public async Task WhenGettingAResource_GivenAUserWithNoReadPermissions_TheServerShouldReturnForbidden() { FhirClient tempClient = Client.CreateClientForClientApplication(TestApplications.ServiceClient); Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>()); tempClient = tempClient.CreateClientForUser(TestUsers.WriteOnlyUser, TestApplications.NativeClient); FhirException fhirException = await Assert.ThrowsAsync <FhirException>(async() => await tempClient.ReadAsync <Observation>(ResourceType.Observation, createdResource.Id)); Assert.Equal(ForbiddenMessage, fhirException.Message); Assert.Equal(HttpStatusCode.Forbidden, fhirException.StatusCode); }
public async Task GivenABatchAndUserWithoutWrite_WhenPost_ThenAuditLogEntriesShouldBeCreated() { var batch = new Bundle { Type = Bundle.BundleType.Batch, Entry = new List <Bundle.EntryComponent> { new Bundle.EntryComponent { Resource = Samples.GetDefaultObservation().ToPoco(), Request = new Bundle.RequestComponent { Method = Bundle.HTTPVerb.POST, Url = "Observation", }, }, new Bundle.EntryComponent { Request = new Bundle.RequestComponent { Method = Bundle.HTTPVerb.GET, Url = "Patient?name=peter", }, }, }, }; List <(string expectedActions, string expectedPathSegments, HttpStatusCode?expectedStatusCodes, ResourceType?resourceType)> expectedList = new List <(string, string, HttpStatusCode?, ResourceType?)> { ("batch", string.Empty, HttpStatusCode.OK, ResourceType.Bundle), ("create", "Observation", HttpStatusCode.Forbidden, ResourceType.Observation), ("search-type", "Patient?name=peter", HttpStatusCode.OK, ResourceType.Bundle), }; FhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient); await ExecuteAndValidateBundle( () => tempClient.PostBundleAsync(batch), expectedList, TestApplications.NativeClient.ClientId); }