Inheritance: SurveyAuthorizationHandler
 public void Handle_Read_PassesForContributor()
 {
     var survey = new Survey("test survey") { Contributors = new List<SurveyContributor> { new SurveyContributor { UserId = 54321 } } };
     var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
     {
         new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "54321"),
         new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
         new Claim(AzureADClaimTypes.TenantId, "tenantid")
     }));
     var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
     var target = new TestableSurveyAuthorizationHandler();
     target.Handle(authzContext, Operations.Read, survey);
     Assert.True(authzContext.HasSucceeded);
 }
 public void Handle_Update_PassesForOwner()
 {
     var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
     var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
     {
         new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "54321"),
         new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
         new Claim(AzureADClaimTypes.TenantId, "tenantid"),
         new Claim(ClaimTypes.Role, Roles.SurveyCreator)
     }));
     var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
     var target = new TestableSurveyAuthorizationHandler();
     target.Handle(authzContext, Operations.Update, survey);
     Assert.True(authzContext.HasSucceeded);
 }
        public void Handle_Delete_PassesForAdmin()
        {
            var survey = new Survey("test survey")
            {
                OwnerId = 54321, TenantId = 12345
            };
            var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
            {
                new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
                new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
                new Claim(ClaimTypes.Role, Roles.SurveyAdmin)
            }));
            var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
            var target       = new TestableSurveyAuthorizationHandler();

            target.Handle(authzContext, Operations.Delete, survey);
            Assert.True(authzContext.HasSucceeded);
        }
        public void Handle_Read_FailsForNonOwner()
        {
            var survey = new Survey("test survey")
            {
                OwnerId = 54321, TenantId = 54321
            };
            var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
            {
                new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
                new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
                new Claim(AzureADClaimTypes.TenantId, "tenantid"),
                new Claim(ClaimTypes.Role, Roles.SurveyCreator)
            }));
            var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
            var target       = new TestableSurveyAuthorizationHandler();

            target.Handle(authzContext, Operations.Read, survey);
            Assert.False(authzContext.HasSucceeded);
        }
        public void Handle_Delete_FailsForAdminOfDifferentTenant()
        {
            var survey = new Survey("test survey")
            {
                OwnerId = 54321, TenantId = 12345
            };
            var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
            {
                new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
                new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "11111"), // Different tenant from survey
                new Claim(AzureADClaimTypes.TenantId, "tenantid"),
                new Claim(ClaimTypes.Role, Roles.SurveyAdmin)
            }));
            var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
            var target       = new TestableSurveyAuthorizationHandler();

            target.Handle(authzContext, Operations.Delete, survey);
            Assert.False(authzContext.HasSucceeded);
        }
        public void Handle_Read_PassesForContributor()
        {
            var survey = new Survey("test survey")
            {
                Contributors = new List <SurveyContributor> {
                    new SurveyContributor {
                        UserId = 54321
                    }
                }
            };
            var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
            {
                new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "54321"),
                new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
                new Claim(AzureADClaimTypes.TenantId, "tenantid")
            }));
            var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
            var target       = new TestableSurveyAuthorizationHandler();

            target.Handle(authzContext, Operations.Read, survey);
            Assert.True(authzContext.HasSucceeded);
        }
 public void Handle_Delete_PassesForAdminUserWithOtherRoles()
 {
     var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
     var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
     {
         new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
         new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
         new Claim(ClaimTypes.Role, Roles.SurveyReader),
         new Claim(ClaimTypes.Role, Roles.SurveyAdmin),
         new Claim(ClaimTypes.Role, Roles.SurveyReader)
     }));
     var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
     var target = new TestableSurveyAuthorizationHandler();
     target.Handle(authzContext, Operations.Delete, survey);
     Assert.True(authzContext.HasSucceeded);
 }
 public void Handle_Delete_FailsForAdminOfDifferentTenant()
 {
     var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
     var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
     {
         new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
         new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "11111"), // Different tenant from survey
         new Claim(AzureADClaimTypes.TenantId, "tenantid"),
         new Claim(ClaimTypes.Role, Roles.SurveyAdmin)
     }));
     var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
     var target = new TestableSurveyAuthorizationHandler();
     target.Handle(authzContext, Operations.Delete, survey);
     Assert.False(authzContext.HasSucceeded);
 }
 public void Handle_Create_FailesForUserWithNoCreatorRoleAssignments()
 {
     var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
     var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
     {
         new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
         new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
         new Claim(AzureADClaimTypes.TenantId, "tenantid"),
         new Claim(ClaimTypes.Role, Roles.SurveyReader),
         new Claim(ClaimTypes.Role, Roles.SurveyReader)
     }));
     var authzContext = new AuthorizationHandlerContext(new IAuthorizationRequirement[] { }, principal, survey);
     var target = new TestableSurveyAuthorizationHandler();
     target.Handle(authzContext, Operations.Create, survey);
     Assert.False(authzContext.HasSucceeded);
 }