public async Task WhenUserIsKnown_AndHasNoPermissions_ShouldNotSucceed()
        {
            // Arrange
            string          userId    = Guid.NewGuid().ToString();
            ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) }));
            ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>();

            specification.GetSpecificationId().Returns(WellKnownSpecificationId);
            AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);

            IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();

            usersApiClient.GetEffectivePermissionsForUser(Arg.Is(userId), Arg.Is(WellKnownSpecificationId)).Returns(new ApiResponse <EffectiveSpecificationPermission>(HttpStatusCode.OK, new EffectiveSpecificationPermission()));

            IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();

            options.Value.Returns(actualOptions);

            IFeatureToggle features = Substitute.For <IFeatureToggle>();

            features.IsRoleBasedAccessEnabled().Returns(true);

            SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features);

            // Act
            await authHandler.HandleAsync(authContext);

            // Assert
            authContext.HasSucceeded.Should().BeFalse();
        }
        public async Task WhenRoleBasedFeatureIsNotEnabled_AndUserIsNotKnownToTheSystem_ShouldSucceed()
        {
            // Arrange
            ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()) }));
            ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>();
            AuthorizationHandlerContext       authContext   = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);

            IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();

            IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();

            options.Value.Returns(actualOptions);

            IFeatureToggle features = Substitute.For <IFeatureToggle>();

            features.IsRoleBasedAccessEnabled().Returns(false);

            SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features);

            // Act
            await authHandler.HandleAsync(authContext);

            // Assert
            authContext.HasSucceeded.Should().BeTrue();
        }
        public async Task WhenUserIsNotKnown_ShouldNotSucceed()
        {
            // Arrange
            ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity());
            ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>();
            AuthorizationHandlerContext       authContext   = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);

            IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();

            IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();

            options.Value.Returns(actualOptions);

            IFeatureToggle features = Substitute.For <IFeatureToggle>();

            features.IsRoleBasedAccessEnabled().Returns(true);

            SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features);

            // Act
            await authHandler.HandleAsync(authContext);

            // Assert
            authContext.HasSucceeded.Should().BeFalse();
        }
コード例 #4
0
        public async Task WhenUserIsNotKnown_ShouldSucceed()
        {
            // Arrange
            ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity());
            ISpecificationAuthorizationEntity spec        = Substitute.For <ISpecificationAuthorizationEntity>();
            AuthorizationHandlerContext       authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, spec);

            AlwaysAllowedPermissionHandler authHandler = new AlwaysAllowedPermissionHandler();

            // Act
            await authHandler.HandleAsync(authContext);

            // Assert
            authContext.HasSucceeded.Should().BeTrue();
        }
コード例 #5
0
        public async Task WhenUserIsKnown_AndHasNoPermissions_ShouldSucceed()
        {
            // Arrange
            string          userId    = Guid.NewGuid().ToString();
            ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) }));
            ISpecificationAuthorizationEntity spec        = Substitute.For <ISpecificationAuthorizationEntity>();
            AuthorizationHandlerContext       authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, spec);

            AlwaysAllowedPermissionHandler authHandler = new AlwaysAllowedPermissionHandler();

            // Act
            await authHandler.HandleAsync(authContext);

            // Assert
            authContext.HasSucceeded.Should().BeTrue();
        }
コード例 #6
0
        private AuthorizationHandlerContext CreateAuthenticationContext(ClaimsPrincipal principal, SpecificationActionTypes permissionRequired, ISpecificationAuthorizationEntity resource)
        {
            SpecificationRequirement requirement = new SpecificationRequirement(permissionRequired);

            return(new AuthorizationHandlerContext(new[] { requirement }, principal, resource));
        }
        public async Task <bool> DoesUserHavePermission(ClaimsPrincipal user, ISpecificationAuthorizationEntity specification, SpecificationActionTypes permissionRequired)
        {
            AuthorizationResult authorizationResult = await _authorizationService.AuthorizeAsync(user, specification, new SpecificationRequirement(permissionRequired));

            return(authorizationResult.Succeeded);
        }