Exemple #1
0
        public async Task EditCalculationStatus_GivenUserDoesNotHaveCanApproveAnyCalculationPermission_Returns403()
        {
            //Arrange
            string specificationId = "abc123";
            string calculationId   = "5";

            PublishStatusEditModel model = new PublishStatusEditModel()
            {
                PublishStatus = PublishStatus.Approved
            };

            ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
            {
                FundingStreamId = "fs1", SpecificationId = specificationId
            });

            ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();

            calcsClient
            .GetCalculationById(Arg.Is(calculationId))
            .Returns(response);

            IMapper mapper = MappingHelper.CreateFrontEndMapper();

            IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();

            authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanEditCalculations))
            .Returns(true);

            authorizationHelper.GetUserFundingStreamPermissions(Arg.Any <ClaimsPrincipal>(), Arg.Any <string>())
            .Returns(Task.FromResult(new Common.ApiClient.Users.Models.FundingStreamPermission()));


            CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient);

            // Act
            IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model);

            // Assert
            result.Should().BeOfType <ForbidResult>();

            await authorizationHelper
            .Received(1)
            .DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations));

            await authorizationHelper
            .Received(1)
            .DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations));
        }
Exemple #2
0
        public async Task EditCalculationStatus_GivenUserHaveCanApproveCalculationPermissionAndIsLastAuthor_ReturnsForbid()
        {
            //Arrange
            string specificationId = "abc123";
            string calculationId   = "5";

            PublishStatusEditModel model = new PublishStatusEditModel()
            {
                PublishStatus = PublishStatus.Approved
            };

            ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
            {
                FundingStreamId = "fs1", Author = new Reference()
                {
                    Id = "SomeOne"
                }, SpecificationId = specificationId
            });

            ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();

            calcsClient
            .GetCalculationById(Arg.Is(calculationId))
            .Returns(response);
            calcsClient
            .UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
            .Returns(new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, new PublishStatusResult()));

            var identity = Substitute.For <IIdentity>();

            identity.Name.Returns("BSir");

            ClaimsPrincipal user = new ClaimsPrincipal(new List <ClaimsIdentity>()
            {
                new ClaimsIdentity(identity,
                                   new [] {
                    new Claim("http://schemas.microsoft.com/identity/claims/objectidentifier", "SomeOne"),
                    new Claim(ClaimTypes.GivenName, "Bob"),
                    new Claim(ClaimTypes.Surname, "Sir")
                })
            });

            IMapper mapper = MappingHelper.CreateFrontEndMapper();

            IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();

            authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations))
            .Returns(true);

            CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient, user);

            // Act
            IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model);

            // Assert
            result.Should()
            .BeOfType <ForbidResult>();

            await authorizationHelper
            .Received(1)
            .DoesUserHavePermission(Arg.Is(user), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations));

            await authorizationHelper
            .Received(1)
            .DoesUserHavePermission(Arg.Is(user), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations));
        }
Exemple #3
0
        public async Task EditCalculationStatus_GivenUserHaveCanApproveAnyCalculationPermissionAndCalcIsAlreadyApproved_ReturnsOK()
        {
            //Arrange
            string specificationId = "abc123";
            string calculationId   = "5";

            PublishStatusEditModel model = new PublishStatusEditModel()
            {
                PublishStatus = PublishStatus.Approved
            };

            ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
            {
                FundingStreamId = "fs1", SpecificationId = specificationId,
            });

            ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();

            calcsClient
            .GetCalculationById(Arg.Is(calculationId))
            .Returns(response);

            calcsClient
            .UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
            .Returns(new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, new PublishStatusResult()
            {
                PublishStatus = PublishStatus.Approved
            }));

            IMapper mapper = MappingHelper.CreateFrontEndMapper();

            IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();

            authorizationHelper
            .DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations))
            .Returns(true);

            CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient);

            // Act
            IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model);

            // Assert
            result.Should()
            .BeOfType <OkObjectResult>()
            .Which
            .Value
            .Should()
            .BeOfType <PublishStatusResult>()
            .Which
            .Should()
            .BeEquivalentTo(new PublishStatusResult()
            {
                PublishStatus = PublishStatus.Approved
            });

            await authorizationHelper
            .Received(1)
            .DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations));

            await authorizationHelper
            .Received(0)
            .DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations));
        }