public async Task WhenUserIsNotKnown_ShouldNotSucceed() { // Arrange ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity()); List <string> fundingStreamIds = new List <string> { WellKnownFundingStreamId }; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = CreateFeatureToggle(true); FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeFalse(); }
public async Task WhenUserIsKnown_AndHasNoPermissions_ShouldNotSucceed() { // Arrange string userId = Guid.NewGuid().ToString(); ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) })); ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>(); specification.GetSpecificationId().Returns(WellKnownSpecificationId); AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); usersApiClient.GetEffectivePermissionsForUser(Arg.Is(userId), Arg.Is(WellKnownSpecificationId)).Returns(new ApiResponse <EffectiveSpecificationPermission>(HttpStatusCode.OK, new EffectiveSpecificationPermission())); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = Substitute.For <IFeatureToggle>(); features.IsRoleBasedAccessEnabled().Returns(true); SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeFalse(); }
public async Task WhenUserIsAdmin_ShouldSucceed() { // Arrange List <Claim> claims = new List <Claim> { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()), new Claim(Constants.GroupsClaimType, actualOptions.AdminGroupId.ToString()) }; ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims)); List <string> fundingStreamIds = new List <string> { WellKnownFundingStreamId }; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = CreateFeatureToggle(true); FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public async Task WhenUserIsNotKnown_ShouldNotSucceed() { // Arrange ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity()); ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>(); AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = Substitute.For <IFeatureToggle>(); features.IsRoleBasedAccessEnabled().Returns(true); SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeFalse(); }
public async Task GetEffectivePermissionsForUser_WhenUserIsAdmin_ThenReturnFullPermissions() { // Arrange string specificationId = "spec123"; string userId = "testuser"; ClaimsPrincipal user = BuildClaimsPrincipal(userId, true); IAuthorizationService authorizationService = Substitute.For <IAuthorizationService>(); IUsersApiClient usersClient = Substitute.For <IUsersApiClient>(); AuthorizationHelper authHelper = CreateAuthenticationHelper(authorizationService, usersClient); // Act Common.ApiClient.Users.Models.EffectiveSpecificationPermission permissions = await authHelper.GetEffectivePermissionsForUser(user, specificationId); // Assert permissions.CanAdministerFundingStream.Should().BeTrue("CanAdministerFundingStream"); permissions.CanApproveFunding.Should().BeTrue("CanApproveFunding"); permissions.CanApproveSpecification.Should().BeTrue("CanApproveSpecification"); permissions.CanChooseFunding.Should().BeTrue("CanChooseFunding"); permissions.CanCreateQaTests.Should().BeTrue("CanCreateQaTests"); permissions.CanCreateSpecification.Should().BeTrue("CanCreateSpecification"); permissions.CanEditCalculations.Should().BeTrue("CanEditCalculations"); permissions.CanEditQaTests.Should().BeTrue("CanEditQaTests"); permissions.CanEditSpecification.Should().BeTrue("CanEditSpecification"); permissions.CanMapDatasets.Should().BeTrue("CanMapDatasets"); permissions.CanPublishFunding.Should().BeTrue("CanPublishFunding"); permissions.CanRefreshFunding.Should().BeTrue("CanRefreshFunding"); }
public async Task WhenUserIsKnown_AndHasNoPermissions_ShouldNotSucceed() { // Arrange string userId = Guid.NewGuid().ToString(); ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) })); List <string> fundingStreamIds = new List <string> { WellKnownFundingStreamId }; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); usersApiClient.GetFundingStreamPermissionsForUser(Arg.Is(userId)).Returns(new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, Enumerable.Empty <FundingStreamPermission>())); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = CreateFeatureToggle(true); FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeFalse(); }
public async Task WhenUserCanCreateSpecification_ShouldSucceed() { // Arrange string userId = Guid.NewGuid().ToString(); ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) })); List <string> fundingStreamIds = new List <string> { WellKnownFundingStreamId }; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, FundingStreamActionTypes.CanCreateSpecification, fundingStreamIds); FundingStreamPermission actualPermission = new FundingStreamPermission { CanCreateSpecification = true, FundingStreamId = WellKnownFundingStreamId }; IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); usersApiClient.GetFundingStreamPermissionsForUser(Arg.Is(userId)).Returns(new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, new List <FundingStreamPermission> { actualPermission })); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public async Task WhenUserCanRefreshPublishedQaForSpecification_ShouldSucceed() { // Arrange string userId = Guid.NewGuid().ToString(); ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) })); string specification = WellKnownSpecificationId; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanRefreshPublishedQa, specification); EffectiveSpecificationPermission actualPermission = new EffectiveSpecificationPermission { CanRefreshPublishedQa = true }; IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); usersApiClient.GetEffectivePermissionsForUser(Arg.Is(userId), Arg.Is(WellKnownSpecificationId)).Returns(new ApiResponse <EffectiveSpecificationPermission>(HttpStatusCode.OK, actualPermission)); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public async Task WhenRoleBasedFeatureIsNotEnabled_AndUserIsNotKnownToTheSystem_ShouldSucceed() { // Arrange ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()) })); List <string> fundingStreamIds = new List <string> { WellKnownFundingStreamId }; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = CreateFeatureToggle(false); FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public async Task GetUserFundingStreamPermissions_WhenUserHasNoAccess_ThenReturnFalse() { // Arrange string userId = "testuser"; ClaimsPrincipal user = BuildClaimsPrincipal(userId); ApiResponse <IEnumerable <FundingStreamPermission> > permissionsResponse = new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, new List <FundingStreamPermission> { new FundingStreamPermission { FundingStreamId = "fs1", CanCreateSpecification = true }, new FundingStreamPermission { FundingStreamId = "fs2", CanCreateSpecification = true }, new FundingStreamPermission { FundingStreamId = "fs3", CanCreateSpecification = false } }); IAuthorizationService authorizationService = Substitute.For <IAuthorizationService>(); IUsersApiClient usersClient = Substitute.For <IUsersApiClient>(); usersClient .GetFundingStreamPermissionsForUser(userId) .Returns(permissionsResponse); AuthorizationHelper authHelper = CreateAuthenticationHelper(authorizationService, usersClient); // Act FundingStreamPermission result = await authHelper.GetUserFundingStreamPermissions(user, "fs3"); // Assert result.CanCreateSpecification.Should().BeFalse(); }
public async Task WhenUserIsAdmin_ShouldSucceed() { // Arrange List <Claim> claims = new List <Claim> { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()), new Claim(Constants.GroupsClaimType, actualOptions.AdminGroupId.ToString()) }; ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims)); string specification = WellKnownSpecificationId; AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public async Task WhenRoleBasedFeatureIsNotEnabled_AndUserIsNotKnownToTheSystem_ShouldSucceed() { // Arrange ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()) })); ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>(); AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification); IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>(); IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >(); options.Value.Returns(actualOptions); IFeatureToggle features = Substitute.For <IFeatureToggle>(); features.IsRoleBasedAccessEnabled().Returns(false); SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features); // Act await authHandler.HandleAsync(authContext); // Assert authContext.HasSucceeded.Should().BeTrue(); }
public RoatpApplicationPreambleController(ILogger <RoatpApplicationPreambleController> logger, IRoatpApiClient roatpApiClient, IUkrlpApiClient ukrlpApiClient, ISessionService sessionService, ICompaniesHouseApiClient companiesHouseApiClient, IOuterApiClient outerApiClient, IOrganisationApiClient organisationApiClient, IUsersApiClient usersApiClient, IApplicationApiClient applicationApiClient, IQnaApiClient qnaApiClient, IAllowedUkprnValidator ukprnWhitelistValidator, IResetRouteQuestionsService resetRouteQuestionsService, IReapplicationCheckService reapplicationCheckService) : base(sessionService) { _logger = logger; _roatpApiClient = roatpApiClient; _ukrlpApiClient = ukrlpApiClient; _sessionService = sessionService; _companiesHouseApiClient = companiesHouseApiClient; _outerApiClient = outerApiClient; _organisationApiClient = organisationApiClient; _usersApiClient = usersApiClient; _applicationApiClient = applicationApiClient; _qnaApiClient = qnaApiClient; _allowedUkprnValidator = ukprnWhitelistValidator; _resetRouteQuestionsService = resetRouteQuestionsService; _reapplicationCheckService = reapplicationCheckService; }
public async Task Specifications_SecurityTrimListForChooseFunding_WhenUserHasAccessToNone_ThenReturnZeroSpecifications() { // Arrange IEnumerable <SpecificationSummary> specifications = new List <SpecificationSummary> { new SpecificationSummary { Id = "spec1", FundingStreams = new List <FundingStream> { new FundingStream { Id = "fs1" } } }, new SpecificationSummary { Id = "spec2", FundingStreams = new List <FundingStream> { new FundingStream { Id = "fs2" } } }, new SpecificationSummary { Id = "spec3", FundingStreams = new List <FundingStream> { new FundingStream { Id = "fs3" } } } }; string userId = "testuser"; ClaimsPrincipal user = BuildClaimsPrincipal(userId); SpecificationActionTypes permissionRequired = SpecificationActionTypes.CanChooseFunding; ApiResponse <IEnumerable <Common.ApiClient.Users.Models.FundingStreamPermission> > permissionsResponse = new ApiResponse <IEnumerable <Common.ApiClient.Users.Models.FundingStreamPermission> >(System.Net.HttpStatusCode.OK, new List <Common.ApiClient.Users.Models.FundingStreamPermission> { new Common.ApiClient.Users.Models.FundingStreamPermission { FundingStreamId = "fs1", CanChooseFunding = false }, new Common.ApiClient.Users.Models.FundingStreamPermission { FundingStreamId = "fs2", CanChooseFunding = false }, new Common.ApiClient.Users.Models.FundingStreamPermission { FundingStreamId = "fs3", CanChooseFunding = false } }); IAuthorizationService authorizationService = Substitute.For <IAuthorizationService>(); IUsersApiClient usersClient = Substitute.For <IUsersApiClient>(); usersClient .GetFundingStreamPermissionsForUser(userId) .Returns(permissionsResponse); AuthorizationHelper authHelper = CreateAuthenticationHelper(authorizationService, usersClient); // Act IEnumerable <SpecificationSummary> results = await authHelper.SecurityTrimList(user, specifications, permissionRequired); // Assert results.Should().BeEmpty(); }
public PayAdHandler(IAdRepository adRepository, IUsersApiClient usersApiClient, IClock clock, IMessageBroker messageBroker) { _adRepository = adRepository; _usersApiClient = usersApiClient; _clock = clock; _messageBroker = messageBroker; }
public FundingStreamPermissionHandler(IUsersApiClient usersApiClient, IOptions <PermissionOptions> permissionOptions) { Guard.ArgumentNotNull(usersApiClient, nameof(usersApiClient)); Guard.ArgumentNotNull(permissionOptions, nameof(permissionOptions)); _usersApiClient = usersApiClient; _permissionOptions = permissionOptions.Value; }
static ConfirmSkillsModel CreatePageModel( IUsersApiClient usersApiClient = null, IUserProfileService userProfileService = null) { return(new ConfirmSkillsModel( usersApiClient ?? CreateUsersApiClient(), userProfileService ?? CreateUserProfileService())); }
public PermissionService(IUsersApiClient usersApiClient, ILogger logger) { Guard.ArgumentNotNull(usersApiClient, nameof(usersApiClient)); Guard.ArgumentNotNull(logger, nameof(logger)); _usersClient = usersApiClient; _logger = logger; }
public UserService(IHttpContextAccessor contextAccessor, IUsersApiClient usersApiClient, ISessionService sessionService, IApplicationApiClient apiClient, ILogger <UserService> logger) { _contextAccessor = contextAccessor; _usersApiClient = usersApiClient; _sessionService = sessionService; _apiClient = apiClient; _logger = logger; }
public UsersController(IUsersApiClient usersApiClient, ISessionService sessionService, IHttpContextAccessor contextAccessor, CreateAccountValidator createAccountValidator) { _usersApiClient = usersApiClient; _sessionService = sessionService; _contextAccessor = contextAccessor; _createAccountValidator = createAccountValidator; }
public ConfirmSkillsModel(IUsersApiClient usersApiClient, IUserProfileService userProfileService) { Guard.ArgumentNotNull(usersApiClient, nameof(usersApiClient)); Guard.ArgumentNotNull(userProfileService, nameof(userProfileService)); _usersApiClient = usersApiClient; _userProfileService = userProfileService; }
public void OnPostAsync_GivenCookieDoesNotAlreadyExistsAndCallingConfirmSkillsReturnsBadRequest_ReturnsInternalServerError() { //Arrange const string upn = "*****@*****.**"; IIdentity identity = Substitute.For <IIdentity>(); identity .Name .Returns(upn); ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(identity); HttpContext httpContext = Substitute.For <HttpContext>(); httpContext .User .Returns(claimsPrincipal); UserProfile userProfile = new UserProfile() { Firstname = "First", Lastname = "Last", Id = "123", UPN = upn }; IUserProfileService userProfileService = CreateUserProfileService(); userProfileService .GetUser() .Returns(userProfile); IUsersApiClient apiClient = CreateUsersApiClient(); apiClient .ConfirmSkills(Arg.Is("123"), Arg.Is <UserConfirmModel>(u => u.Username == upn && u.Name == userProfile.Fullname)) .Returns(new ValidatedApiResponse <User>(HttpStatusCode.BadRequest, (User)null)); ConfirmSkillsModel pageModel = CreatePageModel(apiClient, userProfileService); pageModel.PageContext = new PageContext { HttpContext = httpContext }; //Act Func <Task> test = () => pageModel.OnPostAsync(); //Assert test .Should() .ThrowExactly <InvalidOperationException>() .Which .Message .Should() .Be("Failed to confirm skills for [email protected]"); }
public SpecificationPermissionHandler(IUsersApiClient usersApiClient, IOptions <PermissionOptions> permissionOptions, IFeatureToggle features) { Guard.ArgumentNotNull(usersApiClient, nameof(usersApiClient)); Guard.ArgumentNotNull(permissionOptions, nameof(permissionOptions)); Guard.ArgumentNotNull(features, nameof(features)); _usersApiClient = usersApiClient; _permissionOptions = permissionOptions.Value; _features = features; }
public GetHelpController(ILogger <GetHelpController> logger, IQnaApiClient qnaApiClient, IUsersApiClient usersApiClient, ISessionService sessionService, IOptions <List <TaskListConfiguration> > taskListConfiguration, IGetHelpWithQuestionEmailService emailService) { _logger = logger; _qnaApiClient = qnaApiClient; _usersApiClient = usersApiClient; _sessionService = sessionService; _taskListConfiguration = taskListConfiguration.Value; _emailService = emailService; }
public AuthorizationHelper(IAuthorizationService authorizationService, IUsersApiClient usersClient, ILogger logger, IOptions <PermissionOptions> permissionOptions) { Guard.ArgumentNotNull(authorizationService, nameof(authorizationService)); Guard.ArgumentNotNull(usersClient, nameof(usersClient)); Guard.ArgumentNotNull(logger, nameof(logger)); Guard.ArgumentNotNull(permissionOptions, nameof(permissionOptions)); _authorizationService = authorizationService; _usersClient = usersClient; _logger = logger; _permissionOptions = permissionOptions.Value; }
public async Task Specifications_SecurityTrimList_WhenUserDoesNotHaveAccessToAllFundingStreams_ThenReturnEmpty() { // Arrange IEnumerable <SpecificationSummary> specifications = new List <SpecificationSummary> { new SpecificationSummary { Id = "spec1", FundingStreams = new List <PolicyModels.FundingStream> { new PolicyModels.FundingStream { Id = "fs1" }, new PolicyModels.FundingStream { Id = "fs2" } } } }; string userId = "testuser"; ClaimsPrincipal user = BuildClaimsPrincipal(userId); SpecificationActionTypes permissionRequired = SpecificationActionTypes.CanCreateQaTests; ApiResponse <IEnumerable <FundingStreamPermission> > permissionsResponse = new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, new List <FundingStreamPermission> { new FundingStreamPermission { FundingStreamId = "fs1", CanCreateQaTests = true }, new FundingStreamPermission { FundingStreamId = "fs2", CanCreateQaTests = false }, new FundingStreamPermission { FundingStreamId = "fs3", CanCreateQaTests = true } }); IAuthorizationService authorizationService = Substitute.For <IAuthorizationService>(); IUsersApiClient usersClient = Substitute.For <IUsersApiClient>(); usersClient .GetFundingStreamPermissionsForUser(userId) .Returns(permissionsResponse); AuthorizationHelper authHelper = CreateAuthenticationHelper(authorizationService, usersClient); // Act IEnumerable <SpecificationSummary> results = await authHelper.SecurityTrimList(user, specifications, permissionRequired); // Assert results.Should().BeEmpty(); }
public async Task FundingStreams_SecurityTrimList_WhenUserHasAccessToSome_ThenReturnSome() { // Arrange IEnumerable <PolicyModels.FundingStream> fundingStreamIds = new List <PolicyModels.FundingStream> { new PolicyModels.FundingStream { Id = "fs1" }, new PolicyModels.FundingStream { Id = "fs2" }, new PolicyModels.FundingStream { Id = "fs3" } }; string userId = "testuser"; ClaimsPrincipal user = BuildClaimsPrincipal(userId); FundingStreamActionTypes permissionRequired = FundingStreamActionTypes.CanCreateSpecification; ApiResponse <IEnumerable <FundingStreamPermission> > permissionsResponse = new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, new List <FundingStreamPermission> { new FundingStreamPermission { FundingStreamId = "fs1", CanCreateSpecification = false }, new FundingStreamPermission { FundingStreamId = "fs2", CanCreateSpecification = true }, new FundingStreamPermission { FundingStreamId = "fs3", CanCreateSpecification = false } }); IAuthorizationService authorizationService = Substitute.For <IAuthorizationService>(); IUsersApiClient usersClient = Substitute.For <IUsersApiClient>(); usersClient .GetFundingStreamPermissionsForUser(userId) .Returns(permissionsResponse); AuthorizationHelper authHelper = CreateAuthenticationHelper(authorizationService, usersClient); // Act IEnumerable <PolicyModels.FundingStream> results = await authHelper.SecurityTrimList(user, fundingStreamIds, permissionRequired); // Assert results.Should().HaveCount(1); results.Should().Contain(r => r.Id == "fs2"); }
public CreateChatCommandHandler( IChatRepository chatRepository, IEventBus eventBus, ILogger <CreateChatCommandHandler> logger, IUsersApiClient usersApiClient, IMapper mapper, ChatsContext context) { _chatRepository = chatRepository; _eventBus = eventBus; _logger = logger; _usersApiClient = usersApiClient; _mapper = mapper; _context = context; }
public async Task ApplyPermissions(UserPermission userPermission) { List <UserPermission> userPermissions = new List <UserPermission>() { userPermission }; StaticHttpClientFactory httpClientFactory = new StaticHttpClientFactory(); IUsersApiClient usersClient = GenerateUsersApiClient(logger, httpClientFactory, environmentConfiguration); PermissionService permissionService = new PermissionService(usersClient, logger); var result = await permissionService.ApplyPermissions(userPermissions); var failedRequests = result.Values.Where(r => r.StatusCode != System.Net.HttpStatusCode.OK); if (failedRequests.Any()) { throw new Exception($"Failed to Set Permissions on {failedRequests.Count()} Users"); } }
public async Task InvokeAsync(HttpContext context) { if (context.User.Identity.IsAuthenticated) { bool haveCookieForConfirmedSkills = context.Request.Cookies.ContainsKey(UserConstants.SkillsConfirmationCookieName); if (!haveCookieForConfirmedSkills && DoesRequestRequireSkills(context.Request)) { IUsersApiClient usersApiClient = context.RequestServices.GetService <IUsersApiClient>(); UserProfile profile = context.User.GetUserProfile(); ApiResponse <User> apiResponse = await usersApiClient.GetUserByUserId(profile.Id); if (apiResponse.StatusCode != HttpStatusCode.OK) { context.Response.StatusCode = (int)apiResponse.StatusCode; context.Response.WriteAsync("Could not verify that user has confirmed skills").Wait(); return; } if (!apiResponse.Content.HasConfirmedSkills) { context.Response.StatusCode = 451; context.Response.WriteAsync("User has not confirmed skills").Wait(); return; } CookieOptions option = new CookieOptions { Expires = DateTime.Now.AddDays(1), Secure = true, HttpOnly = true }; context.Response.Cookies.Append(UserConstants.SkillsConfirmationCookieName, "true", option); } } await _next(context); }