public void OrganizationController_ReturnsCorrectResult_WhenUserHasVariousSiteAccess(
bool hasAccessToSite2,
bool authSucceeds
)
{
using (var dbContext = new TestHedwigContextProvider().Context)
{
// If user exists with access to site
var user = UserHelper.CreateUser(dbContext);
var site1 = SiteHelper.CreateSite(dbContext, name: "Test 1");
var site2 = SiteHelper.CreateSite(dbContext, name: "Test 2");
PermissionHelper.CreateSitePermission(dbContext, user, site1);
if (hasAccessToSite2)
{
PermissionHelper.CreateSitePermission(dbContext, user, site2);
}
// When requirement is evaluated with:
// - claim for that user
var claim = new Claim("sub", $"{user.WingedKeysId}");
var userClaim = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { claim }));
// - httpContext for request to 'Sites' controller for that site
var httpContext = new Mock <HttpContext>();
var httpContextAccessor = new HttpContextAccessor
{
HttpContext = httpContext.Object
};
var siteIds = new StringValues(new string[] { site1.Id.ToString(), site2.Id.ToString() });
httpContext.Setup(hc => hc.Request.Query.TryGetValue(It.IsAny <string>(), out siteIds)).Returns(true);
// - permission repository
var permissions = new PermissionRepository(dbContext);
var reqHandler = new MultipleSiteAccessHandler(httpContextAccessor, permissions);
var req = new SiteAccessRequirement();
var authContext = new AuthorizationHandlerContext(new List <IAuthorizationRequirement> {
req
}, userClaim, new object());
// When requirement handler handles authorization context
reqHandler.HandleAsync(authContext);
// Then authorization context will have succeeded
Assert.Equal(authSucceeds, authContext.HasSucceeded);
}
}
public void Other_Controller_User_Has_Site_Access_Evaluate_Returns_True()
{
using (var dbContext = new TestHedwigContextProvider().Context)
{
// If user exists with access to site
var user = UserHelper.CreateUser(dbContext);
var site = SiteHelper.CreateSite(dbContext);
PermissionHelper.CreateSitePermission(dbContext, user, site);
// When requirement is evaluated with:
// - claim for that user
var claim = new Claim("sub", $"{user.WingedKeysId}");
var userClaim = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { claim }));
// - httpContext for request to other controller nested under that site
var httpContext = new Mock <HttpContext>();
var httpContextAccessor = new HttpContextAccessor
{
HttpContext = httpContext.Object
};
var routeValues = new RouteValueDictionary(new Dictionary <string, string> {
{ "controller", "Other" },
{ "siteId", $"{site.Id}" }
});
httpContext.Setup(hc => hc.Features.Get <IRoutingFeature>()).Returns(new Mock <IRoutingFeature>().Object);
httpContext.Setup(hc => hc.Request.RouteValues).Returns(routeValues);
// - permission repository
var permissions = new PermissionRepository(dbContext);
var reqHandler = new SingleSiteAccessHandler(httpContextAccessor, permissions);
var req = new SiteAccessRequirement();
var authContext = new AuthorizationHandlerContext(new List <IAuthorizationRequirement> {
req
}, userClaim, new object());
// When requirement handler handles authorization context
reqHandler.HandleAsync(authContext);
// Then authorization context will have succeeded
Assert.True(authContext.HasSucceeded);
}
}
