public async Task WhenUserIsKnown_AndHasNoPermissions_ShouldNotSucceed() { // Arrange string userId = Guid.NewGuid().ToString(); ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) })); List <string> fundingStreamIds = new List <string> { WellKnownFundingStreamId }; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); usersApiClient.GetFundingStreamPermissionsForUser(Arg.Is(userId)).Returns(new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, Enumerable.Empty <FundingStreamPermission>())); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = CreateFeatureToggle(true); FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeFalse(); }
public async Task WhenRoleBasedFeatureIsNotEnabled_AndUserIsNotKnownToTheSystem_ShouldSucceed() { // Arrange ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()) })); List <string> fundingStreamIds = new List <string> { WellKnownFundingStreamId }; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = CreateFeatureToggle(false); FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public async Task WhenUserIsNotKnown_ShouldNotSucceed() { // Arrange ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity()); List <string> fundingStreamIds = new List <string> { WellKnownFundingStreamId }; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = CreateFeatureToggle(true); FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeFalse(); }
public async Task WhenUserIsAdmin_ShouldSucceed() { // Arrange List <Claim> claims = new List <Claim> { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()), new Claim(Constants.GroupsClaimType, actualOptions.AdminGroupId.ToString()) }; ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims)); List <string> fundingStreamIds = new List <string> { WellKnownFundingStreamId }; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = CreateFeatureToggle(true); FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public async Task WhenUserCanCreateSpecification_ShouldSucceed() { // Arrange string userId = Guid.NewGuid().ToString(); ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) })); List <string> fundingStreamIds = new List <string> { WellKnownFundingStreamId }; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, FundingStreamActionTypes.CanCreateSpecification, fundingStreamIds); FundingStreamPermission actualPermission = new FundingStreamPermission { CanCreateSpecification = true, FundingStreamId = WellKnownFundingStreamId }; IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); usersApiClient.GetFundingStreamPermissionsForUser(Arg.Is(userId)).Returns(new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, new List <FundingStreamPermission> { actualPermission })); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public async Task WhenUserApproveCalculationForDifferentFundingStreams_AndDifferentPermissions_ShouldNotSucceed() { // Arrange string userId = Guid.NewGuid().ToString(); ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) })); List <string> fundingStreamIds = new List <string> { WellKnownFundingStreamId, "fs2", "fs3" }; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, FundingStreamActionTypes.CanApproveCalculations, fundingStreamIds); List <FundingStreamPermission> actualPermissions = new List <FundingStreamPermission> { new FundingStreamPermission { CanApproveCalculations = true, FundingStreamId = "fs4" }, new FundingStreamPermission { CanApproveCalculations = false, FundingStreamId = "fs5" }, new FundingStreamPermission { CanApproveCalculations = true, FundingStreamId = "fs6" } }; IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); usersApiClient.GetFundingStreamPermissionsForUser(Arg.Is(userId)).Returns(new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, actualPermissions)); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeFalse(); }