public void Should_throw_an_exception_when_convention_based_view_name_is_not_supported()
{
var mockISessionFactory = A.Fake <ISessionFactory>();
var mockAuthorizationViewsProvider = A.Fake <AuthorizationViewsProvider>(x => x.WithArgumentsForConstructor(new object[] { mockISessionFactory }));
A.CallTo(() => mockAuthorizationViewsProvider.GetAuthorizationViews())
.Returns(new List <string>
{
// Not supported in this test:
// "auth.LocalEducationAgencyIdToStaffUSI",
"auth.SchoolIdToStaffUSI"
});
var authorizationSegmentsSqlProvider = new SqlServerAuthorizationSegmentSqlProvider(mockAuthorizationViewsProvider);
var parameterIndex = 0;
var authorizationSegments = GetRelationshipAuthorizationSegments(
AllSuppliedLeaIds,
builder => builder.ClaimsMustBeAssociatedWith(x => x.StaffUSI));
Should.Throw <Exception>(
() =>
{
authorizationSegmentsSqlProvider.GetAuthorizationQueryMetadata(
authorizationSegments,
ref parameterIndex);
})
.Message.ShouldBe(
"Unable to authorize the request because there is no authorization support for associating the API client's associated education organization types ('LocalEducationAgency') with the resource.");
}
public void Should_generate_valid_sql_and_parameters()
{
var mockISessionFactory = A.Fake <ISessionFactory>();
var mockAuthorizationViewsProvider = A.Fake <AuthorizationViewsProvider>(x => x.WithArgumentsForConstructor(new object[] { mockISessionFactory }));
A.CallTo(() => mockAuthorizationViewsProvider.GetAuthorizationViews())
.Returns(new List <string>
{
"auth.LocalEducationAgencyIdToStaffUSI",
"auth.SchoolIdToStaffUSI"
});
var authorizationSegmentsSqlProvider = new SqlServerAuthorizationSegmentSqlProvider(mockAuthorizationViewsProvider);
var parameterIndex = 0;
var authorizationSegments = GetRelationshipAuthorizationSegments(
AllSuppliedLeaIds,
builder => builder.ClaimsMustBeAssociatedWith(x => x.StaffUSI));
var result = authorizationSegmentsSqlProvider.GetAuthorizationQueryMetadata(authorizationSegments, ref parameterIndex);
result.ShouldSatisfyAllConditions(
() => result.ShouldNotBeNull(),
// 2 parameters are the SQL Server TVP and the StaffUSI segment
() => result.Parameters.Length.ShouldBe(2),
() => result.Parameters.Any(x => x.GetType() != typeof(SqlParameter))
.ShouldBeFalse(),
// TVP parameters is defined as expected
() => result.Parameters[0].ParameterName.ShouldBe("@p0"),
() => result.Parameters[0].Value.ShouldBeOfType <DataTable>(),
() => ((DataTable)result.Parameters[0].Value).Rows[0][0].ShouldBe(_suppliedClaim.EducationOrganizationIds[0]),
() => ((DataTable)result.Parameters[0].Value).Rows[1][0].ShouldBe(_suppliedClaim.EducationOrganizationIds[1]),
() => ((DataTable)result.Parameters[0].Value).Rows[2][0].ShouldBe(_suppliedClaim.EducationOrganizationIds[2]),
// Second parameter is for the LEA to StaffUSI segment
() => result.Parameters[1].ParameterName.ShouldBe("@p1"),
() => result.Parameters[1].Value.ShouldBe(_suppliedAuthorizationContext.StaffUSI)
);
var sql = result.Sql;
var expectedSql =
$@"SELECT 1 WHERE
(
EXISTS (SELECT 1 FROM auth.LocalEducationAgencyIdToStaffUSI a WHERE a.LocalEducationAgencyId IN (SELECT Id from @p0) and a.StaffUSI = @p1)
);";
sql.ShouldBe(expectedSql, StringCompareShould.IgnoreLineEndings);
}
public void Should_generate_valid_sql_and_parameters()
{
var mockISessionFactory = A.Fake <ISessionFactory>();
var mockAuthorizationViewsProvider = A.Fake <AuthorizationViewsProvider>(x => x.WithArgumentsForConstructor(new object[] { mockISessionFactory }));
A.CallTo(() => mockAuthorizationViewsProvider.GetAuthorizationViews())
.Returns(new List <string>
{
// Not supported for this test:
// "auth.LocalEducationAgencyIdToStaffUSI",
"auth.PostSecondaryInstitutionIdToStaffUSI",
// Not supported for this test:
// "auth.PostSecondaryInstitutionIdToSchoolId",
// "auth.LocalEducationAgencyIdToSchoolId",
"auth.SchoolIdToStaffUSI"
});
var authorizationSegmentsSqlProvider = new SqlServerAuthorizationSegmentSqlProvider(mockAuthorizationViewsProvider);
var parameterIndex = 0;
var authorizationSegments = GetRelationshipAuthorizationSegments(
new List <int>
{
// Multiple types of EdOrgIds
SuppliedLea1,
SuppliedPostSecondaryInstitutionId,
SuppliedLea2
},
builder => builder.ClaimsMustBeAssociatedWith(x => x.StaffUSI)
.ClaimsMustBeAssociatedWith(x => x.SchoolId));
Should.Throw <EdFiSecurityException>(
() => authorizationSegmentsSqlProvider.GetAuthorizationQueryMetadata(authorizationSegments, ref parameterIndex)
)
.Message.ShouldBe(
"Unable to authorize the request because there is no authorization support for associating the API client's associated education organization types ('LocalEducationAgency', 'PostSecondaryInstitution') with the resource.");
}
public void Should_generate_valid_sql_and_parameters()
{
var mockISessionFactory = A.Fake <ISessionFactory>();
var mockAuthorizationViewsProvider = A.Fake <AuthorizationViewsProvider>(x => x.WithArgumentsForConstructor(new object[] { mockISessionFactory }));
A.CallTo(() => mockAuthorizationViewsProvider.GetAuthorizationViews())
.Returns(new List <string>
{
// Not supported for this test:
// "auth.LocalEducationAgencyIdToStaffUSI",
"auth.PostSecondaryInstitutionIdToStaffUSI",
// Not supported for this test:
// "auth.PostSecondaryInstitutionIdToSchoolId",
"auth.LocalEducationAgencyIdToSchoolId",
"auth.SchoolIdToStaffUSI"
});
var authorizationSegmentsSqlProvider = new SqlServerAuthorizationSegmentSqlProvider(mockAuthorizationViewsProvider);
var parameterIndex = 0;
var authorizationSegments = GetRelationshipAuthorizationSegments(
new List <int>
{
// Multiple types of EdOrgIds
SuppliedLea1,
SuppliedPostSecondaryInstitutionId,
SuppliedLea2
},
builder => builder.ClaimsMustBeAssociatedWith(x => x.StaffUSI)
.ClaimsMustBeAssociatedWith(x => x.SchoolId));
var result = authorizationSegmentsSqlProvider.GetAuthorizationQueryMetadata(authorizationSegments, ref parameterIndex);
result.ShouldSatisfyAllConditions(
() => result.ShouldNotBeNull(),
// 4 parameters are the SQL Server TVP for each of the StaffUSI and School segments
() => result.Parameters.Length.ShouldBe(4),
() => result.Parameters.Any(x => x.GetType() != typeof(SqlParameter))
.ShouldBeFalse(),
// -----------------------------
// Claims to StaffUSI segment
// -----------------------------
// Single-value parameter for PostSecondary is defined as expected
() => result.Parameters[0].ParameterName.ShouldBe("@p0"),
() => result.Parameters[0].Value.ShouldBeOfType <int>(),
() => result.Parameters[0].Value.ShouldBe(SuppliedPostSecondaryInstitutionId),
// Second parameter is for the PostSecondary to StaffUSI segment
() => result.Parameters[1].ParameterName.ShouldBe("@p1"),
() => result.Parameters[1].Value.ShouldBe(_suppliedAuthorizationContext.StaffUSI),
// ---------------------------
// Claims to SchoolId segment
// ---------------------------
// TVP parameters for LEAIds is defined as expected
() => result.Parameters[2].ParameterName.ShouldBe("@p2"),
() => result.Parameters[2].Value.ShouldBeOfType <DataTable>(),
() => ((DataTable)result.Parameters[2].Value).Rows[0][0].ShouldBe(SuppliedLea1),
() => ((DataTable)result.Parameters[2].Value).Rows[1][0].ShouldBe(SuppliedLea2),
// Second parameter is for the LEA to SchoolId segment
() => result.Parameters[3].ParameterName.ShouldBe("@p3"),
() => result.Parameters[3].Value.ShouldBe(_suppliedAuthorizationContext.SchoolId)
);
var sql = result.Sql;
var expectedSql =
$@"SELECT 1 WHERE
(
EXISTS (SELECT 1 FROM auth.PostSecondaryInstitutionIdToStaffUSI a WHERE a.PostSecondaryInstitutionId = @p0 and a.StaffUSI = @p1)
)
AND
(
EXISTS (SELECT 1 FROM auth.LocalEducationAgencyIdToSchoolId a WHERE a.LocalEducationAgencyId IN (SELECT Id from @p2) and a.SchoolId = @p3)
);";
sql.ShouldBe(expectedSql, StringCompareShould.IgnoreLineEndings);
}
