/// <summary>
/// Applies each permission as an asp.net core policy that can then be authorized using <see cref="PermissionRequirement"/>
/// </summary>
/// <param name="services"></param>
/// <param name="permissions"></param>
public static void AddPermissionPolicies(this IServiceCollection services, IEnumerable <Permission> permissions)
{
var builder = new AuthorizationBuilder(permissions);
services.AddAuthorization(options =>
{
builder.Build(c =>
{
// applies each permission as an asp.net core policy that can then be authorized
foreach (var permission in c.Permissions)
{
var requirement = new PermissionRequirement(permission.Code);
options.AddPolicy(permission.Code, policy => policy.Requirements.Add(requirement));
}
});
});
}
public async Task HandleAsync_WithNonInternalUserOrOrganisationUser_ThrowsSecurityException()
{
// Arrange
var authorizationBuilder = new AuthorizationBuilder()
.DenyInternalOrOrganisationAccess();
var authorization = authorizationBuilder.Build();
var dataAccess = A.Dummy<IOrganisationDetailsDataAccess>();
var weeeEmailService = A.Dummy<IWeeeEmailService>();
var handler =
new UpdateOrganisationContactDetailsHandler(authorization, dataAccess, weeeEmailService);
var request = new UpdateOrganisationContactDetails(new OrganisationData { Id = Guid.NewGuid() }, false);
// Act, Assert
await Assert.ThrowsAsync<SecurityException>(() => handler.HandleAsync(request));
}
public async Task HandleAsync_WithNonInternalUserOrOrganisationUser_ThrowsSecurityException()
{
// Arrange
var authorizationBuilder = new AuthorizationBuilder()
.DenyInternalOrOrganisationAccess();
var authorization = authorizationBuilder.Build();
var dataAccess = A.Dummy <IOrganisationDetailsDataAccess>();
var weeeEmailService = A.Dummy <IWeeeEmailService>();
var handler =
new UpdateSchemeContactDetailsHandler(authorization, dataAccess, weeeEmailService);
var request = new UpdateSchemeContactDetails(new SchemeData()
{
Id = Guid.NewGuid()
}, false);
// Act, Assert
await Assert.ThrowsAsync <SecurityException>(() => handler.HandleAsync(request));
}
