public void GetSubjects()
{
PermissionTestUtils.PolicyCheckBuilder <ContentSecurityPolicies>()
.ExpectResourceCheckToFail(_release, ContentSecurityPolicies.CanViewRelease)
.AssertForbidden(
userService =>
{
var service = BuildReleaseMetaService(userService: userService.Object);
return(service.GetSubjects(_release.Id));
}
);
}
public void GetReleaseStatusesAsync()
{
PermissionTestUtils.PolicyCheckBuilder <ContentSecurityPolicies>()
.ExpectResourceCheck(_release, ContentSecurityPolicies.CanViewRelease, false)
.AssertForbidden(
async userService =>
{
var service = BuildReleaseStatusService(userService: userService.Object);
return(await service.GetReleaseStatusAsync(_release.Id));
}
);
}
public void Query_LatestRelease_CanViewSubjectData()
{
PermissionTestUtils.PolicyCheckBuilder <DataSecurityPolicies>()
.ExpectResourceCheckToFail(_subject, DataSecurityPolicies.CanViewSubjectData)
.AssertForbidden(
async userService =>
{
var publication = new Model.Publication
{
Id = Guid.NewGuid(),
};
var release = new Model.Release
{
Id = Guid.NewGuid(),
};
var subjectService = new Mock <ISubjectService>();
subjectService
.Setup(s => s.IsSubjectForLatestPublishedRelease(_subject.Id))
.ReturnsAsync(false);
subjectService
.Setup(s => s.GetPublicationForSubject(_subject.Id))
.ReturnsAsync(publication);
var releaseService = new Mock <IReleaseService>();
releaseService
.Setup(s => s.GetLatestPublishedRelease(publication.Id))
.Returns(release);
var service = BuildTableBuilderService(
userService: userService.Object,
subjectService: subjectService.Object,
releaseService: releaseService.Object
);
return(await service.Query(
new ObservationQueryContext
{
SubjectId = _subject.Id
}
));
}
);
}
public static async Task AssertSecurityPoliciesChecked <TProtectedResource, TReturn, TService>(
Func <TService, Task <Either <ActionResult, TReturn> > > protectedAction,
TProtectedResource resource,
Mock <IUserService> userService,
TService service,
params SecurityPolicies[] policies)
{
policies.ToList().ForEach(policy =>
userService
.Setup(s => s.MatchesPolicy(resource, policy))
.ReturnsAsync(policy != policies.Last()));
var result = await protectedAction.Invoke(service);
PermissionTestUtils.AssertForbidden(result);
policies.ToList().ForEach(policy =>
userService.Verify(s => s.MatchesPolicy(resource, policy)));
}
public void Query_ReleaseId_CanViewSubjectData()
{
PermissionTestUtils.PolicyCheckBuilder <DataSecurityPolicies>()
.ExpectResourceCheckToFail(_subject, DataSecurityPolicies.CanViewSubjectData)
.AssertForbidden(
async userService =>
{
var releaseSubject = new ReleaseSubject
{
ReleaseId = _release.Id,
Release = _release,
SubjectId = _subject.Id,
Subject = _subject,
};
var statisticsPersistenceHelper = StatisticsPersistenceHelperMock(_subject);
MockUtils.SetupCall(statisticsPersistenceHelper, releaseSubject);
var subjectService = new Mock <ISubjectService>();
subjectService
.Setup(s => s.IsSubjectForLatestPublishedRelease(_subject.Id))
.ReturnsAsync(false);
var service = BuildTableBuilderService(
userService: userService.Object,
subjectService: subjectService.Object,
statisticsPersistenceHelper: statisticsPersistenceHelper.Object
);
return(await service.Query(
releaseSubject.ReleaseId,
new ObservationQueryContext
{
SubjectId = _subject.Id
}
));
}
);
}
