public void DeleteRole_WrongScope_ReturnsForbidden()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
AssertDeleteRole(HttpStatusCode.Forbidden, existingClient.Id, existingRole.Id.ToString(), Scopes.ReadScope);
}
public void DeleteRole_Succeeds()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
AssertDeleteRole(HttpStatusCode.NoContent, existingClient.Id, existingRole.Id.ToString(), Scopes.WriteScope);
}
public void AddPermissionsToRole_Forbidden(string clientId, string securableItem, string scope)
{
var role = ExistingRoles.First(r => r.Grain == "app" && r.SecurableItem == securableItem);
var permission =
ExistingPermissions.First(p => p.Grain == role.Grain && p.SecurableItem == role.SecurableItem);
PostPermissionAndAssert(role, permission, clientId, HttpStatusCode.Forbidden, scope);
}
public void DeletePermissionFromRole_BadRequest()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
DeletePermissionAndAssert(existingClient.Id, "notaguid", existingPermission, HttpStatusCode.BadRequest, Scopes.WriteScope);
}
public void DeletePermissionFromRole_WrongScope_Forbidden()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
DeletePermissionAndAssert(existingClient.Id, existingRole.Id.ToString(), existingPermission, HttpStatusCode.Forbidden, Scopes.ReadScope);
}
public void DeletePermissionFromRole_Forbidden()
{
var existingClient = ExistingClients.First();
var notFoundRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == notFoundRole.Grain &&
p.SecurableItem == notFoundRole.SecurableItem);
DeletePermissionAndAssert("sourcemartdesigner", notFoundRole.Id.ToString(), existingPermission, HttpStatusCode.Forbidden);
}
public void DeletePermissionFromRole_PermissionNotFound()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
DeletePermissionAndAssert(existingClient.Id, existingRole.Id.ToString(), existingPermission, HttpStatusCode.NotFound);
}
public void AddPermissionsToRole_IncompatiblePermission_WrongSecurable()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem != existingRole.SecurableItem);
PostPermissionAndAssert(existingRole, existingPermission, existingClient.Id, HttpStatusCode.BadRequest);
}
public void DeleteRole_WrongClient_ReturnsForbidden(string cliendId)
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope),
new Claim(Claims.ClientId, cliendId));
var result = rolesModule.Delete($"/roles/{existingRole.Id}").Result;
Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
}
public void AddPermissionsToRole_IncompatiblePermission_PermissionAlreadyExists()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
existingRole.Permissions.Add(existingPermission);
PostPermissionAndAssert(existingRole, existingPermission, existingClient.Id, HttpStatusCode.Conflict);
}
public void GetRoles_ReturnsRoleForRoleName()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
Assert.NotNull(existingRole);
var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.ReadScope),
new Claim(Claims.ClientId, existingClient.Id));
var result = rolesModule.Get($"/roles/app/{existingRole.SecurableItem}/{existingRole.Name}").Result;
AssertRolesOK(result, 1, existingRole.Id);
}
public void AddPermissionsToRole_PermissionNotFound()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var permission = new Permission
{
Id = Guid.NewGuid(),
Grain = "app",
SecurableItem = "patientsafety",
Name = "notfound"
};
PostPermissionAndAssert(existingRole, permission, existingClient.Id, HttpStatusCode.NotFound);
}
public void AddPermissionsToRole_BadRequest()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope),
new Claim(Claims.ClientId, existingClient.Id));
var result = rolesModule.Post($"/roles/{existingRole.Id}/permissions",
with => with.JsonBody(existingPermission))
.Result;
Assert.Equal(HttpStatusCode.BadRequest, result.StatusCode);
}
public void AddPermissionsToRole_Succeeds()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope),
new Claim(Claims.ClientId, existingClient.Id));
var result = rolesModule.Post($"/roles/{existingRole.Id}/permissions",
with => with.JsonBody(new List <Permission> {
existingPermission
}))
.Result;
AssertRoleOK(result, 1);
}
private IList <Role> AddExistingRoles(string securableItemName)
{
var role1 = new Role
{
Id = Guid.NewGuid(),
Grain = Domain.Defaults.Authorization.AppGrain,
SecurableItem = securableItemName,
Name = "role1" + Guid.NewGuid()
};
var role2 = new Role
{
Id = Guid.NewGuid(),
Grain = Domain.Defaults.Authorization.AppGrain,
SecurableItem = securableItemName,
Name = "role2" + Guid.NewGuid()
};
var role3 = new Role
{
Id = Guid.NewGuid(),
Grain = Domain.Defaults.Authorization.AppGrain,
SecurableItem = "sourcemartdesigner",
Name = "role3" + Guid.NewGuid()
};
var role4 = new Role
{
Id = Guid.NewGuid(),
Grain = Domain.Defaults.Authorization.AppGrain,
SecurableItem = securableItemName,
Name = "role4" + Guid.NewGuid()
};
ExistingRoles.Add(role1);
ExistingRoles.Add(role2);
ExistingRoles.Add(role3);
ExistingRoles.Add(role4);
return(new List <Role> {
role1, role2, role3, role4
});
}
private void SetupTestData()
{
var adminGroup = new Group
{
Id = @"Fabric\Health Catalyst Admin",
Name = @"Fabric\Health Catalyst Admin"
};
var contributorGroup = new Group
{
Id = @"Fabric\Health Catalyst Contributor",
Name = @"Fabric\Health Catalyst Contributor"
};
var customGroup = new Group
{
Id = "Custom Group",
Name = "Custom Group"
};
_existingGroups = new List <Group>
{
adminGroup,
contributorGroup,
customGroup
};
_existingUsers = new List <User>
{
new User("user123", "Windows")
{
Groups = new List <string>
{
customGroup.Name
}
}
};
var contributorRole = new Role
{
Id = Guid.NewGuid(),
Grain = "app",
SecurableItem = "patientsafety",
Name = "contributor"
};
var customGroupRole = new Role
{
Id = Guid.NewGuid(),
Grain = "app",
SecurableItem = "patientsafety",
Name = "custom"
};
ExistingRoles.Add(contributorRole);
ExistingRoles.Add(customGroupRole);
var adminRole = ExistingRoles.First(r => r.Grain == "app" &&
r.SecurableItem == "patientsafety" &&
r.Name == "admin");
adminGroup.Roles.Add(adminRole);
adminGroup.Roles.Add(contributorRole);
contributorGroup.Roles.Add(contributorRole);
customGroup.Roles.Add(customGroupRole);
adminRole.Groups.Add(adminGroup.Identifier);
contributorRole.Groups.Add(adminGroup.Identifier);
contributorRole.Groups.Add(contributorGroup.Identifier);
customGroupRole.Groups.Add(customGroup.Identifier);
var manageUsersPermission =
ExistingPermissions.First(p => p.Grain == adminRole.Grain &&
p.SecurableItem == adminRole.SecurableItem &&
p.Name == "manageusers");
var updatePatientPermission =
ExistingPermissions.First(p => p.Grain == adminRole.Grain &&
p.SecurableItem == adminRole.SecurableItem &&
p.Name == "updatepatient");
ExistingPermissions.Add(new Permission
{
Id = Guid.NewGuid(),
Grain = "app",
SecurableItem = "patientsafety",
Name = "custom"
});
var customPermission =
ExistingPermissions.First(p => p.Grain == "app" &&
p.SecurableItem == "patientsafety" &&
p.Name == "custom");
adminRole.Permissions.Add(manageUsersPermission);
contributorRole.Permissions.Add(updatePatientPermission);
customGroupRole.Permissions.Add(customPermission);
}
