Mercurial > altnet-hispano
annotate Agendas/trunk/src/Agendas.Web.Tests/AutorizationsTests.cs @ 290:15b428ae5931
Combinar
author | juanjose.montesdeocaarbos |
---|---|
date | Tue, 07 Feb 2012 23:29:06 -0300 |
parents | c8f378272407 |
children | 1408ac17cb64 |
rev | line source |
---|---|
179 | 1 using System; |
2 using System.Collections.Generic; | |
3 using System.Linq; | |
4 using System.Reflection; | |
5 using System.Web.Mvc; | |
6 using AltNetHispano.Agendas.Domain; | |
7 using AltNetHispano.Agendas.Web.Controllers; | |
8 using NUnit.Framework; | |
9 | |
10 namespace Agendas.Web.Tests | |
11 { | |
12 [TestFixture] | |
13 public class Autorizaciones | |
14 { | |
15 private IEnumerable<MethodInfo> _methods; | |
16 | |
17 [TestFixtureSetUp] | |
18 public void ReadMethods() | |
19 { | |
20 var types = typeof (HomeController).Assembly.GetTypes().ToList(); | |
21 var controllers = types.Where(t => typeof (Controller).IsAssignableFrom(t)).ToList(); | |
22 | |
23 var methods = new List<MethodInfo>(); | |
24 foreach (var controller in controllers) | |
25 { | |
26 var temp = | |
27 controller.GetMethods(BindingFlags.Public | BindingFlags.Instance | ~BindingFlags.FlattenHierarchy).Where( | |
183
212c664db5aa
Generalización del manejo de las acciones sobre eventos
nelopauselli
parents:
179
diff
changeset
|
28 m => !m.IsPrivate && typeof (ActionResult).IsAssignableFrom(m.ReturnType)); |
179 | 29 |
30 methods.AddRange(temp); | |
31 } | |
32 | |
33 _methods = methods; | |
34 } | |
35 | |
36 [Test] | |
37 public void Acciones_publicas() | |
38 { | |
39 var acciones = new[] | |
40 { | |
41 "HomeController.Index", "HomeController.About", "EventoController.Index", "AccountController.LogOn", | |
42 "AccountController.LogOff", "AccountController.TwitterLogOn", "HistoricoController.Index", | |
275
bf993f99cee3
Ticket #123: Patrocinadores de las vans.
juanjose.montesdeocaarbos
parents:
258
diff
changeset
|
43 "PersonaController.Index", "ErrorController.NoAutorizado", "PersonaController.Ver", |
285
c8f378272407
#123: Patrocinadores de las vans.
juanjose.montesdeocaarbos
parents:
279
diff
changeset
|
44 "PatrocinadorController.Index", "PatrocinadorController.GetLogo", "PatrocinadorApiController.Nuevo" |
179 | 45 }; |
46 | |
47 #region Asserts | |
48 | |
49 bool fail = false; | |
50 foreach (var method in _methods) | |
51 { | |
52 var action = method.DeclaringType.Name + "." + method.Name; | |
53 if (acciones.Contains(action)) | |
54 { | |
55 if (method.GetCustomAttributes(typeof (CustomAuthorizeAttribute), false).Any()) | |
56 { | |
57 fail = true; | |
58 Console.WriteLine(action + " debe ser público"); | |
59 } | |
60 } | |
61 else | |
62 { | |
63 if (!method.GetCustomAttributes(typeof (CustomAuthorizeAttribute), false).Any()) | |
64 { | |
65 fail = true; | |
66 Console.WriteLine(action + " debe ser seguro"); | |
67 } | |
68 } | |
69 } | |
70 | |
71 Assert.IsFalse(fail); | |
72 | |
73 #endregion | |
74 } | |
75 | |
76 [Test] | |
77 public void Acciones_privadas() | |
78 { | |
79 var acciones = new[] | |
80 { | |
81 "PerfilController.Index", "PerfilController.AddGoogleAccount", "PerfilController.AddTwitterAccount", | |
82 "PerfilController.Remove", "PerfilController.Modificar" | |
83 }; | |
84 | |
85 VerficarAccionesSeguras(acciones, Roles.Usuario, "debe ser privado"); | |
86 } | |
87 | |
88 [Test] | |
89 public void Acciones_del_administrador() | |
90 { | |
91 var acciones = new[] | |
92 { | |
93 "EventoController.Agendar", "EventoController.Confirmar", "EventoController.Nuevo", | |
94 "EventoController.Publicar", "EventoController.Modificar", "EventoController.Proponer", | |
95 "EventoController.Cancelar", "EventoController.Descartar", "EventoController.ReAgendar", | |
209
a36a76bd6ec3
Se soluciona ticket 173. Se agrega eliminación de personas siempre y cuando no esté asociada a ninguna van.
alabra
parents:
183
diff
changeset
|
96 "EventoController.ReProponer", "PersonaController.Nueva", "PersonaController.Modificar", |
275
bf993f99cee3
Ticket #123: Patrocinadores de las vans.
juanjose.montesdeocaarbos
parents:
258
diff
changeset
|
97 "PersonaController.Quitar", "PersonaApiController.Nueva", "PatrocinadorController.Nuevo", |
279 | 98 "PatrocinadorController.Modificar", "PatrocinadorController.Eliminar" |
179 | 99 }; |
100 | |
101 VerficarAccionesSeguras(acciones, Roles.Administrador, "debe ser de uso exclusivo de los administradores"); | |
102 } | |
103 | |
104 private void VerficarAccionesSeguras(IEnumerable<string> acciones, string rol, string mensaje) | |
105 { | |
106 bool fail = false; | |
107 foreach (var method in _methods) | |
108 { | |
109 var action = method.DeclaringType.Name + "." + method.Name; | |
110 if (acciones.Contains(action)) | |
111 { | |
112 if (method.GetCustomAttributes(typeof (CustomAuthorizeAttribute), false).Any()) | |
113 { | |
114 var found = | |
115 method.GetCustomAttributesData().Any(d => d.NamedArguments.Any(a => rol.Equals(a.TypedValue.Value))); | |
116 | |
117 if (!found) | |
118 { | |
119 fail = true; | |
120 Console.WriteLine(action + " " + mensaje); | |
121 } | |
122 } | |
123 else | |
124 { | |
125 fail = true; | |
126 Console.WriteLine(action + " debe ser seguro"); | |
127 } | |
128 } | |
129 else if (method.GetCustomAttributes(typeof (CustomAuthorizeAttribute), false).Any()) | |
130 { | |
131 var found = | |
132 method.GetCustomAttributesData().Any(d => d.NamedArguments.Any(a => rol.Equals(a.TypedValue.Value))); | |
133 | |
134 if (found) | |
135 { | |
136 fail = true; | |
137 Console.WriteLine(action + " no " + mensaje); | |
138 } | |
139 } | |
140 } | |
141 Assert.IsFalse(fail); | |
142 } | |
143 } | |
144 } |