public async Task InvokeAsync_BadRequestOnMissingIdForDeleteAndPut(string method, string reqesteeId)
{
var logger = new Mock <ILogger <AnyServicePermissionMiddleware> >();
var mw = new AnyServicePermissionMiddleware(null, logger.Object);
string entityKey = "entity-key",
updateKey = "update-key",
deleteKey = "delete-key";
var wc = new WorkContext
{
CurrentEntityConfigRecord = new EntityConfigRecord
{
Type = typeof(TestModel),
PermissionRecord = new PermissionRecord(null, null, updateKey, deleteKey),
EntityKey = entityKey
},
RequestInfo = new RequestInfo
{
Method = method,
RequesteeId = reqesteeId,
}
};
var httpResponse = new Mock <HttpResponse>();
var httpContext = new Mock <HttpContext>();
httpContext.SetupGet(h => h.Response).Returns(httpResponse.Object);
var userPermissions = new UserPermissions();
var mgr = new Mock <IPermissionManager>();
mgr.Setup(m => m.GetUserPermissions(It.IsAny <string>())).ReturnsAsync(userPermissions);
await mw.InvokeAsync(httpContext.Object, wc, mgr.Object);
httpResponse.VerifySet(r => r.StatusCode = StatusCodes.Status403Forbidden, Times.Once);
}
public async Task InvokeAsync_PublicGet()
{
int i = 0, expValue = 15;
RequestDelegate reqDel = hc =>
{
i = 15;
return(Task.CompletedTask);
};
var logger = new Mock <ILogger <AnyServicePermissionMiddleware> >();
var mw = new AnyServicePermissionMiddleware(reqDel, logger.Object);
var wc = new WorkContext
{
CurrentEntityConfigRecord = new EntityConfigRecord
{
Type = typeof(TestModel),
EndpointSettings = new EndpointSettings
{
PublicGet = true,
}
},
RequestInfo = new RequestInfo
{
Path = "/__public",
Method = "get",
}
};
var httpResponse = new Mock <HttpResponse>();
var httpContext = new Mock <HttpContext>();
httpContext.SetupGet(h => h.Response).Returns(httpResponse.Object);
await mw.InvokeAsync(httpContext.Object, wc, null);
i.ShouldBe(expValue);
}
public async Task InvokeAsync_PermittedMethods_Post()
{
int i = 0, expValue = 15;
RequestDelegate reqDel = hc =>
{
i = 15;
return(Task.CompletedTask);
};
var logger = new Mock <ILogger <AnyServicePermissionMiddleware> >();
var mw = new AnyServicePermissionMiddleware(reqDel, logger.Object);
var createPermissionKey = "create-key";
var wc = new WorkContext
{
CurrentEntityConfigRecord = new EntityConfigRecord
{
Type = typeof(TestModel),
PermissionRecord = new PermissionRecord(createPermissionKey, null, null, null),
},
RequestInfo = new RequestInfo
{
Method = "post",
}
};
var httpResponse = new Mock <HttpResponse>();
var httpContext = new Mock <HttpContext>();
httpContext.SetupGet(h => h.Response).Returns(httpResponse.Object);
var userPermissions = new UserPermissions
{
EntityPermissions = new[]
{
new EntityPermission
{
EntityKey = createPermissionKey
}
}
};
var mgr = new Mock <IPermissionManager>();
mgr.Setup(m => m.GetUserPermissions(It.IsAny <string>())).ReturnsAsync(userPermissions);
await mw.InvokeAsync(httpContext.Object, wc, mgr.Object);
i.ShouldBe(expValue);
}
public async Task IsGranted_NotSupportedMethod_ReturnsFalse()
{
var logger = new Mock <ILogger <AnyServicePermissionMiddleware> >();
var mw = new AnyServicePermissionMiddleware(null, logger.Object);
var wc = new WorkContext
{
CurrentEntityConfigRecord = new EntityConfigRecord
{
Type = typeof(TestModel),
},
RequestInfo = new RequestInfo
{
Method = "not-supported-method",
}
};
var httpResponse = new Mock <HttpResponse>();
var httpContext = new Mock <HttpContext>();
httpContext.SetupGet(h => h.Response).Returns(httpResponse.Object);
await mw.InvokeAsync(httpContext.Object, wc, null);
httpResponse.VerifySet(r => r.StatusCode = StatusCodes.Status403Forbidden, Times.Once);
}