private void AssertAuthorized(RequiresRolesAttribute attribute)
{
var roleIds = attribute.Roles;
if (roleIds == null || roleIds.Length == 0)
{
return;
}
var subject = GetSubject();
if (roleIds.Length == 1)
{
var roleId = roleIds[0];
if (!subject.HasRole(roleId))
{
throw new UnauthorizedException(
string.Format("Calling Subject does not have required role [{0}]. Access denied.", roleId));
}
}
else if (!subject.HasAllRoles(roleIds))
{
throw new UnauthorizedException(
string.Format("Calling subject does not have all required roles [{0}]. Access denied.", roleIds));
}
}
public void RequiresRoles_UserWitAllRoles_ReturnsContinue()
{
var attr = new RequiresRolesAttribute("a", "b");
var user = UserSetup.GetUser("a", "b");
var httpContext = new Fakes.FakeHttpContext();
httpContext.User = user;
var shouldContinue = attr.ShouldContinue(httpContext);
Assert.True(shouldContinue.ShouldContinue);
}
public void RequiresRoles_UnauthenticatedUser_ReturnsUnauthenticated()
{
var attr = new RequiresRolesAttribute("a", "b");
var user = new ClaimsPrincipal();
var httpContext = new Fakes.FakeHttpContext();
httpContext.User = user;
var shouldContinue = attr.ShouldContinue(httpContext);
Assert.False(shouldContinue.ShouldContinue);
Assert.Equal(ApiFilterRunResult.Unauthenticated.SetResponseCode, shouldContinue.SetResponseCode);
}
public void RequiresRoles_UserWitSomeRoles_ReturnsUnauthorized()
{
var attr = new RequiresRolesAttribute("a", "b");
var user = UserSetup.GetUser("a");
var httpContext = new Fakes.FakeHttpContext();
httpContext.User = user;
var shouldContinue = attr.ShouldContinue(httpContext);
Assert.False(shouldContinue.ShouldContinue);
Assert.Equal(ApiFilterRunResult.Unauthorized.SetResponseCode, shouldContinue.SetResponseCode);
}
public void RequiresRoles_RolesContainsWhiteSpaceString_ThrowsException()
{
bool error = false;
try
{
var a = new RequiresRolesAttribute("a", " ");
}
catch (ArgumentException)
{
error = true;
}
Assert.True(error);
}
public void RequiresRoles_RolesAreEmptyArray_ThrowsException()
{
bool error = false;
try
{
var a = new RequiresRolesAttribute();
}
catch (ArgumentException)
{
error = true;
}
Assert.True(error);
}
public void RequiresRoles_NullRoles_ThrowsException()
{
bool error = false;
try
{
var a = new RequiresRolesAttribute(null);
}
catch (ArgumentNullException)
{
error = true;
}
Assert.True(error);
}
