private IReadOnlyCollection <ClaimSet> SetupApplicationClaimSets(
string applicationName = "TestApplicationName", int claimSetCount = 5)
{
var testApplication = new Application
{
ApplicationName = applicationName
};
Save(testApplication);
var testClaimSetNames = Enumerable.Range(1, claimSetCount)
.Select(x => $"TestClaimSetName{Guid.NewGuid():N}")
.ToArray();
var testClaimSets = testClaimSetNames
.Select(x => new ClaimSet
{
ClaimSetName = x,
Application = testApplication
})
.ToArray();
Save(testClaimSets.Cast <object>().ToArray());
return(testClaimSets);
}
public void ShouldGetResourceClaims()
{
var testApplication = new Application
{
ApplicationName = "TestApplicationName"
};
Save(testApplication);
var testResourceClaims = SetupResourceClaims(testApplication);
Management.ClaimSetEditor.ResourceClaim[] results = null;
Scoped <ISecurityContext>(securityContext =>
{
var query = new GetResourceClaimsQuery(securityContext);
results = query.Execute().ToArray();
});
Scoped <ISecurityContext>(securityContext =>
{
results.Length.ShouldBe(testResourceClaims.Count);
results.Select(x => x.Name).ShouldBe(testResourceClaims.Select(x => x.ResourceName), true);
results.Select(x => x.Id).ShouldBe(testResourceClaims.Select(x => x.ResourceClaimId), true);
results.All(x => x.Create == false).ShouldBe(true);
results.All(x => x.Delete == false).ShouldBe(true);
results.All(x => x.Update == false).ShouldBe(true);
results.All(x => x.Read == false).ShouldBe(true);
results.All(x => x.ParentId.Equals(0)).ShouldBe(true);
results.All(x => x.Children.Count == 0).ShouldBe(true);
});
}
public void ShouldGetResourceClaims()
{
var testApplication = new Application
{
ApplicationName = "TestApplicationName"
};
Save(testApplication);
var testResourceClaims = SetupResourceClaims(testApplication);
var testParentResource = testResourceClaims.Single(x => x.ResourceName == "TestParentResourceClaim1");
Transaction <SqlServerSecurityContext>(securityContext =>
{
var query = new GetChildResourceClaimsForParentQuery(securityContext);
var results = query.Execute(testParentResource.ResourceClaimId).ToArray();
var testChildResourceClaims = securityContext.ResourceClaims.Where(x =>
x.ParentResourceClaimId == testParentResource.ResourceClaimId);
results.Length.ShouldBe(testChildResourceClaims.Count());
results.Select(x => x.Name).ShouldBe(testChildResourceClaims.Select(x => x.ResourceName), true);
results.Select(x => x.Id).ShouldBe(testChildResourceClaims.Select(x => x.ResourceClaimId), true);
results.All(x => x.Create == false).ShouldBe(true);
results.All(x => x.Delete == false).ShouldBe(true);
results.All(x => x.Update == false).ShouldBe(true);
results.All(x => x.Read == false).ShouldBe(true);
results.All(x => x.ParentId.Equals(testParentResource.ResourceClaimId)).ShouldBe(true);
});
}
public void ShouldNotDeleteClaimSetIfNotAnExistingId()
{
var testApplication = new Application
{
ApplicationName = "TestApplication2"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = $"TestClaimSet{DateTime.Now:O}", Application = testApplication
};
Save(testClaimSet);
var claimSetToDelete = new DeleteClaimSetModel()
{
Name = testClaimSet.ClaimSetName,
Id = 99,
IsEditable = true
};
Scoped <ISecurityContext>(securityContext =>
{
var validator = new DeleteClaimSetModelValidator(securityContext);
var validationResults = validator.Validate(claimSetToDelete);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("No such claim set exists in the database");
});
}
public void ShouldGetResourceClaims()
{
var testApplication = new Application
{
ApplicationName = "TestApplicationName"
};
Save(testApplication);
var testResourceClaims = SetupResourceClaims(testApplication);
Transaction <SqlServerSecurityContext>(securityContext =>
{
var query = new GetResourceClaimsQuery(securityContext);
var results = query.Execute().ToArray();
results.Length.ShouldBe(testResourceClaims.Count);
results.Select(x => x.Name).ShouldBe(testResourceClaims.Select(x => x.ResourceName), true);
results.Select(x => x.Id).ShouldBe(testResourceClaims.Select(x => x.ResourceClaimId), true);
results.All(x => x.Create == false).ShouldBe(true);
results.All(x => x.Delete == false).ShouldBe(true);
results.All(x => x.Update == false).ShouldBe(true);
results.All(x => x.Read == false).ShouldBe(true);
results.All(x => x.ParentId.Equals(0)).ShouldBe(true);
results.All(x => x.Children.IsNullOrEmpty()).ShouldBe(true);
});
}
public void ShouldGetAlphabeticallySortedSelectListForResourceClaims()
{
var testApplication = new Application
{
ApplicationName = "TestApplicationName"
};
Save(testApplication);
var testResourceClaims = SetupParentResourceClaimsWithChildren(testApplication).ToList();
var parentResourceNames = testResourceClaims.Where(x => x.ParentResourceClaim == null)
.OrderBy(x => x.ResourceName).Select(x => x.ResourceName).ToList();
var childResourceNames = testResourceClaims.Where(x => x.ParentResourceClaim != null)
.OrderBy(x => x.ResourceName).Select(x => x.ResourceName).ToList();
Transaction <SqlServerSecurityContext>(securityContext =>
{
var query = new GetResourceClaimsQuery(securityContext);
var results = query.GetSelectListForResourceClaims();
// Removing "Please select a value" SelectListItem from the results
results.RemoveAt(0);
results.Count.ShouldBe(testResourceClaims.Count);
results.Where(x => x.Group.Name == "Groups").Select(x => x.Text).ToList().ShouldBe(parentResourceNames);
results.Where(x => x.Group.Name == "Resources").Select(x => x.Text).ToList().ShouldBe(childResourceNames);
});
}
public void ShouldAddClaimSet()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var newClaimSet = new AddClaimSetModel {
ClaimSetName = "TestClaimSet"
};
int addedClaimSetId = 0;
Scoped <ISecurityContext>(securityContext =>
{
var command = new AddClaimSetCommand(securityContext);
addedClaimSetId = command.Execute(newClaimSet);
});
var addedClaimSet = Transaction(securityContext => securityContext.ClaimSets.Single(x => x.ClaimSetId == addedClaimSetId));
addedClaimSet.ClaimSetName.ShouldBe(newClaimSet.ClaimSetName);
}
public void ShouldReturnTrueIfRequiredClaimSetsExist()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testAbConnectClaimSet = new ClaimSet {
ClaimSetName = CloudsOdsAcademicBenchmarksConnectApp.DefaultClaimSet, Application = testApplication
};
Save(testAbConnectClaimSet);
var testAdminAppClaimSet = new ClaimSet {
ClaimSetName = CloudOdsAdminApp.InternalAdminAppClaimSet, Application = testApplication
};
Save(testAdminAppClaimSet);
Scoped <IClaimSetCheckService>(service =>
{
var result = service.RequiredClaimSetsExist();
result.ShouldBeTrue();
});
}
public void ShouldNotEditClaimSetIfNameLengthGreaterThan255Characters()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet1", Application = testApplication
};
Save(testClaimSet);
var editModel = new EditClaimSetModel {
ClaimSetName = "ThisIsAClaimSetWithNameLengthGreaterThan255CharactersThisIsAClaimSetWithNameLengthGreaterThan255CharactersThisIsAClaimSetWithNameLengthGreaterThan255CharactersThisIsAClaimSetWithNameLengthGreaterThan255CharactersThisIsAClaimSetWithNameLengthGreaterThan255CharactersThisIsAClaimSetWithNameLengthGreaterThan255Characters", ClaimSetId = testClaimSet.ClaimSetId
};
Scoped <ISecurityContext>(securityContext =>
{
var validator = new EditClaimSetModelValidator(securityContext);
var validationResults = validator.Validate(editModel);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("The claim set name must be less than 255 characters.");
});
}
public void ShouldNotAddClaimSetIfNameNotUnique()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var alreadyExistingClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet", Application = testApplication
};
Save(alreadyExistingClaimSet);
var newClaimSet = new AddClaimSetModel {
ClaimSetName = "TestClaimSet"
};
var validator = new AddClaimSetModelValidator(TestContext);
var validationResults = validator.Validate(newClaimSet);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("A claim set with this name already exists in the database. Please enter a unique name.");
}
public void ShouldNotDeleteClaimSetIfNotEditable()
{
var testApplication = new Application
{
ApplicationName = "TestApplication1"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = $"TestClaimSet{DateTime.Now:O}", Application = testApplication
};
Save(testClaimSet);
var claimSetToDelete = new DeleteClaimSetModel()
{
Name = testClaimSet.ClaimSetName,
Id = testClaimSet.ClaimSetId,
IsEditable = false
};
Scoped <ISecurityContext>(securityContext =>
{
var validator = new DeleteClaimSetModelValidator(securityContext);
var validationResults = validator.Validate(claimSetToDelete);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("Only user created claim sets can be deleted");
});
}
public void ShouldNotAddDuplicateResourcesToClaimSetDuringEdit()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet", Application = testApplication
};
Save(testClaimSet);
SetupParentResourceClaimsWithChildren(testClaimSet, testApplication);
var existingResources = new GetResourcesByClaimSetIdQuery(TestContext, GetMapper()).AllResources(testClaimSet.ClaimSetId)
.ToList();
var duplicateResource = existingResources.Single(x => x.Name == "TestParentResourceClaim1");
var editResourceOnClaimSetModel = new EditClaimSetResourceModel
{
ClaimSetId = testClaimSet.ClaimSetId,
ResourceClaim = duplicateResource,
ExistingResourceClaims = existingResources
};
var validator = new EditClaimSetResourceModelValidator();
var validationResults = validator.Validate(editResourceOnClaimSetModel);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("Only unique resource claims can be added. The following is a duplicate resource:\nTestParentResourceClaim1");
}
public void ShouldNotDeleteClaimSetHasAnAssociatedApplication()
{
var testApplication = new Application
{
ApplicationName = "TestApplication3"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = $"TestClaimSet{DateTime.Now:O}", Application = testApplication
};
Save(testClaimSet);
var claimSetToDelete = new DeleteClaimSetModel()
{
Name = testClaimSet.ClaimSetName,
Id = testClaimSet.ClaimSetId,
IsEditable = true,
VendorApplicationCount = 1
};
Scoped <ISecurityContext>(securityContext =>
{
var validator = new DeleteClaimSetModelValidator(securityContext);
var validationResults = validator.Validate(claimSetToDelete);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe($"Cannot delete this claim set. This claim set has {claimSetToDelete.VendorApplicationCount} associated application(s).");
});
}
public void ShouldEditClaimSet()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var alreadyExistingClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet", Application = testApplication
};
Save(alreadyExistingClaimSet);
var editModel = new EditClaimSetModel {
ClaimSetName = "TestClaimSetEdited", ClaimSetId = alreadyExistingClaimSet.ClaimSetId
};
Scoped <ISecurityContext>(securityContext =>
{
var command = new EditClaimSetCommand(securityContext);
command.Execute(editModel);
});
var editedClaimSet = Transaction(securityContext => securityContext.ClaimSets.Single(x => x.ClaimSetId == alreadyExistingClaimSet.ClaimSetId));
editedClaimSet.ClaimSetName.ShouldBe(editModel.ClaimSetName);
}
public void ShouldNotEditClaimSetIfNameNotUnique()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var alreadyExistingClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet1", Application = testApplication
};
Save(alreadyExistingClaimSet);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet2", Application = testApplication
};
Save(testClaimSet);
var editModel = new EditClaimSetModel {
ClaimSetName = "TestClaimSet1", ClaimSetId = testClaimSet.ClaimSetId
};
Scoped <ISecurityContext>(securityContext =>
{
var validator = new EditClaimSetModelValidator(securityContext);
var validationResults = validator.Validate(editModel);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("A claim set with this name already exists in the database. Please enter a unique name.");
});
}
public void ShouldNotEditClaimSetIfNameEmpty()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet1", Application = testApplication
};
Save(testClaimSet);
var editModel = new EditClaimSetModel {
ClaimSetName = "", ClaimSetId = testClaimSet.ClaimSetId
};
Scoped <ISecurityContext>(securityContext =>
{
var validator = new EditClaimSetModelValidator(securityContext);
var validationResults = validator.Validate(editModel);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("'Claim Set Name' must not be empty.");
});
}
public void ShouldNotCopyClaimSetIfNameNotUnique()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet", Application = testApplication
};
Save(testClaimSet);
var newClaimSet = new CopyClaimSetModel()
{
Name = "TestClaimSet",
OriginalId = testClaimSet.ClaimSetId
};
var validator = new CopyClaimSetModelValidator(TestContext);
var validationResults = validator.Validate(newClaimSet);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("The new claim set must have a unique name");
}
public void ShouldEditParentResourcesOnClaimSet()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet", Application = testApplication
};
Save(testClaimSet);
var testResources = SetupParentResourceClaimsWithChildren(testClaimSet, testApplication);
var testResource1ToEdit = testResources.Select(x => x.ResourceClaim).Single(x => x.ResourceName == "TestParentResourceClaim1");
var testResource2ToNotEdit = testResources.Select(x => x.ResourceClaim).Single(x => x.ResourceName == "TestParentResourceClaim2");
var editedResource = new ResourceClaim
{
Id = testResource1ToEdit.ResourceClaimId,
Name = testResource1ToEdit.ResourceName,
Create = false,
Read = false,
Update = true,
Delete = true
};
var editResourceOnClaimSetModel = new Mock <IEditResourceOnClaimSetModel>();
editResourceOnClaimSetModel.Setup(x => x.ClaimSetId).Returns(testClaimSet.ClaimSetId);
editResourceOnClaimSetModel.Setup(x => x.ResourceClaim).Returns(editedResource);
var command = new EditResourceOnClaimSetCommand(TestContext);
command.Execute(editResourceOnClaimSetModel.Object);
var resourceClaimsForClaimSet = new GetResourcesByClaimSetIdQuery(TestContext, GetMapper()).AllResources(testClaimSet.ClaimSetId).ToList();
var parentResources = testResources.Where(x =>
x.ClaimSet.ClaimSetId == testClaimSet.ClaimSetId && x.ResourceClaim.ParentResourceClaim == null).Select(x => x.ResourceClaim).ToList();
resourceClaimsForClaimSet.Count().ShouldBe(parentResources.Count);
var resultResourceClaim1 = resourceClaimsForClaimSet.Single(x => x.Id == editedResource.Id);
resultResourceClaim1.Create.ShouldBe(editedResource.Create);
resultResourceClaim1.Read.ShouldBe(editedResource.Read);
resultResourceClaim1.Update.ShouldBe(editedResource.Update);
resultResourceClaim1.Delete.ShouldBe(editedResource.Delete);
var resultResourceClaim2 = resourceClaimsForClaimSet.Single(x => x.Id == testResource2ToNotEdit.ResourceClaimId);
resultResourceClaim2.Create.ShouldBe(true);
resultResourceClaim2.Read.ShouldBe(false);
resultResourceClaim2.Update.ShouldBe(false);
resultResourceClaim2.Delete.ShouldBe(false);
}
public void ShouldResetAuthorizationStrategiesForParentResourcesOnClaimSet()
{
var testApplication = new Application
{
ApplicationName = "TestApplicationName"
};
Save(testApplication);
var testClaimSet = new ClaimSet
{
ClaimSetName = "TestClaimSet",
Application = testApplication
};
Save(testClaimSet);
var appAuthorizationStrategies = SetupApplicationAuthorizationStrategies(testApplication).ToList();
var testResourceClaims = SetupParentResourceClaimsWithChildren(testClaimSet, testApplication);
var testResourceToEdit = testResourceClaims.Select(x => x.ResourceClaim).Single(x => x.ResourceName == "TestParentResourceClaim1");
var resultResourceClaimBeforeOverride = new GetResourcesByClaimSetIdQuery(TestContext, GetMapper()).AllResources(testClaimSet.ClaimSetId).Single(x => x.Id == testResourceToEdit.ResourceClaimId);
resultResourceClaimBeforeOverride.AuthStrategyOverridesForCRUD[0].ShouldBeNull();
resultResourceClaimBeforeOverride.AuthStrategyOverridesForCRUD[1].ShouldBeNull();
resultResourceClaimBeforeOverride.AuthStrategyOverridesForCRUD[2].ShouldBeNull();
resultResourceClaimBeforeOverride.AuthStrategyOverridesForCRUD[3].ShouldBeNull();
SetupOverridesForResourceCreateAction(testResourceToEdit.ResourceClaimId, testClaimSet.ClaimSetId,
appAuthorizationStrategies.Single(x => x.AuthorizationStrategyName == "TestAuthStrategy4")
.AuthorizationStrategyId);
var resultResourceClaimAfterOverride = new GetResourcesByClaimSetIdQuery(TestContext, GetMapper()).AllResources(testClaimSet.ClaimSetId).Single(x => x.Id == testResourceToEdit.ResourceClaimId);
resultResourceClaimAfterOverride.AuthStrategyOverridesForCRUD[0].ShouldNotBeNull();
resultResourceClaimAfterOverride.AuthStrategyOverridesForCRUD[0].AuthStrategyName.ShouldBe("TestAuthStrategy4");
resultResourceClaimAfterOverride.AuthStrategyOverridesForCRUD[1].ShouldBeNull();
resultResourceClaimAfterOverride.AuthStrategyOverridesForCRUD[2].ShouldBeNull();
resultResourceClaimAfterOverride.AuthStrategyOverridesForCRUD[3].ShouldBeNull();
var resetModel = new ResetToDefaultAuthStrategyModel
{
ResourceClaimId = testResourceToEdit.ResourceClaimId,
ClaimSetId = testClaimSet.ClaimSetId
};
var command = new ResetToDefaultAuthStrategyCommand(TestContext);
command.Execute(resetModel);
var resultResourceClaimAfterReset = new GetResourcesByClaimSetIdQuery(TestContext, GetMapper()).AllResources(testClaimSet.ClaimSetId).Single(x => x.Id == testResourceToEdit.ResourceClaimId);
resultResourceClaimAfterReset.AuthStrategyOverridesForCRUD[0].ShouldBeNull();
resultResourceClaimAfterReset.AuthStrategyOverridesForCRUD[1].ShouldBeNull();
resultResourceClaimAfterReset.AuthStrategyOverridesForCRUD[2].ShouldBeNull();
resultResourceClaimAfterReset.AuthStrategyOverridesForCRUD[3].ShouldBeNull();
}
public void ShouldOverrideAuthorizationStrategiesForParentResourcesOnClaimSet()
{
var testApplication = new Application
{
ApplicationName = "TestApplicationName"
};
Save(testApplication);
var testClaimSet = new ClaimSet
{
ClaimSetName = "TestClaimSet",
Application = testApplication
};
Save(testClaimSet);
var appAuthorizationStrategies = SetupApplicationAuthorizationStrategies(testApplication).ToList();
var testResourceClaims = SetupParentResourceClaimsWithChildren(testClaimSet, testApplication);
SetupResourcesWithDefaultAuthorizationStrategies(appAuthorizationStrategies, testResourceClaims.ToList());
var testResource1ToEdit = testResourceClaims.Select(x => x.ResourceClaim).Single(x => x.ResourceName == "TestParentResourceClaim1");
var testResource2ToNotEdit = testResourceClaims.Select(x => x.ResourceClaim).Single(x => x.ResourceName == "TestParentResourceClaim2");
var overrideModel = new OverrideDefaultAuthorizationStrategyModel
{
ResourceClaimId = testResource1ToEdit.ResourceClaimId,
ClaimSetId = testClaimSet.ClaimSetId,
AuthorizationStrategyForCreate = appAuthorizationStrategies.Single(x => x.AuthorizationStrategyName == "TestAuthStrategy4").AuthorizationStrategyId,
AuthorizationStrategyForRead = 0,
AuthorizationStrategyForUpdate = 0,
AuthorizationStrategyForDelete = 0
};
Scoped <ISecurityContext>(securityContext =>
{
var command = new OverrideDefaultAuthorizationStrategyCommand(securityContext);
command.Execute(overrideModel);
});
var resourceClaimsForClaimSet =
Scoped <IGetResourcesByClaimSetIdQuery, List <Management.ClaimSetEditor.ResourceClaim> >(
query => query.AllResources(testClaimSet.ClaimSetId).ToList());
var resultResourceClaim1 = resourceClaimsForClaimSet.Single(x => x.Id == overrideModel.ResourceClaimId);
resultResourceClaim1.AuthStrategyOverridesForCRUD[0].AuthStrategyName.ShouldBe("TestAuthStrategy4");
resultResourceClaim1.AuthStrategyOverridesForCRUD[1].ShouldBeNull();
resultResourceClaim1.AuthStrategyOverridesForCRUD[2].ShouldBeNull();
resultResourceClaim1.AuthStrategyOverridesForCRUD[3].ShouldBeNull();
var resultResourceClaim2 = resourceClaimsForClaimSet.Single(x => x.Id == testResource2ToNotEdit.ResourceClaimId);
resultResourceClaim2.AuthStrategyOverridesForCRUD[0].ShouldBeNull();
resultResourceClaim2.AuthStrategyOverridesForCRUD[1].ShouldBeNull();
resultResourceClaim2.AuthStrategyOverridesForCRUD[2].ShouldBeNull();
resultResourceClaim2.AuthStrategyOverridesForCRUD[3].ShouldBeNull();
}
public void ShouldCopyClaimSet()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet", Application = testApplication
};
Save(testClaimSet);
var testResourceClaims = SetupParentResourceClaimsWithChildren(testClaimSet, testApplication);
var newClaimSet = new Mock <ICopyClaimSetModel>();
newClaimSet.Setup(x => x.Name).Returns("TestClaimSet_Copy");
newClaimSet.Setup(x => x.OriginalId).Returns(testClaimSet.ClaimSetId);
var command = new CopyClaimSetCommand(TestContext);
var copyClaimSetId = command.Execute(newClaimSet.Object);
var copiedClaimSet = TestContext.ClaimSets.Single(x => x.ClaimSetId == copyClaimSetId);
copiedClaimSet.ClaimSetName.ShouldBe(newClaimSet.Object.Name);
Transaction <SqlServerSecurityContext>(securityContext =>
{
var query = new GetResourcesByClaimSetIdQuery(securityContext, GetMapper());
var results = query.AllResources(copiedClaimSet.ClaimSetId).ToArray();
var testParentResourceClaimsForId =
testResourceClaims.Where(x => x.ClaimSet.ClaimSetId == testClaimSet.ClaimSetId && x.ResourceClaim.ParentResourceClaim == null).Select(x => x.ResourceClaim).ToArray();
results.Length.ShouldBe(testParentResourceClaimsForId.Length);
results.Select(x => x.Name).ShouldBe(testParentResourceClaimsForId.Select(x => x.ResourceName), true);
results.Select(x => x.Id).ShouldBe(testParentResourceClaimsForId.Select(x => x.ResourceClaimId), true);
results.All(x => x.Create).ShouldBe(true);
foreach (var testParentResourceClaim in testParentResourceClaimsForId)
{
var testChildren = securityContext.ResourceClaims.Where(x =>
x.ParentResourceClaimId == testParentResourceClaim.ResourceClaimId).ToList();
var parentResult = results.First(x => x.Id == testParentResourceClaim.ResourceClaimId);
parentResult.Children.Select(x => x.Name).ShouldBe(testChildren.Select(x => x.ResourceName), true);
parentResult.Children.Select(x => x.Id).ShouldBe(testChildren.Select(x => x.ResourceClaimId), true);
parentResult.Children.All(x => x.Create).ShouldBe(true);
}
});
Transaction <SqlServerUsersContext>(usersContext =>
{
usersContext.Applications.Count(x => x.ClaimSetName == copiedClaimSet.ClaimSetName).ShouldBe(0);
});
}
public void ShouldDeleteChildResourceOnClaimSet()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet", Application = testApplication
};
Save(testClaimSet);
var testResources = SetupParentResourceClaimsWithChildren(testClaimSet, testApplication);
var parentResourcesOnClaimSetOriginalCount =
testResources.Count(x => x.ResourceClaim.ParentResourceClaim == null);
var testParentResource = testResources.Select(x => x.ResourceClaim).Single(x => x.ResourceName == "TestParentResourceClaim1");
var childResourcesForParentOriginalCount = testResources.Count(x => x.ResourceClaim.ParentResourceClaimId == testParentResource.ResourceClaimId);
var testChildResourceToDelete = testResources.Select(x => x.ResourceClaim).Single(x => x.ResourceName == "TestChildResourceClaim1" && x.ParentResourceClaimId == testParentResource.ResourceClaimId);
var deleteResourceOnClaimSetModel = new DeleteClaimSetResourceModel
{
ClaimSetId = testClaimSet.ClaimSetId,
ResourceClaimId = testChildResourceToDelete.ResourceClaimId,
ClaimSetName = testClaimSet.ClaimSetName,
ResourceName = testChildResourceToDelete.ResourceName
};
Scoped <ISecurityContext>(securityContext =>
{
var command = new DeleteResourceOnClaimSetCommand(securityContext);
command.Execute(deleteResourceOnClaimSetModel);
});
var resourceClaimsForClaimSet =
Scoped <IGetResourcesByClaimSetIdQuery, List <Management.ClaimSetEditor.ResourceClaim> >(
query => query.AllResources(testClaimSet.ClaimSetId).ToList());
resourceClaimsForClaimSet.Count.ShouldBe(parentResourcesOnClaimSetOriginalCount);
Transaction(securityContext =>
{
var resultChildResources =
securityContext.ClaimSetResourceClaims.Where(x => x.ClaimSet.ClaimSetId == testClaimSet.ClaimSetId && x.ResourceClaim.ParentResourceClaimId == testParentResource.ResourceClaimId);
resultChildResources.Count().ShouldBe(childResourcesForParentOriginalCount - 1);
var resultResourceClaim = resultChildResources.SingleOrDefault(x => x.ResourceClaim.ResourceClaimId == testChildResourceToDelete.ResourceClaimId);
resultResourceClaim.ShouldBeNull();
});
}
public void ShouldAddChildResourcesToClaimSet()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet", Application = testApplication
};
Save(testClaimSet);
var testResources = SetupResourceClaims(testApplication);
var testParentResource1 = testResources.Single(x => x.ResourceName == "TestParentResourceClaim1");
var testChildResource1ToAdd = Transaction(securityContext => securityContext.ResourceClaims.Single(x => x.ResourceName == "TestChildResourceClaim1" && x.ParentResourceClaimId == testParentResource1.ResourceClaimId));
var resourceToAdd = new ResourceClaim()
{
Id = testChildResource1ToAdd.ResourceClaimId,
Name = testChildResource1ToAdd.ResourceName,
Create = true,
Read = false,
Update = true,
Delete = false
};
var existingResources = ResourceClaimsForClaimSet(testClaimSet.ClaimSetId);
var editResourceOnClaimSetModel = new EditClaimSetResourceModel
{
ClaimSetId = testClaimSet.ClaimSetId,
ResourceClaim = resourceToAdd,
ExistingResourceClaims = existingResources
};
Scoped <ISecurityContext>(securityContext =>
{
var command = new EditResourceOnClaimSetCommand(securityContext);
command.Execute(editResourceOnClaimSetModel);
});
var resourceClaimsForClaimSet = ResourceClaimsForClaimSet(testClaimSet.ClaimSetId);
var resultChildResourceClaim1 =
resourceClaimsForClaimSet.Single(x => x.Name == testChildResource1ToAdd.ResourceName);
resultChildResourceClaim1.Create.ShouldBe(resourceToAdd.Create);
resultChildResourceClaim1.Read.ShouldBe(resourceToAdd.Read);
resultChildResourceClaim1.Update.ShouldBe(resourceToAdd.Update);
resultChildResourceClaim1.Delete.ShouldBe(resourceToAdd.Delete);
}
public void ShouldNotImportIfClaimSetNotUnique()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var alreadyExistingClaimSet = new ClaimSet {
ClaimSetName = "Test ClaimSet", Application = testApplication
};
Save(alreadyExistingClaimSet);
SetupResourceClaims(testApplication);
var testJSON = @"{
""title"": ""testfile"",
""template"": {
""claimSets"": [
{
""name"": ""Test Claimset"",
""resourceClaims"": [
{
""Name"": ""TestParentResourceClaim1"",
""Read"": true,
""Create"": false,
""Update"": false,
""Delete"": false,
""Children"": []
}
]
}
]
}
}";
var importModel = GetImportModel(testJSON);
Scoped <ISecurityContext>(securityContext =>
{
var validator = new ClaimSetFileImportModelValidator(securityContext);
var validationResults = validator.Validate(importModel);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Select(x => x.ErrorMessage).ShouldContain(
"This template contains a claimset with a name which already exists in the system. Please use a unique name for 'Test Claimset'.\n");
});
}
public void ShouldReturnFalseIfRequiredClaimSetsDoNotExist()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
Scoped <IClaimSetCheckService>(service =>
{
var result = service.RequiredClaimSetsExist();
result.ShouldBeFalse();
});
}
public void ShouldAddParentResourceToClaimSet()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet", Application = testApplication
};
Save(testClaimSet);
var testResources = SetupResourceClaims(testApplication);
var testResourceToAdd = testResources.Single(x => x.ResourceName == "TestParentResourceClaim1");
var resourceToAdd = new ResourceClaim()
{
Id = testResourceToAdd.ResourceClaimId,
Name = testResourceToAdd.ResourceName,
Create = true,
Read = false,
Update = true,
Delete = false
};
var existingResources = new GetResourcesByClaimSetIdQuery(TestContext, GetMapper()).AllResources(testClaimSet.ClaimSetId)
.ToList();
var editResourceOnClaimSetModel = new EditClaimSetResourceModel
{
ClaimSetId = testClaimSet.ClaimSetId,
ResourceClaim = resourceToAdd,
ExistingResourceClaims = existingResources
};
var command = new EditResourceOnClaimSetCommand(TestContext);
command.Execute(editResourceOnClaimSetModel);
var resourceClaimsForClaimSet = new GetResourcesByClaimSetIdQuery(TestContext, GetMapper()).AllResources(testClaimSet.ClaimSetId).ToList();
var resultResourceClaim1 = resourceClaimsForClaimSet.Single(x => x.Name == testResourceToAdd.ResourceName);
resultResourceClaim1.Create.ShouldBe(resourceToAdd.Create);
resultResourceClaim1.Read.ShouldBe(resourceToAdd.Read);
resultResourceClaim1.Update.ShouldBe(resourceToAdd.Update);
resultResourceClaim1.Delete.ShouldBe(resourceToAdd.Delete);
}
public void ShouldNotResetWhenResourceActionsDoNotExist()
{
var testApplication = new Application
{
ApplicationName = "TestApplicationName"
};
Save(testApplication);
var testClaimSet = new ClaimSet
{
ClaimSetName = "TestClaimSet",
Application = testApplication
};
Save(testClaimSet);
var testResourceClaims = SetupResourceClaims(testApplication);
var testResourceToEdit = testResourceClaims.Single(x => x.ResourceName == "TestParentResourceClaim1");
Transaction(securityContext => securityContext.ClaimSetResourceClaims
.Any(x => x.ResourceClaim.ResourceClaimId == testResourceToEdit.ResourceClaimId && x.ClaimSet.ClaimSetId == testClaimSet.ClaimSetId))
.ShouldBe(false);
var invalidResetModel = new ResetToDefaultAuthStrategyModel
{
ResourceClaimId = testResourceToEdit.ResourceClaimId,
ClaimSetId = testClaimSet.ClaimSetId
};
Scoped <ISecurityContext>(securityContext =>
{
var command = new ResetToDefaultAuthStrategyCommand(securityContext);
command.Execute(invalidResetModel);
});
Scoped <ISecurityContext>(securityContext =>
{
var validator = new ResetToDefaultAuthStrategyModelValidator(securityContext);
var validationResults = validator.Validate(invalidResetModel);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("No actions for this claimset and resource exist in the system");
});
}
public void ShouldNotDeleteIfResourceNotOnClaimSet()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet", Application = testApplication
};
Save(testClaimSet);
var testResources = SetupParentResourceClaimsWithChildren(testClaimSet, testApplication);
var resourceNotOnClaimSet = new ResourceClaim
{
Application = testApplication,
ClaimName = "TestClaim99",
DisplayName = "TestResource99",
ParentResourceClaim = null,
ResourceName = "TestResource99"
};
Save(resourceNotOnClaimSet);
var deleteResourceOnClaimSetModel = new DeleteClaimSetResourceModel
{
ClaimSetId = testClaimSet.ClaimSetId,
ResourceClaimId = resourceNotOnClaimSet.ResourceClaimId,
ClaimSetName = testClaimSet.ClaimSetName,
ResourceName = resourceNotOnClaimSet.ResourceName
};
Scoped <ISecurityContext>(securityContext =>
{
var validator = new DeleteClaimSetResourceModelValidator(securityContext);
var validationResults = validator.Validate(deleteResourceOnClaimSetModel);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("This resource does not exist on the claimset.");
});
}
public void ShouldNotOverrideWhenResourceActionsDoNotExist()
{
var testApplication = new Application
{
ApplicationName = "TestApplicationName"
};
Save(testApplication);
var testClaimSet = new ClaimSet
{
ClaimSetName = "TestClaimSet",
Application = testApplication
};
Save(testClaimSet);
var appAuthorizationStrategies = SetupApplicationAuthorizationStrategies(testApplication).ToList();
var testResourceClaims = SetupResourceClaims(testApplication);
var testResource1ToEdit = testResourceClaims.Single(x => x.ResourceName == "TestParentResourceClaim1");
Transaction(securityContext => securityContext.ClaimSetResourceClaims
.Any(x => x.ResourceClaim.ResourceClaimId == testResource1ToEdit.ResourceClaimId && x.ClaimSet.ClaimSetId == testClaimSet.ClaimSetId))
.ShouldBe(false);
var invalidOverrideModel = new OverrideDefaultAuthorizationStrategyModel
{
ResourceClaimId = testResource1ToEdit.ResourceClaimId,
ClaimSetId = testClaimSet.ClaimSetId,
AuthorizationStrategyForCreate = appAuthorizationStrategies.Single(x => x.AuthorizationStrategyName == "TestAuthStrategy4").AuthorizationStrategyId,
AuthorizationStrategyForRead = appAuthorizationStrategies.Single(x => x.AuthorizationStrategyName == "TestAuthStrategy2").AuthorizationStrategyId,
AuthorizationStrategyForUpdate = appAuthorizationStrategies.Single(x => x.AuthorizationStrategyName == "TestAuthStrategy2").AuthorizationStrategyId,
AuthorizationStrategyForDelete = appAuthorizationStrategies.Single(x => x.AuthorizationStrategyName == "TestAuthStrategy2").AuthorizationStrategyId
};
Scoped <ISecurityContext>(securityContext =>
{
var validator = new OverrideDefaultAuthorizationStrategyModelValidator(securityContext);
var validationResults = validator.Validate(invalidOverrideModel);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("No actions for this claimset and resource exist in the system");
});
}
public void ShouldNotAddInvalidResourcesToClaimSetDuringEdit()
{
var testApplication = new Application
{
ApplicationName = $"Test Application {DateTime.Now:O}"
};
Save(testApplication);
var testClaimSet = new ClaimSet {
ClaimSetName = "TestClaimSet", Application = testApplication
};
Save(testClaimSet);
var testResources = SetupParentResourceClaimsWithChildren(testClaimSet, testApplication);
var testResource = testResources.Single(x => x.ResourceClaim.ResourceName == "TestParentResourceClaim1").ResourceClaim;
var invalidResource = new ResourceClaim
{
Id = testResource.ResourceClaimId,
Name = testResource.ResourceName,
Create = false,
Read = false,
Update = false,
Delete = false
};
var editResourceOnClaimSetModel = new EditClaimSetResourceModel
{
ClaimSetId = testClaimSet.ClaimSetId,
ResourceClaim = invalidResource,
ExistingResourceClaims = new GetResourcesByClaimSetIdQuery(TestContext, GetMapper()).AllResources(testClaimSet.ClaimSetId)
.ToList()
};
var validator = new EditClaimSetResourceModelValidator();
var validationResults = validator.Validate(editResourceOnClaimSetModel);
validationResults.IsValid.ShouldBe(false);
validationResults.Errors.Single().ErrorMessage.ShouldBe("Only valid resources can be added. A resource must have at least one action associated with it to be added. The following is an invalid resource:\nTestParentResourceClaim1");
}
