InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags)
{
- if (!(identity is SecurityIdentifier)) {
+ if (!(identity is SecurityIdentifier) && !(identity is NTAccount))
throw new ArgumentException ("identity");
- }
-
- if (accessMask == 0) {
- /* FIXME: check inheritance and
- * propagation flags too
- */
+
+ // Unit testing showed that MS.NET 4.0 actually throws ArgumentException
+ // for accessMask == 0, not the ArgumentOutOfRangeException specified.
+ if (accessMask == 0)
+ throw new ArgumentException ("accessMask");
+
+ if (0 != (inheritanceFlags & ~(InheritanceFlags.ContainerInherit|InheritanceFlags.ObjectInherit)))
+ throw new ArgumentOutOfRangeException ();
+
+ if (0 != (propagationFlags & ~(PropagationFlags.NoPropagateInherit|PropagationFlags.InheritOnly)))
throw new ArgumentOutOfRangeException ();
- }
this.identity = identity;
this.accessMask = accessMask;
--- /dev/null
+// AuthorizationRuleTest.cs - NUnit Test Cases for AuthorizationRule
+//
+// Authors:
+// James Bellinger (jfb@zer7.com)
+
+#if NET_4_0
+
+using System;
+using System.Security.AccessControl;
+using System.Security.Principal;
+using NUnit.Framework;
+
+namespace MonoTests.System.Security.AccessControl
+{
+ [TestFixture]
+ public class AuthorizationRuleTest
+ {
+ class TestRule : AuthorizationRule
+ {
+ public TestRule (IdentityReference identity,
+ int accessMask, bool isInherited,
+ InheritanceFlags inheritanceFlags,
+ PropagationFlags propagationFlags)
+ : base (identity, accessMask, isInherited, inheritanceFlags, propagationFlags)
+ {
+
+ }
+ }
+
+ [Test, ExpectedException (typeof (ArgumentException))]
+ public void ThrowOnZeroAccessMask ()
+ {
+ new TestRule (new SecurityIdentifier (WellKnownSidType.WorldSid, null),
+ 0, false, InheritanceFlags.None, PropagationFlags.None);
+ }
+
+ [Test, ExpectedException (typeof (ArgumentOutOfRangeException))]
+ public void ThrowOnBadInheritanceFlags ()
+ {
+ new TestRule (new SecurityIdentifier (WellKnownSidType.WorldSid, null),
+ 1, false, (InheritanceFlags)(-1), PropagationFlags.None);
+ }
+
+ // While InheritanceFlags.None makes PropagationFlags not *significant*,
+ // my tests with MS.NET show that it is still *validated*. So, we'll use
+ // that case with this test to make sure.
+ [Test, ExpectedException (typeof (ArgumentOutOfRangeException))]
+ public void ThrowOnBadPropagationFlags ()
+ {
+ new TestRule (new SecurityIdentifier (WellKnownSidType.WorldSid, null),
+ 1, false, InheritanceFlags.None, (PropagationFlags)(-1));
+ }
+
+ [Test]
+ public void AcceptNTAccount ()
+ {
+ new TestRule (new NTAccount ("Test"), 1, false, InheritanceFlags.None, PropagationFlags.None);
+ }
+
+ [Test]
+ public void AcceptSecurityIdentifier ()
+ {
+ new TestRule (new SecurityIdentifier (WellKnownSidType.WorldSid, null),
+ 1, false, InheritanceFlags.None, PropagationFlags.None);
+ }
+
+ [Test]
+ public void AcceptValidFlags ()
+ {
+ SecurityIdentifier id = new SecurityIdentifier (WellKnownSidType.WorldSid, null);
+ new TestRule (id, 1, false, InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit);
+ new TestRule (id, 1, false, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly);
+ }
+ }
+}
+
+#endif
+