public async Task WhenUserCanRefreshPublishedQaForSpecification_ShouldSucceed()
{
// Arrange
string userId = Guid.NewGuid().ToString();
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) }));
string specification = WellKnownSpecificationId;
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanRefreshPublishedQa, specification);
EffectiveSpecificationPermission actualPermission = new EffectiveSpecificationPermission
{
CanRefreshPublishedQa = true
};
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
usersApiClient.GetEffectivePermissionsForUser(Arg.Is(userId), Arg.Is(WellKnownSpecificationId)).Returns(new ApiResponse <EffectiveSpecificationPermission>(HttpStatusCode.OK, actualPermission));
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public async Task WhenUserIsAdmin_ShouldSucceed()
{
// Arrange
List <Claim> claims = new List <Claim>
{
new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()),
new Claim(Constants.GroupsClaimType, actualOptions.AdminGroupId.ToString())
};
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims));
string specification = WellKnownSpecificationId;
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public async Task WhenUserIsKnown_AndHasNoPermissions_ShouldNotSucceed()
{
// Arrange
string userId = Guid.NewGuid().ToString();
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) }));
ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>();
specification.GetSpecificationId().Returns(WellKnownSpecificationId);
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
usersApiClient.GetEffectivePermissionsForUser(Arg.Is(userId), Arg.Is(WellKnownSpecificationId)).Returns(new ApiResponse <EffectiveSpecificationPermission>(HttpStatusCode.OK, new EffectiveSpecificationPermission()));
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = Substitute.For <IFeatureToggle>();
features.IsRoleBasedAccessEnabled().Returns(true);
SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeFalse();
}
public async Task WhenRoleBasedFeatureIsNotEnabled_AndUserIsNotKnownToTheSystem_ShouldSucceed()
{
// Arrange
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()) }));
ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>();
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = Substitute.For <IFeatureToggle>();
features.IsRoleBasedAccessEnabled().Returns(false);
SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public async Task WhenUserIsNotKnown_ShouldNotSucceed()
{
// Arrange
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity());
ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>();
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = Substitute.For <IFeatureToggle>();
features.IsRoleBasedAccessEnabled().Returns(true);
SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeFalse();
}
public async Task WhenUserIsNotKnownToTheSystem_ShouldNotSucceed()
{
// Arrange
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()) }));
string specification = WellKnownSpecificationId;
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
usersApiClient.GetEffectivePermissionsForUser(Arg.Any <string>(), Arg.Is(WellKnownSpecificationId)).Returns(new ApiResponse <EffectiveSpecificationPermission>(HttpStatusCode.OK, new EffectiveSpecificationPermission()));
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeFalse();
}
