diff --git a/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/ResourcePermissionChecker_Basic_Tests.cs b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/ResourcePermissionChecker_Basic_Tests.cs new file mode 100644 index 0000000000..81ba38f7f9 --- /dev/null +++ b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/ResourcePermissionChecker_Basic_Tests.cs @@ -0,0 +1,28 @@ +using System.Threading.Tasks; +using Shouldly; +using Volo.Abp.Authorization.Permissions.Resources; +using Xunit; + +namespace Volo.Abp.PermissionManagement; + +public class ResourcePermissionChecker_Basic_Tests : PermissionTestBase +{ + private readonly IResourcePermissionChecker _resourcePermissionChecker; + + public ResourcePermissionChecker_Basic_Tests() + { + _resourcePermissionChecker = GetRequiredService(); + } + + [Fact] + public async Task Should_Return_Prohibited_If_Permission_Is_Not_Defined() + { + (await _resourcePermissionChecker.IsGrantedAsync(TestEntityResource.ResourceName, TestEntityResource.ResourceKey1,"UndefinedResourcePermissionName")).ShouldBeFalse(); + } + + [Fact] + public async Task Should_Return_False_As_Default_For_Any_Permission() + { + (await _resourcePermissionChecker.IsGrantedAsync(TestEntityResource.ResourceName, TestEntityResource.ResourceKey1,"MyPermission1")).ShouldBeFalse(); + } +} diff --git a/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/ResourcePermissionChecker_User_Tests.cs b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/ResourcePermissionChecker_User_Tests.cs new file mode 100644 index 0000000000..261b5136d2 --- /dev/null +++ b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/ResourcePermissionChecker_User_Tests.cs @@ -0,0 +1,121 @@ +using System; +using System.Security.Claims; +using System.Threading.Tasks; +using Shouldly; +using Volo.Abp.Authorization.Permissions; +using Volo.Abp.Authorization.Permissions.Resources; +using Volo.Abp.Security.Claims; +using Xunit; + +namespace Volo.Abp.PermissionManagement; + +public class ResourcePermissionChecker_User_Tests : PermissionTestBase +{ + private readonly IResourcePermissionChecker _resourcePermissionChecker; + private readonly ICurrentPrincipalAccessor _currentPrincipalAccessor; + + public ResourcePermissionChecker_User_Tests() + { + _resourcePermissionChecker = GetRequiredService(); + _currentPrincipalAccessor = GetRequiredService(); + } + + [Fact] + public async Task Should_Return_True_For_Granted_Current_User() + { + (await _resourcePermissionChecker.IsGrantedAsync( + CreatePrincipal(PermissionTestDataBuilder.User1Id), + "MyResourcePermission1", + TestEntityResource.ResourceName, + TestEntityResource.ResourceKey1 + )).ShouldBeTrue(); + } + + [Fact] + public async Task Should_Return_False_For_Non_Granted_Current_User() + { + (await _resourcePermissionChecker.IsGrantedAsync( + CreatePrincipal(PermissionTestDataBuilder.User2Id), + "MyResourcePermission1", + TestEntityResource.ResourceName, + TestEntityResource.ResourceKey1 + )).ShouldBeFalse(); + } + + + [Fact] + public async Task Should_Return_False_For_Granted_Current_User_If_The_Permission_Is_Disabled() + { + //Disabled permissions always returns false! + (await _resourcePermissionChecker.IsGrantedAsync( + CreatePrincipal(PermissionTestDataBuilder.User1Id), + "MyDisabledPermission1", + TestEntityResource.ResourceName, + TestEntityResource.ResourceKey1 + )).ShouldBeFalse(); + } + + [Fact] + public async Task Should_Return_False_For_Current_User_If_Anonymous() + { + (await _resourcePermissionChecker.IsGrantedAsync( + CreatePrincipal(null), + "MyResourcePermission1", + TestEntityResource.ResourceName, + TestEntityResource.ResourceKey1 + )).ShouldBeFalse(); + } + + [Fact] + public async Task Should_Not_Allow_Host_Permission_To_Tenant_User_Even_Granted_Before() + { + (await _resourcePermissionChecker.IsGrantedAsync( + CreatePrincipal(PermissionTestDataBuilder.User1Id, Guid.NewGuid()), + "MyResourcePermission3", + TestEntityResource.ResourceName, + TestEntityResource.ResourceKey3 + )).ShouldBeFalse(); + } + + [Fact] + public async Task Should_Return_False_For_Granted_Current_User_If_The_Permission_State_Is_Disabled() + { + (await _resourcePermissionChecker.IsGrantedAsync( + CreatePrincipal(PermissionTestDataBuilder.User1Id, Guid.NewGuid()), + "MyResourcePermission5", + TestEntityResource.ResourceName, + TestEntityResource.ResourceKey5 + )).ShouldBeFalse(); + } + + [Fact] + public async Task Should_Return_True_For_Granted_Current_User_If_The_Permission_State_Is_Enabled() + { + using (_currentPrincipalAccessor.Change(new Claim(AbpClaimTypes.Role, "super-admin"))) + { + (await _resourcePermissionChecker.IsGrantedAsync( + CreatePrincipal(PermissionTestDataBuilder.User1Id, Guid.NewGuid()), + "MyResourcePermission5", + TestEntityResource.ResourceName, + TestEntityResource.ResourceKey5 + )).ShouldBeTrue(); + } + } + + private static ClaimsPrincipal CreatePrincipal(Guid? userId, Guid? tenantId = null) + { + var claimsIdentity = new ClaimsIdentity(); + + if (userId != null) + { + claimsIdentity.AddClaim(new Claim(AbpClaimTypes.UserId, userId.ToString())); + } + + if (tenantId != null) + { + claimsIdentity.AddClaim(new Claim(AbpClaimTypes.TenantId, tenantId.ToString())); + } + + return new ClaimsPrincipal(claimsIdentity); + } +}