public void EditCalculationStatus_GivenFailedStatusCode_ThrowsInvalidOperationException()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel();
ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.BadRequest);
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
calcsClient
.UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
.Returns(response);
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = TestAuthHelper.CreateAuthorizationHelperSubstitute(specificationId, SpecificationActionTypes.CanEditCalculations);
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper);
// Act
Func <Task> test = async() => await controller.EditCalculationStatus(specificationId, calculationId, model);
// Assert
test
.Should()
.Throw <InvalidOperationException>();
}
public async Task EditCalculationStatus_GivenOKResponseFromApi_ReturnsOK()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel();
PublishStatusResult publishStatusResult = new PublishStatusResult();
ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, publishStatusResult);
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
calcsClient
.UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
.Returns(response);
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = TestAuthHelper.CreateAuthorizationHelperSubstitute(specificationId, SpecificationActionTypes.CanEditCalculations);
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper);
// Act
IActionResult result = await controller.EditCalculationStatus(specificationId, calculationId, model);
// Assert
result
.Should()
.BeOfType <OkObjectResult>()
.Which
.Value
.Should()
.Be(publishStatusResult);
}
public async Task EditSpecificationStatus_WhenUserDoesNotHaveApproveSpecificationPermission_ThenReturn403()
{
//Arrange
string specificationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel();
PublishStatusResult publishStatusResult = new PublishStatusResult();
ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, publishStatusResult);
ISpecsApiClient specsClient = Substitute.For <ISpecsApiClient>();
specsClient
.UpdatePublishStatus(Arg.Is(specificationId), Arg.Is(model))
.Returns(response);
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveSpecification))
.Returns(false);
SpecificationController controller = CreateSpecificationController(specsClient, authorizationHelper);
// Act
IActionResult result = await controller.EditSpecificationStatus(specificationId, model);
// Assert
result.Should().BeOfType <ForbidResult>();
}
public void EditSpecificationStatus_GivenFailedStatusCode_ThrowsInvalidOperationException()
{
//Arrange
string specificationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel();
ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.BadRequest);
ISpecsApiClient specsClient = Substitute.For <ISpecsApiClient>();
specsClient
.UpdatePublishStatus(Arg.Is(specificationId), Arg.Is(model))
.Returns(response);
IAuthorizationHelper authorizationHelper = TestAuthHelper.CreateAuthorizationHelperSubstitute(specificationId, SpecificationActionTypes.CanApproveSpecification);
SpecificationController controller = CreateSpecificationController(specsClient, authorizationHelper);
// Act
Func <Task> test = async() => await controller.EditSpecificationStatus(specificationId, model);
// Assert
test
.Should()
.Throw <InvalidOperationException>();
}
public async Task EditSpecificationStatus_GivenSuccessReturnedFromApi_ReturnsOK()
{
//Arrange
string specificationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel();
PublishStatusResult publishStatusResult = new PublishStatusResult();
ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, publishStatusResult);
ISpecsApiClient specsClient = Substitute.For <ISpecsApiClient>();
specsClient
.UpdatePublishStatus(Arg.Is(specificationId), Arg.Is(model))
.Returns(response);
IAuthorizationHelper authorizationHelper = TestAuthHelper.CreateAuthorizationHelperSubstitute(specificationId, SpecificationActionTypes.CanApproveSpecification);
SpecificationController controller = CreateSpecificationController(specsClient, authorizationHelper);
// Act
IActionResult result = await controller.EditSpecificationStatus(specificationId, model);
// Assert
result
.Should()
.BeOfType <OkObjectResult>()
.Which
.Value
.Should()
.Be(publishStatusResult);
}
public async Task EditCalculationStatus_GivenUserDoesNotHaveEditCalculationPermission_Returns403()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel();
PublishStatusResult publishStatusResult = new PublishStatusResult();
ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, publishStatusResult);
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
calcsClient
.UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
.Returns(response);
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanEditCalculations))
.Returns(false);
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper);
// Act
IActionResult result = await controller.EditCalculationStatus(specificationId, calculationId, model);
// Assert
result.Should().BeOfType <ForbidResult>();
}
public async Task UpdatePublishStatus()
{
string id = NewRandomString();
PublishStatusEditModel request = new PublishStatusEditModel();
await AssertPutRequest($"calculation-edit-status?calculationId={id}",
request,
new PublishStatusResult(),
() => _client.UpdatePublishStatus(id, request));
}
public async Task EditCalculationStatus_GivenUserDoesNotHaveCanApproveAnyCalculationPermission_Returns403()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel()
{
PublishStatus = PublishStatus.Approved
};
ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
{
FundingStreamId = "fs1", SpecificationId = specificationId
});
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
calcsClient
.GetCalculationById(Arg.Is(calculationId))
.Returns(response);
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanEditCalculations))
.Returns(true);
authorizationHelper.GetUserFundingStreamPermissions(Arg.Any <ClaimsPrincipal>(), Arg.Any <string>())
.Returns(Task.FromResult(new Common.ApiClient.Users.Models.FundingStreamPermission()));
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient);
// Act
IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model);
// Assert
result.Should().BeOfType <ForbidResult>();
await authorizationHelper
.Received(1)
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations));
await authorizationHelper
.Received(1)
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations));
}
public async Task EditCalculationStatus_GivenRequestContainsACalculationInADifferentSpecification_ReturnsError()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel()
{
PublishStatus = PublishStatus.Approved
};
ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
{
FundingStreamId = "fs1", SpecificationId = "anotherSpec"
});
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
calcsClient
.GetCalculationById(Arg.Is(calculationId))
.Returns(response);
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanEditCalculations))
.Returns(true);
authorizationHelper.GetUserFundingStreamPermissions(Arg.Any <ClaimsPrincipal>(), Arg.Any <string>())
.Returns(Task.FromResult(new Common.ApiClient.Users.Models.FundingStreamPermission()));
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient);
// Act
IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model);
// Assert
result
.Should()
.BeOfType <PreconditionFailedResult>()
.Which
.Value
.Should()
.Be("The calculation requested is not contained within the specification requested");
}
public async Task EditCalculationStatus_GivenBadRequestStatusCodeFromApprovingCalc_ReturnsBadRequestObjectResponse()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel();
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.BadRequest);
calcsClient
.UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
.Returns(response);
ValidatedApiResponse <Calculation> calculation = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
{
FundingStreamId = "fs1", SpecificationId = specificationId
});
calcsClient
.GetCalculationById(Arg.Is(calculationId))
.Returns(calculation);
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = TestAuthHelper.CreateAuthorizationHelperSubstitute(specificationId, SpecificationActionTypes.CanApproveAnyCalculations);
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient);
IActionResult actionResult = await controller.ApproveCalculation(specificationId, calculationId, model);
actionResult
.Should()
.BeOfType <BadRequestObjectResult>();
}
public async Task EditCalculationStatus_GivenUserHaveCanApproveCalculationPermissionAndIsLastAuthor_ReturnsForbid()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel()
{
PublishStatus = PublishStatus.Approved
};
ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
{
FundingStreamId = "fs1", Author = new Reference()
{
Id = "SomeOne"
}, SpecificationId = specificationId
});
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
calcsClient
.GetCalculationById(Arg.Is(calculationId))
.Returns(response);
calcsClient
.UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
.Returns(new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, new PublishStatusResult()));
var identity = Substitute.For <IIdentity>();
identity.Name.Returns("BSir");
ClaimsPrincipal user = new ClaimsPrincipal(new List <ClaimsIdentity>()
{
new ClaimsIdentity(identity,
new [] {
new Claim("http://schemas.microsoft.com/identity/claims/objectidentifier", "SomeOne"),
new Claim(ClaimTypes.GivenName, "Bob"),
new Claim(ClaimTypes.Surname, "Sir")
})
});
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations))
.Returns(true);
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient, user);
// Act
IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model);
// Assert
result.Should()
.BeOfType <ForbidResult>();
await authorizationHelper
.Received(1)
.DoesUserHavePermission(Arg.Is(user), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations));
await authorizationHelper
.Received(1)
.DoesUserHavePermission(Arg.Is(user), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations));
}
public async Task EditCalculationStatus_GivenUserHaveCanApproveAnyCalculationPermissionAndCalcIsAlreadyApproved_ReturnsOK()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel()
{
PublishStatus = PublishStatus.Approved
};
ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
{
FundingStreamId = "fs1", SpecificationId = specificationId,
});
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
calcsClient
.GetCalculationById(Arg.Is(calculationId))
.Returns(response);
calcsClient
.UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
.Returns(new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, new PublishStatusResult()
{
PublishStatus = PublishStatus.Approved
}));
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations))
.Returns(true);
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient);
// Act
IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model);
// Assert
result.Should()
.BeOfType <OkObjectResult>()
.Which
.Value
.Should()
.BeOfType <PublishStatusResult>()
.Which
.Should()
.BeEquivalentTo(new PublishStatusResult()
{
PublishStatus = PublishStatus.Approved
});
await authorizationHelper
.Received(1)
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations));
await authorizationHelper
.Received(0)
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations));
}
public async Task <IActionResult> ApproveCalculation([FromRoute] string specificationId, [FromRoute] string calculationId, [FromBody] PublishStatusEditModel publishStatusEditModel)
{
Guard.IsNullOrWhiteSpace(calculationId, nameof(calculationId));
Guard.ArgumentNotNull(publishStatusEditModel, nameof(publishStatusEditModel));
ApiResponse <Calculation> calculationResult = await _calcClient.GetCalculationById(calculationId);
IActionResult errorResult = calculationResult.IsSuccessOrReturnFailureResult("GetCalculationById");
if (errorResult != null)
{
return(errorResult);
}
if (calculationResult.Content.SpecificationId != specificationId)
{
return(new PreconditionFailedResult("The calculation requested is not contained within the specification requested"));
}
bool canApprove = await CanUserApproveCalculation(calculationResult.Content);
if (!canApprove)
{
return(new ForbidResult());
}
if (calculationResult.Content.PublishStatus == PublishStatus.Approved)
{
return(Ok(new PublishStatusResult()
{
PublishStatus = PublishStatus.Approved
}));
}
ValidatedApiResponse <PublishStatusResult> response = await _calcClient.UpdatePublishStatus(calculationId, publishStatusEditModel);
if (response.IsBadRequest(out BadRequestObjectResult badRequest))
{
return(badRequest);
}
if (response.StatusCode == HttpStatusCode.OK)
{
return(Ok(response.Content));
}
else
{
throw new InvalidOperationException($"An error occurred while retrieving code context. Status code={response.StatusCode}");
}
}
public Task <ValidatedApiResponse <PublishStatusResult> > UpdatePublishStatus(string calculationId, PublishStatusEditModel model)
{
Guard.IsNullOrWhiteSpace(calculationId, nameof(calculationId));
Guard.ArgumentNotNull(model, nameof(model));
return(ValidatedPutAsync <PublishStatusResult, PublishStatusEditModel>($"calculation-edit-status?calculationId={calculationId}", model));
}
public async Task <ValidatedApiResponse <PublishStatusResult> > UpdatePublishStatus(string specificationId, PublishStatusEditModel model)
{
Guard.IsNullOrWhiteSpace(specificationId, nameof(specificationId));
Guard.ArgumentNotNull(model, nameof(model));
return(await ValidatedPutAsync <PublishStatusResult, PublishStatusEditModel>($"specification-edit-status?specificationId={specificationId}", model));
}
public async Task <IActionResult> EditSpecificationStatus(string specificationId, [FromBody] PublishStatusEditModel publishStatusEditModel)
{
Guard.IsNullOrWhiteSpace(specificationId, nameof(specificationId));
Guard.ArgumentNotNull(publishStatusEditModel, nameof(publishStatusEditModel));
if (!await _authorizationHelper.DoesUserHavePermission(User, specificationId, SpecificationActionTypes.CanApproveSpecification))
{
return(new ForbidResult());
}
ValidatedApiResponse <PublishStatusResult> response = await _specsClient.UpdatePublishStatus(specificationId, publishStatusEditModel);
if (response.StatusCode == HttpStatusCode.OK)
{
return(Ok(response.Content));
}
throw new InvalidOperationException($"An error occurred while retrieving code context. Status code={response.StatusCode}");
}
public Task <ValidatedApiResponse <PublishStatusResult> > UpdatePublishStatus(string calculationId, PublishStatusEditModel model)
{
throw new NotImplementedException();
}
