public void Given_custom_principle_has_permission_but_not_one_checking_When_OnActionExecuting_Then_should_throw_401_not_authorised_exception()
{
// Given
var permissions = new string[] { Permissions.ViewCompanyDetails.ToString() };
var userDto = new UserDto()
{
CompanyId = 0,
Permissions = permissions
};
var customPrincipal = CreateCustomPrincipal(userDto);
var filterContext = new ActionExecutingContext
{
HttpContext = MvcMockHelpers.FakeHttpContext(customPrincipal)
};
var permissionFilterAttribute = new PermissionFilterAttribute(Permissions.ViewSiteDetails);
// When
permissionFilterAttribute.OnActionExecuting(filterContext);
// Then
Assert.That(filterContext.Result, Is.TypeOf<HttpUnauthorizedResult>());
}
public void Given_not_got_a_valid_custom_principle_When_OnActionExecuting_Then_should_throw_401_not_authorised_exception()
{
// Given
var fakePrincipal = new FakePrincipal();
var filterContext = new ActionExecutingContext
{
HttpContext = MvcMockHelpers.FakeHttpContext(fakePrincipal)
};
var permissionFilterAttribute = new PermissionFilterAttribute(Permissions.ViewSiteDetails);
// When
permissionFilterAttribute.OnActionExecuting(filterContext);
// Then
Assert.That(filterContext.Result, Is.TypeOf<HttpUnauthorizedResult>());
}
public void Given_custom_principal_has_valid_permission_When_OnActionExecuting_Then_should_return_null()
{
// Given
var permissions = new string[] { Permissions.ViewCompanyDetails.ToString() };
var userDto = new UserDto()
{
CompanyId = 0,
Permissions = permissions
};
var customPrincipal = CreateCustomPrincipal(userDto);
var filterContext = new ActionExecutingContext
{
HttpContext = MvcMockHelpers.FakeHttpContext(customPrincipal)
};
var permissionFilterAttribute = new PermissionFilterAttribute(Permissions.ViewCompanyDetails);
// When
permissionFilterAttribute.OnActionExecuting(filterContext);
// Then
Assert.That(filterContext.Result, Is.Null);
}