public async Task CreateTestScenario_WhenUserDoesHaveCreateQaTestPermission_ThenActionAllowed()
{
// Arrange
string specificationId = "abc123";
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanCreateQaTests))
.Returns(true);
IScenariosApiClient scenariosClient = CreateScenariosClient();
scenariosClient
.CreateTestScenario(Arg.Any <CreateScenarioModel>())
.Returns(new ApiResponse <TestScenario>(HttpStatusCode.OK, new TestScenario()));
ScenarioController controller = CreateScenarioController(authorizationHelper: authorizationHelper, scenariosClient: scenariosClient);
// Act
IActionResult result = await controller.CreateTestScenario(specificationId, new ScenarioCreateViewModel());
// Assert
result.Should().BeOfType <OkObjectResult>();
}
public async Task CreateTestScenario_WhenUserDoesNotHaveCreateQaTestPermission_ThenReturn403()
{
// Arrange
string specificationId = "abc123";
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanCreateQaTests))
.Returns(false);
ScenarioController controller = CreateScenarioController(authorizationHelper: authorizationHelper);
// Act
IActionResult result = await controller.CreateTestScenario(specificationId, new ScenarioCreateViewModel());
// Assert
result.Should().BeOfType <ForbidResult>();
}
