yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c22783e45ede0f92ecb11ad710be1401ee2c72bd
Umbraco-CMS/tests/Umbraco.Tests.UnitTests/Umbraco.Infrastructure/Editors/UserEditorAuthorizationHelperTests.cs
Mole 66f483e88c New backoffice: Obsolete ReadOnlyUserGroup constructor. (#13676) 
* Obsolete old ReadOnlyUserGroup constructor

* Update src/Umbraco.Core/Models/Membership/ReadOnlyUserGroup.cs

Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>

---------

Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
2023-02-06 14:32:27 +01:00

420 lines
17 KiB
C#
Raw Blame History

// Copyright (c) Umbraco.
// See LICENSE for more details.
using System.Collections.Generic;
using System.Linq;
using Moq;
using NUnit.Framework;
using Umbraco.Cms.Core;
using Umbraco.Cms.Core.Cache;
using Umbraco.Cms.Core.Editors;
using Umbraco.Cms.Core.Models;
using Umbraco.Cms.Core.Models.Entities;
using Umbraco.Cms.Core.Models.Membership;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Tests.Common.Builders;
using Umbraco.Cms.Tests.Common.Builders.Extensions;
namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Infrastructure.Editors;
[TestFixture]
public class UserEditorAuthorizationHelperTests
{
[Test]
public void Admin_Is_Authorized()
{
var currentUser = CreateAdminUser();
var savingUser = CreateUser();
var contentService = new Mock<IContentService>();
var mediaService = new Mock<IMediaService>();
var entityService = new Mock<IEntityService>();
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
var result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new int[0], new string[0]);
Assert.IsTrue(result.Success);
}
[Test]
public void Non_Admin_Cannot_Save_Admin()
{
var currentUser = CreateUser();
var savingUser = CreateAdminUser();
var contentService = new Mock<IContentService>();
var mediaService = new Mock<IMediaService>();
var entityService = new Mock<IEntityService>();
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
var result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new int[0], new string[0]);
Assert.IsFalse(result.Success);
}
[Test]
public void Cannot_Grant_Group_Membership_Without_Being_A_Member()
{
var currentUser = CreateUser(true);
var savingUser = CreateUser();
var contentService = new Mock<IContentService>();
var mediaService = new Mock<IMediaService>();
var entityService = new Mock<IEntityService>();
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
var result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new int[0], new[] { "FunGroup" });
Assert.IsFalse(result.Success);
}
[Test]
public void Can_Grant_Group_Membership_With_Being_A_Member()
{
var currentUser = CreateUser(true);
var savingUser = CreateUser();
var contentService = new Mock<IContentService>();
var mediaService = new Mock<IMediaService>();
var entityService = new Mock<IEntityService>();
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
var result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new int[0], new[] { "test" });
Assert.IsTrue(result.Success);
}
[Test]
[TestCase(Constants.Security.AdminGroupAlias, Constants.Security.AdminGroupAlias, ExpectedResult = true)]
[TestCase(Constants.Security.AdminGroupAlias, "SomethingElse", ExpectedResult = true)]
[TestCase(Constants.Security.EditorGroupAlias, Constants.Security.AdminGroupAlias, ExpectedResult = false)]
[TestCase(Constants.Security.EditorGroupAlias, "SomethingElse", ExpectedResult = false)]
[TestCase(Constants.Security.EditorGroupAlias, Constants.Security.EditorGroupAlias, ExpectedResult = true)]
public bool Can_only_add_user_groups_you_are_part_of_yourself_unless_you_are_admin(
string groupAlias,
string groupToAdd)
{
var currentUser = Mock.Of<IUser>(user => user.Groups == new[]
{
new ReadOnlyUserGroup(1, Guid.NewGuid(), "CurrentUser", "icon-user", null, null, groupAlias, new int[0], new string[0], new string[0], true),
});
IUser savingUser = null; // This means it is a new created user
var contentService = new Mock<IContentService>();
var mediaService = new Mock<IMediaService>();
var entityService = new Mock<IEntityService>();
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
var result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new int[0], new[] { groupToAdd });
return result.Success;
}
[Test]
public void Can_Add_Another_Content_Start_Node_On_User_With_Access()
{
var nodePaths = new Dictionary<int, string>
{
{ 1234, "-1,1234" }, { 9876, "-1,9876" }, { 5555, "-1,9876,5555" }, { 4567, "-1,4567" },
};
var currentUser = CreateUser(startContentIds: new[] { 9876 });
var savingUser = CreateUser(startContentIds: new[] { 1234 });
var contentService = new Mock<IContentService>();
contentService.Setup(x => x.GetById(It.IsAny<int>()))
.Returns((int id) => Mock.Of<IContent>(content => content.Path == nodePaths[id]));
var mediaService = new Mock<IMediaService>();
var entityService = new Mock<IEntityService>();
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
.Returns((UmbracoObjectTypes objType, int[] ids) =>
ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
// adding 5555 which currentUser has access to since it's a child of 9876 ... adding is still ok even though currentUser doesn't have access to 1234
var result = authHelper.IsAuthorized(currentUser, savingUser, new[] { 1234, 5555 }, new int[0], new string[0]);
Assert.IsTrue(result.Success);
}
[Test]
public void Can_Remove_Content_Start_Node_On_User_Without_Access()
{
var nodePaths = new Dictionary<int, string>
{
{ 1234, "-1,1234" }, { 9876, "-1,9876" }, { 5555, "-1,9876,5555" }, { 4567, "-1,4567" },
};
var currentUser = CreateUser(startContentIds: new[] { 9876 });
var savingUser = CreateUser(startContentIds: new[] { 1234, 4567 });
var contentService = new Mock<IContentService>();
contentService.Setup(x => x.GetById(It.IsAny<int>()))
.Returns((int id) => Mock.Of<IContent>(content => content.Path == nodePaths[id]));
var mediaService = new Mock<IMediaService>();
var entityService = new Mock<IEntityService>();
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
.Returns((UmbracoObjectTypes objType, int[] ids) =>
ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
// removing 4567 start node even though currentUser doesn't have acces to it ... removing is ok
var result = authHelper.IsAuthorized(currentUser, savingUser, new[] { 1234 }, new int[0], new string[0]);
Assert.IsTrue(result.Success);
}
[Test]
public void Cannot_Add_Content_Start_Node_On_User_Without_Access()
{
var nodePaths = new Dictionary<int, string>
{
{ 1234, "-1,1234" }, { 9876, "-1,9876" }, { 5555, "-1,9876,5555" }, { 4567, "-1,4567" },
};
var currentUser = CreateUser(startContentIds: new[] { 9876 });
var savingUser = CreateUser();
var contentService = new Mock<IContentService>();
contentService.Setup(x => x.GetById(It.IsAny<int>()))
.Returns((int id) => Mock.Of<IContent>(content => content.Path == nodePaths[id]));
var mediaService = new Mock<IMediaService>();
var entityService = new Mock<IEntityService>();
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
.Returns((UmbracoObjectTypes objType, int[] ids) =>
ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
// adding 1234 but currentUser doesn't have access to it ... nope
var result = authHelper.IsAuthorized(currentUser, savingUser, new[] { 1234 }, new int[0], new string[0]);
Assert.IsFalse(result.Success);
}
[Test]
public void Can_Add_Content_Start_Node_On_User_With_Access()
{
var nodePaths = new Dictionary<int, string>
{
{ 1234, "-1,1234" }, { 9876, "-1,9876" }, { 5555, "-1,9876,5555" }, { 4567, "-1,4567" },
};
var currentUser = CreateUser(startContentIds: new[] { 9876 });
var savingUser = CreateUser();
var contentService = new Mock<IContentService>();
contentService.Setup(x => x.GetById(It.IsAny<int>()))
.Returns((int id) => Mock.Of<IContent>(content => content.Path == nodePaths[id]));
var mediaService = new Mock<IMediaService>();
var entityService = new Mock<IEntityService>();
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
.Returns((UmbracoObjectTypes objType, int[] ids) =>
ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
// adding 5555 which currentUser has access to since it's a child of 9876 ... ok
var result = authHelper.IsAuthorized(currentUser, savingUser, new[] { 5555 }, new int[0], new string[0]);
Assert.IsTrue(result.Success);
}
[Test]
public void Cannot_Add_Media_Start_Node_On_User_Without_Access()
{
var nodePaths = new Dictionary<int, string>
{
{ 1234, "-1,1234" }, { 9876, "-1,9876" }, { 5555, "-1,9876,5555" }, { 4567, "-1,4567" },
};
var currentUser = CreateUser(startMediaIds: new[] { 9876 });
var savingUser = CreateUser();
var contentService = new Mock<IContentService>();
var mediaService = new Mock<IMediaService>();
mediaService.Setup(x => x.GetById(It.IsAny<int>()))
.Returns((int id) => Mock.Of<IMedia>(content => content.Path == nodePaths[id]));
var entityService = new Mock<IEntityService>();
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
.Returns((UmbracoObjectTypes objType, int[] ids) =>
ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
// adding 1234 but currentUser doesn't have access to it ... nope
var result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new[] { 1234 }, new string[0]);
Assert.IsFalse(result.Success);
}
[Test]
public void Can_Add_Media_Start_Node_On_User_With_Access()
{
var nodePaths = new Dictionary<int, string>
{
{ 1234, "-1,1234" }, { 9876, "-1,9876" }, { 5555, "-1,9876,5555" }, { 4567, "-1,4567" },
};
var currentUser = CreateUser(startMediaIds: new[] { 9876 });
var savingUser = CreateUser();
var contentService = new Mock<IContentService>();
var mediaService = new Mock<IMediaService>();
mediaService.Setup(x => x.GetById(It.IsAny<int>()))
.Returns((int id) => Mock.Of<IMedia>(content => content.Path == nodePaths[id]));
var entityService = new Mock<IEntityService>();
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
.Returns((UmbracoObjectTypes objType, int[] ids) =>
ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
// adding 5555 which currentUser has access to since it's a child of 9876 ... ok
var result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new[] { 5555 }, new string[0]);
Assert.IsTrue(result.Success);
}
[Test]
public void Can_Add_Another_Media_Start_Node_On_User_With_Access()
{
var nodePaths = new Dictionary<int, string>
{
{ 1234, "-1,1234" }, { 9876, "-1,9876" }, { 5555, "-1,9876,5555" }, { 4567, "-1,4567" },
};
var currentUser = CreateUser(startMediaIds: new[] { 9876 });
var savingUser = CreateUser(startMediaIds: new[] { 1234 });
var contentService = new Mock<IContentService>();
var mediaService = new Mock<IMediaService>();
mediaService.Setup(x => x.GetById(It.IsAny<int>()))
.Returns((int id) => Mock.Of<IMedia>(content => content.Path == nodePaths[id]));
var entityService = new Mock<IEntityService>();
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
.Returns((UmbracoObjectTypes objType, int[] ids) =>
ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
// adding 5555 which currentUser has access to since it's a child of 9876 ... adding is still ok even though currentUser doesn't have access to 1234
var result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new[] { 1234, 5555 }, new string[0]);
Assert.IsTrue(result.Success);
}
[Test]
public void Can_Remove_Media_Start_Node_On_User_Without_Access()
{
var nodePaths = new Dictionary<int, string>
{
{ 1234, "-1,1234" }, { 9876, "-1,9876" }, { 5555, "-1,9876,5555" }, { 4567, "-1,4567" },
};
var currentUser = CreateUser(startMediaIds: new[] { 9876 });
var savingUser = CreateUser(startMediaIds: new[] { 1234, 4567 });
var contentService = new Mock<IContentService>();
var mediaService = new Mock<IMediaService>();
mediaService.Setup(x => x.GetById(It.IsAny<int>()))
.Returns((int id) => Mock.Of<IMedia>(content => content.Path == nodePaths[id]));
var entityService = new Mock<IEntityService>();
entityService.Setup(service => service.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
.Returns((UmbracoObjectTypes objType, int[] ids) =>
ids.Select(x => new TreeEntityPath { Path = nodePaths[x], Id = x }));
var authHelper = new UserEditorAuthorizationHelper(
contentService.Object,
mediaService.Object,
entityService.Object,
AppCaches.Disabled);
// removing 4567 start node even though currentUser doesn't have acces to it ... removing is ok
var result = authHelper.IsAuthorized(currentUser, savingUser, new int[0], new[] { 1234 }, new string[0]);
Assert.IsTrue(result.Success);
}
private static IUser CreateUser(bool withGroup = false, int[] startContentIds = null, int[] startMediaIds = null)
{
var builder = new UserBuilder()
.WithStartContentIds(startContentIds ?? new int[0])
.WithStartMediaIds(startMediaIds ?? new int[0]);
if (withGroup)
{
builder = (UserBuilder)builder
.AddUserGroup()
.WithName("Test")
.WithAlias("test")
.Done();
}
return builder.Build();
}
private static IUser CreateAdminUser() =>
new UserBuilder()
.AddUserGroup()
.WithId(1)
.WithName("Admin")
.WithAlias(Constants.Security.AdminGroupAlias)
.Done()
.Build();
}
Reference in New Issue View Git Blame Copy Permalink