) => ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
// removing 4567 start node even though currentUser doesn't have acces to it ... removing is ok
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new[] { 1234 }, new int[0], new string[0]);
|
|
|
|
Assert.IsTrue(result.Success);
|
|
}
|
|
|
|
[Test]
|
|
public void Cannot_Add_Content_Start_Node_On_User_Without_Access()
|
|
{
|
|
var nodePaths = new Dictionary<int, string>
|
|
{
|
|
{ 1234, "-1,1234" },
|
|
{ 9876, "-1,9876" },
|
|
{ 5555, "-1,9876,5555" },
|
|
{ 4567, "-1,4567" },
|
|
};
|
|
|
|
IUser currentUser = CreateUser(startContentIds: new[] { 9876 });
|
|
IUser savingUser = CreateUser();
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
contentService.Setup(x => x.GetById(It.IsAny<int>()))
|
|
.Returns((int id) => Mock.Of<IContent>(content => content.Path == nodePaths[id]));
|
|
var mediaService = new Mock<IMediaService>();
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
|
|
.Returns((UmbracoObjectTypes objType, int[] ids) => ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
// adding 1234 but currentUser doesn't have access to it ... nope
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new[] { 1234 }, new int[0], new string[0]);
|
|
|
|
Assert.IsFalse(result.Success);
|
|
}
|
|
|
|
[Test]
|
|
public void Can_Add_Content_Start_Node_On_User_With_Access()
|
|
{
|
|
var nodePaths = new Dictionary<int, string>
|
|
{
|
|
{ 1234, "-1,1234" },
|
|
{ 9876, "-1,9876" },
|
|
{ 5555, "-1,9876,5555" },
|
|
{ 4567, "-1,4567" },
|
|
};
|
|
|
|
IUser currentUser = CreateUser(startContentIds: new[] { 9876 });
|
|
IUser savingUser = CreateUser();
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
contentService.Setup(x => x.GetById(It.IsAny<int>()))
|
|
.Returns((int id) => Mock.Of<IContent>(content => content.Path == nodePaths[id]));
|
|
var mediaService = new Mock<IMediaService>();
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
|
|
.Returns((UmbracoObjectTypes objType, int[] ids) => ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
// adding 5555 which currentUser has access to since it's a child of 9876 ... ok
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new[] { 5555 }, new int[0], new string[0]);
|
|
|
|
Assert.IsTrue(result.Success);
|
|
}
|
|
|
|
[Test]
|
|
public void Cannot_Add_Media_Start_Node_On_User_Without_Access()
|
|
{
|
|
var nodePaths = new Dictionary<int, string>
|
|
{
|
|
{ 1234, "-1,1234" },
|
|
{ 9876, "-1,9876" },
|
|
{ 5555, "-1,9876,5555" },
|
|
{ 4567, "-1,4567" },
|
|
};
|
|
|
|
IUser currentUser = CreateUser(startMediaIds: new[] { 9876 });
|
|
IUser savingUser = CreateUser();
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
var mediaService = new Mock<IMediaService>();
|
|
mediaService.Setup(x => x.GetById(It.IsAny<int>()))
|
|
.Returns((int id) => Mock.Of<IMedia>(content => content.Path == nodePaths[id]));
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
|
|
.Returns((UmbracoObjectTypes objType, int[] ids) => ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
// adding 1234 but currentUser doesn't have access to it ... nope
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new[] { 1234 }, new string[0]);
|
|
|
|
Assert.IsFalse(result.Success);
|
|
}
|
|
|
|
[Test]
|
|
public void Can_Add_Media_Start_Node_On_User_With_Access()
|
|
{
|
|
var nodePaths = new Dictionary<int, string>
|
|
{
|
|
{ 1234, "-1,1234" },
|
|
{ 9876, "-1,9876" },
|
|
{ 5555, "-1,9876,5555" },
|
|
{ 4567, "-1,4567" },
|
|
};
|
|
|
|
IUser currentUser = CreateUser(startMediaIds: new[] { 9876 });
|
|
IUser savingUser = CreateUser();
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
var mediaService = new Mock<IMediaService>();
|
|
mediaService.Setup(x => x.GetById(It.IsAny<int>()))
|
|
.Returns((int id) => Mock.Of<IMedia>(content => content.Path == nodePaths[id]));
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
|
|
.Returns((UmbracoObjectTypes objType, int[] ids) => ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
// adding 5555 which currentUser has access to since it's a child of 9876 ... ok
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new[] { 5555 }, new string[0]);
|
|
|
|
Assert.IsTrue(result.Success);
|
|
}
|
|
|
|
[Test]
|
|
public void Can_Add_Another_Media_Start_Node_On_User_With_Access()
|
|
{
|
|
var nodePaths = new Dictionary<int, string>
|
|
{
|
|
{ 1234, "-1,1234" },
|
|
{ 9876, "-1,9876" },
|
|
{ 5555, "-1,9876,5555" },
|
|
{ 4567, "-1,4567" },
|
|
};
|
|
|
|
IUser currentUser = CreateUser(startMediaIds: new[] { 9876 });
|
|
IUser savingUser = CreateUser(startMediaIds: new[] { 1234 });
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
var mediaService = new Mock<IMediaService>();
|
|
mediaService.Setup(x => x.GetById(It.IsAny<int>()))
|
|
.Returns((int id) => Mock.Of<IMedia>(content => content.Path == nodePaths[id]));
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
|
|
.Returns((UmbracoObjectTypes objType, int[] ids) => ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
// adding 5555 which currentUser has access to since it's a child of 9876 ... adding is still ok even though currentUser doesn't have access to 1234
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new[] { 1234, 5555 }, new string[0]);
|
|
|
|
Assert.IsTrue(result.Success);
|
|
}
|
|
|
|
[Test]
|
|
public void Can_Remove_Media_Start_Node_On_User_Without_Access()
|
|
{
|
|
var nodePaths = new Dictionary<int, string>
|
|
{
|
|
{ 1234, "-1,1234" },
|
|
{ 9876, "-1,9876" },
|
|
{ 5555, "-1,9876,5555" },
|
|
{ 4567, "-1,4567" },
|
|
};
|
|
|
|
IUser currentUser = CreateUser(startMediaIds: new[] { 9876 });
|
|
IUser savingUser = CreateUser(startMediaIds: new[] { 1234, 4567 });
|
|
|
|
var contentService = new Mock<IContentService>();
|
|
var mediaService = new Mock<IMediaService>();
|
|
mediaService.Setup(x => x.GetById(It.IsAny<int>()))
|
|
.Returns((int id) => Mock.Of<IMedia>(content => content.Path == nodePaths[id]));
|
|
var userService = new Mock<IUserService>();
|
|
var entityService = new Mock<IEntityService>();
|
|
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
|
|
.Returns((UmbracoObjectTypes objType, int[] ids) => ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
|
|
|
|
var authHelper = new UserEditorAuthorizationHelper(
|
|
contentService.Object,
|
|
mediaService.Object,
|
|
entityService.Object,
|
|
AppCaches.Disabled);
|
|
|
|
// removing 4567 start node even though currentUser doesn't have acces to it ... removing is ok
|
|
Attempt<string> result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new[] { 1234 }, new string[0]);
|
|
|
|
Assert.IsTrue(result.Success);
|
|
}
|
|
|
|
private static IUser CreateUser(bool withGroup = false, int[] startContentIds = null, int[] startMediaIds = null)
|
|
{
|
|
UserBuilder<object> builder = new UserBuilder()
|
|
.WithStartContentIds(startContentIds ?? (new int[0]))
|
|
.WithStartMediaIds(startMediaIds ?? (new int[0]));
|
|
if (withGroup)
|
|
{
|
|
builder = (UserBuilder)builder
|
|
.AddUserGroup()
|
|
.WithName("Test")
|
|
.WithAlias("test")
|
|
.Done();
|
|
}
|
|
|
|
return builder.Build();
|
|
}
|
|
|
|
private static IUser CreateAdminUser() =>
|
|
new UserBuilder()
|
|
.AddUserGroup()
|
|
.WithId(1)
|
|
.WithName("Admin")
|
|
.WithAlias(Constants.Security.AdminGroupAlias)
|
|
.Done()
|
|
.Build();
|
|
}
|
|
}
|