2

I have been writing some tests on my Fluent Security configuration off late. Though I can write tests verifying if a controller action method has a particular policy applied e.g. 

expectations.Expect<HomeController>(x=>x.Index()).Has<IgnorePolicy>();

However, what I am looking for is, if I can write role specific tests.

e.g If I have given Admin Role access only to Index() of HomeController, I want to test something like

expectations.Expect<HomeController>(x=>x.Index()).Has<RequireRolePolicy>().For("Admin");

I do not find any examples on net, or any extensions in FLuentSecurity.TestHelper that can help me do this. any thoughts?

4

2 回答 2

2

Has 扩展有一个带谓词的重载:

expectations.Expect<HomeController>(x => x.Index())
    .Has<RequireRolePolicy>(policy => policy.RolesRequired.Contains("Admin"));

如您所见,RequireRolePolicy 公开了您可以测试的 RolesRequired 属性。

如果您发现自己要检查一组特定的角色,我建议您创建一个自定义策略,然后只检查该策略。在 github 上的示例应用程序中有一个示例(AdministratorPolicy):https ://github.com/kristofferahl/FluentSecurity/blob/master/FluentSecurity.SampleApplication/AdministratorPolicy.cs

于 2012-05-28T13:10:55.210 回答
0

虽然我得到了这项工作,但发现 Fluent Security 存在严重限制。它无法区分具有相同名称的两个动作方法!

例如

public ActionResult Edit(int id){}


[HttpPost]
public ActionResult Edit(SomeCommand command){}

如果我想在编辑(获取)和编辑(发布)时向管理员用户授予访客访问权限,我无法通过 Fluent Security 执行此操作,因为它将这两种方法标识为一种方法。我不会推荐这个库,因为这是一个严重的限制!

于 2012-05-29T15:48:24.063 回答