/
PerFieldAuthTests.cs
141 lines (114 loc) · 4.44 KB
/
PerFieldAuthTests.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using NUnit.Framework;
using ServiceStackPlugins.Interfaces;
using ServiceStackPlugins.Interfaces.Auth;
using ServiceStackPlugins.PerFieldAuth;
namespace ServiceStackPlugins.Tests
{
internal interface IDTOBase
{
string GUID { get; set; }
string Name { get; set; }
string SecretForAdmin { get; set; }
string EmailForLoggedIn { get; set; }
}
internal class PublicIdtoWithSecretField : IDTOBase
{
public string GUID { get; set; }
public string Name { get; set; }
[RestrictData("admin", Permissions = new []{"see-admin-secret"})]
public string SecretForAdmin { get; set; }
[RestrictData("@")]
public string EmailForLoggedIn { get; set; }
}
[RestrictData("admin")]
internal class PrivateIdtoWithWhiteListedName : IDTOBase
{
public string GUID { get; set; }
[PermitField("*")]
public string Name { get; set; }
[PermitField("admin", Permissions = new []{"see-admin-secret"})]
public string SecretForAdmin { get; set; }
[PermitField("@")]
public string EmailForLoggedIn { get; set; }
}
internal class ListResponse
{
public IEnumerable<IDTOBase> Dtos { get; set; }
}
[TestFixture]
public class PerFieldAuthTests
{
private IDTOBase[] GetDTOs()
{
return new IDTOBase[]
{
new PublicIdtoWithSecretField()
{
EmailForLoggedIn = "email",
GUID = "abc",
Name = "first dto",
SecretForAdmin = "secret"
},
new PrivateIdtoWithWhiteListedName()
{
EmailForLoggedIn = "2email",
GUID = "2guid",
Name = "2name",
SecretForAdmin = "2secret"
}
};
}
[Test]
public void BaseDTOTest()
{
var plugin = new PerFieldAuthFeature();
plugin.GlobalIgnoredPropertyNames.Add("GUID");
var asAdmin = GetDTOs();
plugin.ProcessDto(asAdmin, new[] {"admin"}, new string[0], true);
var asLoggedIn = GetDTOs();
plugin.ProcessDto(asLoggedIn, Enumerable.Empty<string>(), new string[0], true);
var asAnyone = GetDTOs();
plugin.ProcessDto(asAnyone, Enumerable.Empty<string>(), new string[0], false);
var all = asAdmin.Union(asLoggedIn.Union(asAnyone)).ToList();
// GUID visible for everyone, always (global ignore)
Assert.That(all.Any(x => x.GUID != null));
// name always visible for everyone
Assert.That(all.Any(x => x.Name != null));
// email visible for logged in, but not for "anyone"
Assert.That(asAnyone.All(x => x.EmailForLoggedIn == null));
Assert.That(asLoggedIn.Union(asAdmin).All(x => x.EmailForLoggedIn != null));
// secret for admin visible only for admin
Assert.That(asAdmin.All(x => x.SecretForAdmin != null));
Assert.That(asLoggedIn.Union(asAnyone).All(x => x.SecretForAdmin == null));
}
[Test]
public void PermsAndRoles()
{
var plugin = new PerFieldAuthFeature();
plugin.GlobalIgnoredPropertyNames.Add("GUID");
var asAdmin = GetDTOs();
plugin.ProcessDto(asAdmin, null, new []{"see-admin-secret"}, true);
// secret for admin visible only for admin
Assert.That(asAdmin.All(x => x.SecretForAdmin != null));
//Assert.That(asLoggedIn.Union(asAnyone).All(x => x.SecretForAdmin == null));
}
[Test]
public void CustomExtractorTest()
{
var plugin = new PerFieldAuthFeature();
plugin.GlobalIgnoredPropertyNames.Add("GUID");
var asAnyone = new ListResponse() {Dtos = GetDTOs()};
plugin.ProcessDto(asAnyone, null, new string[0], false);
// no extractor yet
Assert.That(asAnyone.Dtos.All(x => x.EmailForLoggedIn != null));
plugin.RegisterCustomTypeExtractor<ListResponse>(lst => lst.Dtos);
plugin.ProcessDto(asAnyone, null, null, false);
Assert.That(asAnyone.Dtos.All(x => x.EmailForLoggedIn == null));
}
}
}