public async Task GivenAnExistingResource_WhenRead_ThenAuditLogEntriesShouldBeCreated() { await ExecuteAndValidate( async() => { FhirResponse <Patient> response = await _client.CreateAsync(Samples.GetDefaultPatient()); return(await _client.ReadAsync <Patient>(ResourceType.Patient, response.Resource.Id)); }, "read", ResourceType.Patient, p => $"Patient/{p.Id}", HttpStatusCode.OK); }
public async Task GivenMetadata_WhenRead_ThenAuditLogEntriesShouldNotBeCreated() { if (!_fixture.IsUsingInProcTestServer) { // This test only works with the in-proc server with customized middleware pipeline return; } FhirResponse response = await _client.ReadAsync <CapabilityStatement>("metadata"); string correlationId = response.Headers.GetValues(RequestIdHeaderName).FirstOrDefault(); Assert.NotNull(correlationId); Assert.Empty(_auditLogger.GetAuditEntriesByCorrelationId(correlationId)); }
public async Task WhenGettingAResource_GivenAUserWithReadPermissions_TheServerShouldReturnSuccess() { FhirClient tempClient = Client.CreateClientForClientApplication(TestApplications.ServiceClient); Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>()); tempClient = Client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient); FhirResponse <Observation> readResponse = await tempClient.ReadAsync <Observation>(ResourceType.Observation, createdResource.Id); Observation readResource = readResponse.Resource; Assert.Equal(createdResource.Id, readResource.Id); Assert.Equal(createdResource.Meta.VersionId, readResource.Meta.VersionId); Assert.Equal(createdResource.Meta.LastUpdated, readResource.Meta.LastUpdated); }
public async Task WhenHardDeletingAResource_GivenAUserWithHardDeletePermissions_TheServerShouldReturnSuccess() { FhirClient tempClient = Client.CreateClientForUser(TestUsers.WriteOnlyUser, TestApplications.NativeClient); Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>()); tempClient = Client.CreateClientForUser(TestUsers.HardDeleteUser, TestApplications.NativeClient); // Hard-delete the resource. await tempClient.HardDeleteAsync(createdResource); tempClient = Client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient); // Getting the resource should result in NotFound. await ExecuteAndValidateNotFoundStatus(() => tempClient.ReadAsync <Observation>(ResourceType.Observation, createdResource.Id)); async Task <FhirException> ExecuteAndValidateNotFoundStatus(Func <Task> action) { FhirException exception = await Assert.ThrowsAsync <FhirException>(action); Assert.Equal(HttpStatusCode.NotFound, exception.StatusCode); return(exception); } }
public async Task WhenGettingAResource_GivenAUserWithNoReadPermissions_TheServerShouldReturnForbidden() { FhirClient tempClient = Client.CreateClientForClientApplication(TestApplications.ServiceClient); Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>()); tempClient = tempClient.CreateClientForUser(TestUsers.WriteOnlyUser, TestApplications.NativeClient); FhirException fhirException = await Assert.ThrowsAsync <FhirException>(async() => await tempClient.ReadAsync <Observation>(ResourceType.Observation, createdResource.Id)); Assert.Equal(ForbiddenMessage, fhirException.Message); Assert.Equal(HttpStatusCode.Forbidden, fhirException.StatusCode); }
private async Task ExecuteAndValidate(Func <FhirClient, Task> clientSetup, HttpStatusCode expectedStatusCode) { if (!_fixture.IsUsingInProcTestServer || !_fixture.FhirClient.SecuritySettings.SecurityEnabled) { // This test only works with the in-proc server with customized middleware pipeline and when security is enabled. return; } const string url = "Patient/123"; // Create a new client with no token supplied. var client = new FhirClient(_fixture.CreateHttpClient(), ResourceFormat.Json); await clientSetup(client); FhirResponse <OperationOutcome> response = (await Assert.ThrowsAsync <FhirException>(() => client.ReadAsync <Patient>(url))).Response; string correlationId = response.Headers.GetValues(RequestIdHeaderName).FirstOrDefault(); Assert.NotNull(correlationId); var expectedUri = new Uri($"http://localhost/{url}"); Assert.Collection( _auditLogger.GetAuditEntriesByCorrelationId(correlationId), ae => ValidateExecutedAuditEntry(ae, "read", ResourceType.Patient, expectedUri, expectedStatusCode, correlationId)); }