public async Task WhenGettingAResource_GivenAUserWithNoReadPermissions_TheServerShouldReturnForbidden()
{
FhirClient tempClient = Client.CreateClientForClientApplication(TestApplications.ServiceClient);
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>());
tempClient = tempClient.CreateClientForUser(TestUsers.WriteOnlyUser, TestApplications.NativeClient);
FhirException fhirException = await Assert.ThrowsAsync <FhirException>(async() => await tempClient.ReadAsync <Observation>(ResourceType.Observation, createdResource.Id));
Assert.Equal(ForbiddenMessage, fhirException.Message);
Assert.Equal(HttpStatusCode.Forbidden, fhirException.StatusCode);
}
public async Task GivenABatchAndUserWithoutWrite_WhenPost_ThenAuditLogEntriesShouldBeCreated()
{
var batch = new Bundle
{
Type = Bundle.BundleType.Batch,
Entry = new List <Bundle.EntryComponent>
{
new Bundle.EntryComponent
{
Resource = Samples.GetDefaultObservation().ToPoco(),
Request = new Bundle.RequestComponent
{
Method = Bundle.HTTPVerb.POST,
Url = "Observation",
},
},
new Bundle.EntryComponent
{
Request = new Bundle.RequestComponent
{
Method = Bundle.HTTPVerb.GET,
Url = "Patient?name=peter",
},
},
},
};
List <(string expectedActions, string expectedPathSegments, HttpStatusCode?expectedStatusCodes, ResourceType?resourceType)> expectedList = new List <(string, string, HttpStatusCode?, ResourceType?)>
{
("batch", string.Empty, HttpStatusCode.OK, ResourceType.Bundle),
("create", "Observation", HttpStatusCode.Forbidden, ResourceType.Observation),
("search-type", "Patient?name=peter", HttpStatusCode.OK, ResourceType.Bundle),
};
FhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
await ExecuteAndValidateBundle(
() => tempClient.PostBundleAsync(batch),
expectedList,
TestApplications.NativeClient.ClientId);
}
