模拟自定义实现CodeAccessSecurityAttribute

时间:2018-10-23 07:17:04

标签: c# unit-testing moq

我有一个CodeAccessSecurityAttribute的自定义实现,该实现将外部资源连接起来进行验证。

[Serializable]
[AttributeUsage(AttributeTargets.Method)]
public class IsAuthorizedAttribute : CodeAccessSecurityAttribute
{
    private static readonly PrincipalPermission Allowed = new PrincipalPermission(PermissionState.None);
    private static readonly PrincipalPermission NotAllowed = new PrincipalPermission(PermissionState.Unrestricted);

    public string EntityObject { get; set; }
    public string Field { get; set; }
    public char Expected { get; set; }

    public IsAuthorizedAttribute(SecurityAction action)
            : base(action)
    {
        //setup
    }

    public override IPermission CreatePermission()
    {
        return IsAuthorised(EntityObject, Field, Expected, ServicesConfiguration) ? Allowed : NotAllowed;
    }

    private static bool IsAuthorised(string entityObject, string field, char expected, ServicesConfiguration servicesConfiguration)
    {
        bool? response = null;
        //check external stuff
        return response ?? false;
    }
}

我已经用以下属性装饰了我的方法:

[IsAuthorized(SecurityAction.Demand, EntityObject = Fields.UserManagement, Field = Fields.AllowDisplay, Expected = '1')]
public List<Group> GetUserGroups()
{
    var response = new List<Group>();

    //Get the groups from the database
    var groups = groupManager.FindAll();

    //Map them to the output group type
    response = groups.Select(x => new Group()
    {
        ID = x.ID,
        Name = x.Name,
        Alias = x.Alias,
        Description = x.Description
    }).ToList();

    return response;
}

我现在想对该方法进行单元测试,但是该属性被触发。我尝试了一些模拟该属性的方法,但是没有成功。

我正在使用Moq和Smocks

这是我的单元测试,没有属性的模拟实例:

[TestMethod]
public void GetUserGroups_UserGroupsFound_UserGroupsReturned()
{
    Smock.Run(context =>
    {
        //Arrange
        Setup();

        m_Container
                    .RegisterMock<IGroupManager>()
                    .Setup(x => x.FindAllFromCache())
                    .Returns(new List<Concept.Security.MasterData.Domain.Group>()
                    {
                        new Concept.Security.MasterData.Domain.Group()
                        {
                            Name = "MyUserGroup",
                            Alias = "My User Group",
                            Description = "My user group description",
                            System = false,
                            Authorizations = "000001111100000000"
                        },
                        new Concept.Security.MasterData.Domain.Group()
                        {
                            Name = "MySecondUserGroup",
                            Alias = "My Second User Group",
                            Description = "My second user group description",
                            System = false,
                            Authorizations = "000000000000000000"
                        }
                    });

        var identityService = new UserManagementService(m_Container, m_UserAuthorizationManager.Object, m_IdentityService.Object);

        //** begin add mocked attribute **//
        //** end add mocked attribute **//

        //Act
        var response = identityService.GetUserGroups();

        //Assert
        Assert.AreEqual(2, response.Count);
        Assert.AreEqual(1, response.Where(x => x.Alias == "MyUserGroup").Count());
        Assert.AreEqual(1, response.Where(x => x.Alias == "MySecondUserGroup").Count());
        Assert.AreEqual(2, response.Where(x => x.Authorizations == null).Count());
    });
}

运行此操作会导致异常,因为该属性尝试连接外部服务,并且它们不是(也不能)设置为接收请求。

因此,我尝试添加一个模拟属性:

//** begin add mocked attribute **//
var identityService = new UserManagementService(m_Container, m_UserAuthorizationManager.Object, m_IdentityService.Object);

var IsAuthorizedAttribute = new Mock<IsAuthorizedAttribute>(MockBehavior.Strict, new object[] { SecurityAction.Demand });
IsAuthorizedAttribute.Setup(x => x.CreatePermission()).Returns(new PrincipalPermission(PermissionState.None));
TypeDescriptor.AddAttributes(identityService, IsAuthorizedAttribute.Object);
//** end add mocked attribute **//

但是,这是我在设置外部源的地方调用属性的构造函数。当我将此构造函数放入try / catch并静默处置异常时,找不到 IsAuthorizedAttribute.Object 对象的错误。

不触发该属性的其他选项有哪些?

1 个答案:

答案 0 :(得分:1)

构造函数不应访问外部对象;否则,如您所知,将很难绕过测试。

一种简单的方法是使静态bool字段被忽略。这看起来不太好,但也许足够。

public class IsAuthorizedAttribute : CodeAccessSecurityAttribute
{
    // set true in the test initialization
    private static bool s_byPass;

    public IsAuthorizedAttribute(SecurityAction action) : base(action)
    {
        if (!s_byPass)
        {
           // setup
        }
    }

    private static bool IsAuthorised(string entityObject, string field, char expected, ServicesConfiguration servicesConfiguration)
    {
        if (s_byPass) { return true; }

        //check external stuff
    }
}

另一种更好的方法是将外部依赖关系提取到另一个类,以便您可以对其进行模拟。模拟外部依赖关系是单元测试的典型模式。

public class IsAuthorizedAttribute : CodeAccessSecurityAttribute
{
    // set mock here in the test initialization.
    // I assume external accessor can be a static field.
    private static ExternalAccessor m_accessor = new ExternalAccessor();

    private static bool IsAuthorised(string entityObject, string field, char expected, ServicesConfiguration servicesConfiguration)
    {
        return m_accessor.Check();
    }
}

public class ExternalAccessor
{
    private bool m_initialized;

    private void Setup()
    {
        // setup
        m_initialized = true;
    }

    public virtual bool Check()
    {
        // You can call setup anytime but the constructor.
        if (!m_initialized) { Setup(); }

        // check external stuff
    }
}
相关问题
最新问题