public void WhenExecuteWithEmptyRoles_ThenUnauthorized()
{
var attribute = new RequireRolesAttribute();
var response = new Mock <IResponse>();
var request = GetRequestMock(new Mock <IPrincipal>());
attribute.Execute(request.Object, response.Object, null);
VerifyUnauthorizedResponse(response);
}
public void WhenExecuteWithUnknownRole_ThenUnauthorized()
{
var attribute = new RequireRolesAttribute("foo");
var response = new Mock <IResponse>();
var user = new Mock <IPrincipal>();
user.Setup(usr => usr.IsInRole(It.IsAny <string>()))
.Returns(false);
var request = GetRequestMock(user);
attribute.Execute(request.Object, response.Object, null);
VerifyUnauthorizedResponse(response);
}
public void WhenExecuteWithSingleKnownRole_ThenAuthorized()
{
var attribute = new RequireRolesAttribute("foo");
var response = new Mock <IResponse>();
var user = new Mock <IPrincipal>();
user.Setup(usr => usr.IsInRole("foo"))
.Returns(true);
var request = GetRequestMock(user);
attribute.Execute(request.Object, response.Object, null);
VerifyAuthorized(response);
}
public void WhenExecuteWithManyRolesAndUserIsGod_ThenAuthorized()
{
var attribute = new RequireRolesAttribute("foo", "bar");
var response = new Mock <IResponse>();
var user = new Mock <IPrincipal>();
user.Setup(usr => usr.IsInRole(AuthorizationRoles.God))
.Returns(true);
user.Setup(usr => usr.IsInRole("foo"))
.Returns(false);
user.Setup(usr => usr.IsInRole("bar"))
.Returns(false);
var request = GetRequestMock(user);
attribute.Execute(request.Object, response.Object, null);
VerifyAuthorized(response);
}
