Mercurial > altnet-hispano
comparison Agendas/trunk/src/Agendas.Web.Tests/AutorizationsTests.cs @ 179:1deccd6c3cb2
Aplicando seguridad x roles en sitio web
| author | nelopauselli |
|---|---|
| date | Mon, 08 Aug 2011 15:24:26 -0300 |
| parents | |
| children | 212c664db5aa |
comparison
equal
deleted
inserted
replaced
| 178:33e57fd1a6c9 | 179:1deccd6c3cb2 |
|---|---|
| 1 using System; | |
| 2 using System.Collections.Generic; | |
| 3 using System.Linq; | |
| 4 using System.Reflection; | |
| 5 using System.Web.Mvc; | |
| 6 using AltNetHispano.Agendas.Domain; | |
| 7 using AltNetHispano.Agendas.Web.Controllers; | |
| 8 using NUnit.Framework; | |
| 9 | |
| 10 namespace Agendas.Web.Tests | |
| 11 { | |
| 12 [TestFixture] | |
| 13 public class Autorizaciones | |
| 14 { | |
| 15 private IEnumerable<MethodInfo> _methods; | |
| 16 | |
| 17 [TestFixtureSetUp] | |
| 18 public void ReadMethods() | |
| 19 { | |
| 20 var types = typeof (HomeController).Assembly.GetTypes().ToList(); | |
| 21 var controllers = types.Where(t => typeof (Controller).IsAssignableFrom(t)).ToList(); | |
| 22 | |
| 23 var methods = new List<MethodInfo>(); | |
| 24 foreach (var controller in controllers) | |
| 25 { | |
| 26 var temp = | |
| 27 controller.GetMethods(BindingFlags.Public | BindingFlags.Instance | ~BindingFlags.FlattenHierarchy).Where( | |
| 28 m => typeof (ActionResult).IsAssignableFrom(m.ReturnType)); | |
| 29 | |
| 30 methods.AddRange(temp); | |
| 31 } | |
| 32 | |
| 33 _methods = methods; | |
| 34 } | |
| 35 | |
| 36 [Test] | |
| 37 public void Acciones_publicas() | |
| 38 { | |
| 39 var acciones = new[] | |
| 40 { | |
| 41 "HomeController.Index", "HomeController.About", "EventoController.Index", "AccountController.LogOn", | |
| 42 "AccountController.LogOff", "AccountController.TwitterLogOn", "HistoricoController.Index", | |
| 43 "PersonaController.Index", "ErrorController.NoAutorizado" | |
| 44 }; | |
| 45 | |
| 46 #region Asserts | |
| 47 | |
| 48 bool fail = false; | |
| 49 foreach (var method in _methods) | |
| 50 { | |
| 51 var action = method.DeclaringType.Name + "." + method.Name; | |
| 52 if (acciones.Contains(action)) | |
| 53 { | |
| 54 if (method.GetCustomAttributes(typeof (CustomAuthorizeAttribute), false).Any()) | |
| 55 { | |
| 56 fail = true; | |
| 57 Console.WriteLine(action + " debe ser público"); | |
| 58 } | |
| 59 } | |
| 60 else | |
| 61 { | |
| 62 if (!method.GetCustomAttributes(typeof (CustomAuthorizeAttribute), false).Any()) | |
| 63 { | |
| 64 fail = true; | |
| 65 Console.WriteLine(action + " debe ser seguro"); | |
| 66 } | |
| 67 } | |
| 68 } | |
| 69 | |
| 70 Assert.IsFalse(fail); | |
| 71 | |
| 72 #endregion | |
| 73 } | |
| 74 | |
| 75 [Test] | |
| 76 public void Acciones_privadas() | |
| 77 { | |
| 78 var acciones = new[] | |
| 79 { | |
| 80 "PerfilController.Index", "PerfilController.AddGoogleAccount", "PerfilController.AddTwitterAccount", | |
| 81 "PerfilController.Remove", "PerfilController.Modificar" | |
| 82 }; | |
| 83 | |
| 84 VerficarAccionesSeguras(acciones, Roles.Usuario, "debe ser privado"); | |
| 85 } | |
| 86 | |
| 87 [Test] | |
| 88 public void Acciones_del_administrador() | |
| 89 { | |
| 90 var acciones = new[] | |
| 91 { | |
| 92 "EventoController.Agendar", "EventoController.Confirmar", "EventoController.Nuevo", | |
| 93 "EventoController.Publicar", "EventoController.Modificar", "EventoController.Proponer", | |
| 94 "EventoController.Cancelar", "EventoController.Descartar", "EventoController.ReAgendar", | |
| 95 "EventoController.ReProponer", "PersonaController.Nueva", "PersonaController.Modificar" | |
| 96 }; | |
| 97 | |
| 98 VerficarAccionesSeguras(acciones, Roles.Administrador, "debe ser de uso exclusivo de los administradores"); | |
| 99 } | |
| 100 | |
| 101 private void VerficarAccionesSeguras(IEnumerable<string> acciones, string rol, string mensaje) | |
| 102 { | |
| 103 bool fail = false; | |
| 104 foreach (var method in _methods) | |
| 105 { | |
| 106 var action = method.DeclaringType.Name + "." + method.Name; | |
| 107 if (acciones.Contains(action)) | |
| 108 { | |
| 109 if (method.GetCustomAttributes(typeof (CustomAuthorizeAttribute), false).Any()) | |
| 110 { | |
| 111 var found = | |
| 112 method.GetCustomAttributesData().Any(d => d.NamedArguments.Any(a => rol.Equals(a.TypedValue.Value))); | |
| 113 | |
| 114 if (!found) | |
| 115 { | |
| 116 fail = true; | |
| 117 Console.WriteLine(action + " " + mensaje); | |
| 118 } | |
| 119 } | |
| 120 else | |
| 121 { | |
| 122 fail = true; | |
| 123 Console.WriteLine(action + " debe ser seguro"); | |
| 124 } | |
| 125 } | |
| 126 else if (method.GetCustomAttributes(typeof (CustomAuthorizeAttribute), false).Any()) | |
| 127 { | |
| 128 var found = | |
| 129 method.GetCustomAttributesData().Any(d => d.NamedArguments.Any(a => rol.Equals(a.TypedValue.Value))); | |
| 130 | |
| 131 if (found) | |
| 132 { | |
| 133 fail = true; | |
| 134 Console.WriteLine(action + " no " + mensaje); | |
| 135 } | |
| 136 } | |
| 137 } | |
| 138 Assert.IsFalse(fail); | |
| 139 } | |
| 140 } | |
| 141 } |