public async Task WhenUserCanRefreshPublishedQaForSpecification_ShouldSucceed() { // Arrange string userId = Guid.NewGuid().ToString(); ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) })); string specification = WellKnownSpecificationId; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanRefreshPublishedQa, specification); EffectiveSpecificationPermission actualPermission = new EffectiveSpecificationPermission { CanRefreshPublishedQa = true }; IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); usersApiClient.GetEffectivePermissionsForUser(Arg.Is(userId), Arg.Is(WellKnownSpecificationId)).Returns(new ApiResponse <EffectiveSpecificationPermission>(HttpStatusCode.OK, actualPermission)); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public async Task WhenUserIsAdmin_ShouldSucceed() { // Arrange List <Claim> claims = new List <Claim> { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()), new Claim(Constants.GroupsClaimType, actualOptions.AdminGroupId.ToString()) }; ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims)); string specification = WellKnownSpecificationId; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public async Task WhenUserIsKnown_AndHasNoPermissions_ShouldNotSucceed() { // Arrange string userId = Guid.NewGuid().ToString(); ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) })); ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>(); specification.GetSpecificationId().Returns(WellKnownSpecificationId); AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); usersApiClient.GetEffectivePermissionsForUser(Arg.Is(userId), Arg.Is(WellKnownSpecificationId)).Returns(new ApiResponse <EffectiveSpecificationPermission>(HttpStatusCode.OK, new EffectiveSpecificationPermission())); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = Substitute.For <IFeatureToggle>(); features.IsRoleBasedAccessEnabled().Returns(true); SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeFalse(); }
public async Task WhenRoleBasedFeatureIsNotEnabled_AndUserIsNotKnownToTheSystem_ShouldSucceed() { // Arrange ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()) })); ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>(); AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = Substitute.For <IFeatureToggle>(); features.IsRoleBasedAccessEnabled().Returns(false); SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public async Task WhenUserIsNotKnown_ShouldNotSucceed() { // Arrange ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity()); ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>(); AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = Substitute.For <IFeatureToggle>(); features.IsRoleBasedAccessEnabled().Returns(true); SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeFalse(); }
public async Task WhenUserIsNotKnownToTheSystem_ShouldNotSucceed() { // Arrange ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()) })); string specification = WellKnownSpecificationId; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); usersApiClient.GetEffectivePermissionsForUser(Arg.Any <string>(), Arg.Is(WellKnownSpecificationId)).Returns(new ApiResponse <EffectiveSpecificationPermission>(HttpStatusCode.OK, new EffectiveSpecificationPermission())); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeFalse(); }