public async Task WhenUserIsNotKnown_ShouldNotSucceed()
{
// Arrange
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity());
List <string> fundingStreamIds = new List <string> {
WellKnownFundingStreamId
};
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = CreateFeatureToggle(true);
FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeFalse();
}
public async Task WhenUserIsKnown_AndHasNoPermissions_ShouldNotSucceed()
{
// Arrange
string userId = Guid.NewGuid().ToString();
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) }));
ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>();
specification.GetSpecificationId().Returns(WellKnownSpecificationId);
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
usersApiClient.GetEffectivePermissionsForUser(Arg.Is(userId), Arg.Is(WellKnownSpecificationId)).Returns(new ApiResponse <EffectiveSpecificationPermission>(HttpStatusCode.OK, new EffectiveSpecificationPermission()));
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = Substitute.For <IFeatureToggle>();
features.IsRoleBasedAccessEnabled().Returns(true);
SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeFalse();
}
public async Task WhenUserIsAdmin_ShouldSucceed()
{
// Arrange
List <Claim> claims = new List <Claim>
{
new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()),
new Claim(Constants.GroupsClaimType, actualOptions.AdminGroupId.ToString())
};
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims));
List <string> fundingStreamIds = new List <string> {
WellKnownFundingStreamId
};
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = CreateFeatureToggle(true);
FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public async Task WhenUserIsNotKnown_ShouldNotSucceed()
{
// Arrange
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity());
ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>();
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = Substitute.For <IFeatureToggle>();
features.IsRoleBasedAccessEnabled().Returns(true);
SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeFalse();
}
public async Task GetEffectivePermissionsForUser_WhenUserIsAdmin_ThenReturnFullPermissions()
{
// Arrange
string specificationId = "spec123";
string userId = "testuser";
ClaimsPrincipal user = BuildClaimsPrincipal(userId, true);
IAuthorizationService authorizationService = Substitute.For <IAuthorizationService>();
IUsersApiClient usersClient = Substitute.For <IUsersApiClient>();
AuthorizationHelper authHelper = CreateAuthenticationHelper(authorizationService, usersClient);
// Act
Common.ApiClient.Users.Models.EffectiveSpecificationPermission permissions = await authHelper.GetEffectivePermissionsForUser(user, specificationId);
// Assert
permissions.CanAdministerFundingStream.Should().BeTrue("CanAdministerFundingStream");
permissions.CanApproveFunding.Should().BeTrue("CanApproveFunding");
permissions.CanApproveSpecification.Should().BeTrue("CanApproveSpecification");
permissions.CanChooseFunding.Should().BeTrue("CanChooseFunding");
permissions.CanCreateQaTests.Should().BeTrue("CanCreateQaTests");
permissions.CanCreateSpecification.Should().BeTrue("CanCreateSpecification");
permissions.CanEditCalculations.Should().BeTrue("CanEditCalculations");
permissions.CanEditQaTests.Should().BeTrue("CanEditQaTests");
permissions.CanEditSpecification.Should().BeTrue("CanEditSpecification");
permissions.CanMapDatasets.Should().BeTrue("CanMapDatasets");
permissions.CanPublishFunding.Should().BeTrue("CanPublishFunding");
permissions.CanRefreshFunding.Should().BeTrue("CanRefreshFunding");
}
public async Task WhenUserIsKnown_AndHasNoPermissions_ShouldNotSucceed()
{
// Arrange
string userId = Guid.NewGuid().ToString();
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) }));
List <string> fundingStreamIds = new List <string> {
WellKnownFundingStreamId
};
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
usersApiClient.GetFundingStreamPermissionsForUser(Arg.Is(userId)).Returns(new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, Enumerable.Empty <FundingStreamPermission>()));
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = CreateFeatureToggle(true);
FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeFalse();
}
public async Task WhenUserCanCreateSpecification_ShouldSucceed()
{
// Arrange
string userId = Guid.NewGuid().ToString();
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) }));
List <string> fundingStreamIds = new List <string> {
WellKnownFundingStreamId
};
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, FundingStreamActionTypes.CanCreateSpecification, fundingStreamIds);
FundingStreamPermission actualPermission = new FundingStreamPermission
{
CanCreateSpecification = true,
FundingStreamId = WellKnownFundingStreamId
};
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
usersApiClient.GetFundingStreamPermissionsForUser(Arg.Is(userId)).Returns(new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, new List <FundingStreamPermission> {
actualPermission
}));
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public async Task WhenUserCanRefreshPublishedQaForSpecification_ShouldSucceed()
{
// Arrange
string userId = Guid.NewGuid().ToString();
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) }));
string specification = WellKnownSpecificationId;
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanRefreshPublishedQa, specification);
EffectiveSpecificationPermission actualPermission = new EffectiveSpecificationPermission
{
CanRefreshPublishedQa = true
};
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
usersApiClient.GetEffectivePermissionsForUser(Arg.Is(userId), Arg.Is(WellKnownSpecificationId)).Returns(new ApiResponse <EffectiveSpecificationPermission>(HttpStatusCode.OK, actualPermission));
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public async Task WhenRoleBasedFeatureIsNotEnabled_AndUserIsNotKnownToTheSystem_ShouldSucceed()
{
// Arrange
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()) }));
List <string> fundingStreamIds = new List <string> {
WellKnownFundingStreamId
};
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = CreateFeatureToggle(false);
FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public async Task GetUserFundingStreamPermissions_WhenUserHasNoAccess_ThenReturnFalse()
{
// Arrange
string userId = "testuser";
ClaimsPrincipal user = BuildClaimsPrincipal(userId);
ApiResponse <IEnumerable <FundingStreamPermission> > permissionsResponse =
new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, new List <FundingStreamPermission>
{
new FundingStreamPermission {
FundingStreamId = "fs1", CanCreateSpecification = true
},
new FundingStreamPermission {
FundingStreamId = "fs2", CanCreateSpecification = true
},
new FundingStreamPermission {
FundingStreamId = "fs3", CanCreateSpecification = false
}
});
IAuthorizationService authorizationService = Substitute.For <IAuthorizationService>();
IUsersApiClient usersClient = Substitute.For <IUsersApiClient>();
usersClient
.GetFundingStreamPermissionsForUser(userId)
.Returns(permissionsResponse);
AuthorizationHelper authHelper = CreateAuthenticationHelper(authorizationService, usersClient);
// Act
FundingStreamPermission result = await authHelper.GetUserFundingStreamPermissions(user, "fs3");
// Assert
result.CanCreateSpecification.Should().BeFalse();
}
public async Task WhenUserIsAdmin_ShouldSucceed()
{
// Arrange
List <Claim> claims = new List <Claim>
{
new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()),
new Claim(Constants.GroupsClaimType, actualOptions.AdminGroupId.ToString())
};
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims));
string specification = WellKnownSpecificationId;
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public async Task WhenRoleBasedFeatureIsNotEnabled_AndUserIsNotKnownToTheSystem_ShouldSucceed()
{
// Arrange
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()) }));
ISpecificationAuthorizationEntity specification = Substitute.For <ISpecificationAuthorizationEntity>();
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, SpecificationActionTypes.CanApproveFunding, specification);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = Substitute.For <IFeatureToggle>();
features.IsRoleBasedAccessEnabled().Returns(false);
SpecificationPermissionHandler authHandler = new SpecificationPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public RoatpApplicationPreambleController(ILogger <RoatpApplicationPreambleController> logger, IRoatpApiClient roatpApiClient,
IUkrlpApiClient ukrlpApiClient, ISessionService sessionService,
ICompaniesHouseApiClient companiesHouseApiClient,
IOuterApiClient outerApiClient,
IOrganisationApiClient organisationApiClient,
IUsersApiClient usersApiClient,
IApplicationApiClient applicationApiClient,
IQnaApiClient qnaApiClient,
IAllowedUkprnValidator ukprnWhitelistValidator,
IResetRouteQuestionsService resetRouteQuestionsService, IReapplicationCheckService reapplicationCheckService)
: base(sessionService)
{
_logger = logger;
_roatpApiClient = roatpApiClient;
_ukrlpApiClient = ukrlpApiClient;
_sessionService = sessionService;
_companiesHouseApiClient = companiesHouseApiClient;
_outerApiClient = outerApiClient;
_organisationApiClient = organisationApiClient;
_usersApiClient = usersApiClient;
_applicationApiClient = applicationApiClient;
_qnaApiClient = qnaApiClient;
_allowedUkprnValidator = ukprnWhitelistValidator;
_resetRouteQuestionsService = resetRouteQuestionsService;
_reapplicationCheckService = reapplicationCheckService;
}
public async Task Specifications_SecurityTrimListForChooseFunding_WhenUserHasAccessToNone_ThenReturnZeroSpecifications()
{
// Arrange
IEnumerable <SpecificationSummary> specifications = new List <SpecificationSummary>
{
new SpecificationSummary {
Id = "spec1", FundingStreams = new List <FundingStream> {
new FundingStream {
Id = "fs1"
}
}
},
new SpecificationSummary {
Id = "spec2", FundingStreams = new List <FundingStream> {
new FundingStream {
Id = "fs2"
}
}
},
new SpecificationSummary {
Id = "spec3", FundingStreams = new List <FundingStream> {
new FundingStream {
Id = "fs3"
}
}
}
};
string userId = "testuser";
ClaimsPrincipal user = BuildClaimsPrincipal(userId);
SpecificationActionTypes permissionRequired = SpecificationActionTypes.CanChooseFunding;
ApiResponse <IEnumerable <Common.ApiClient.Users.Models.FundingStreamPermission> > permissionsResponse = new ApiResponse <IEnumerable <Common.ApiClient.Users.Models.FundingStreamPermission> >(System.Net.HttpStatusCode.OK, new List <Common.ApiClient.Users.Models.FundingStreamPermission>
{
new Common.ApiClient.Users.Models.FundingStreamPermission {
FundingStreamId = "fs1", CanChooseFunding = false
},
new Common.ApiClient.Users.Models.FundingStreamPermission {
FundingStreamId = "fs2", CanChooseFunding = false
},
new Common.ApiClient.Users.Models.FundingStreamPermission {
FundingStreamId = "fs3", CanChooseFunding = false
}
});
IAuthorizationService authorizationService = Substitute.For <IAuthorizationService>();
IUsersApiClient usersClient = Substitute.For <IUsersApiClient>();
usersClient
.GetFundingStreamPermissionsForUser(userId)
.Returns(permissionsResponse);
AuthorizationHelper authHelper = CreateAuthenticationHelper(authorizationService, usersClient);
// Act
IEnumerable <SpecificationSummary> results = await authHelper.SecurityTrimList(user, specifications, permissionRequired);
// Assert
results.Should().BeEmpty();
}
public PayAdHandler(IAdRepository adRepository, IUsersApiClient usersApiClient,
IClock clock, IMessageBroker messageBroker)
{
_adRepository = adRepository;
_usersApiClient = usersApiClient;
_clock = clock;
_messageBroker = messageBroker;
}
public FundingStreamPermissionHandler(IUsersApiClient usersApiClient, IOptions <PermissionOptions> permissionOptions)
{
Guard.ArgumentNotNull(usersApiClient, nameof(usersApiClient));
Guard.ArgumentNotNull(permissionOptions, nameof(permissionOptions));
_usersApiClient = usersApiClient;
_permissionOptions = permissionOptions.Value;
}
static ConfirmSkillsModel CreatePageModel(
IUsersApiClient usersApiClient = null,
IUserProfileService userProfileService = null)
{
return(new ConfirmSkillsModel(
usersApiClient ?? CreateUsersApiClient(),
userProfileService ?? CreateUserProfileService()));
}
public PermissionService(IUsersApiClient usersApiClient, ILogger logger)
{
Guard.ArgumentNotNull(usersApiClient, nameof(usersApiClient));
Guard.ArgumentNotNull(logger, nameof(logger));
_usersClient = usersApiClient;
_logger = logger;
}
public UserService(IHttpContextAccessor contextAccessor, IUsersApiClient usersApiClient, ISessionService sessionService, IApplicationApiClient apiClient, ILogger <UserService> logger)
{
_contextAccessor = contextAccessor;
_usersApiClient = usersApiClient;
_sessionService = sessionService;
_apiClient = apiClient;
_logger = logger;
}
public UsersController(IUsersApiClient usersApiClient, ISessionService sessionService, IHttpContextAccessor contextAccessor,
CreateAccountValidator createAccountValidator)
{
_usersApiClient = usersApiClient;
_sessionService = sessionService;
_contextAccessor = contextAccessor;
_createAccountValidator = createAccountValidator;
}
public ConfirmSkillsModel(IUsersApiClient usersApiClient, IUserProfileService userProfileService)
{
Guard.ArgumentNotNull(usersApiClient, nameof(usersApiClient));
Guard.ArgumentNotNull(userProfileService, nameof(userProfileService));
_usersApiClient = usersApiClient;
_userProfileService = userProfileService;
}
public void OnPostAsync_GivenCookieDoesNotAlreadyExistsAndCallingConfirmSkillsReturnsBadRequest_ReturnsInternalServerError()
{
//Arrange
const string upn = "*****@*****.**";
IIdentity identity = Substitute.For <IIdentity>();
identity
.Name
.Returns(upn);
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(identity);
HttpContext httpContext = Substitute.For <HttpContext>();
httpContext
.User
.Returns(claimsPrincipal);
UserProfile userProfile = new UserProfile()
{
Firstname = "First",
Lastname = "Last",
Id = "123",
UPN = upn
};
IUserProfileService userProfileService = CreateUserProfileService();
userProfileService
.GetUser()
.Returns(userProfile);
IUsersApiClient apiClient = CreateUsersApiClient();
apiClient
.ConfirmSkills(Arg.Is("123"), Arg.Is <UserConfirmModel>(u => u.Username == upn && u.Name == userProfile.Fullname))
.Returns(new ValidatedApiResponse <User>(HttpStatusCode.BadRequest, (User)null));
ConfirmSkillsModel pageModel = CreatePageModel(apiClient, userProfileService);
pageModel.PageContext = new PageContext
{
HttpContext = httpContext
};
//Act
Func <Task> test = () => pageModel.OnPostAsync();
//Assert
test
.Should()
.ThrowExactly <InvalidOperationException>()
.Which
.Message
.Should()
.Be("Failed to confirm skills for [email protected]");
}
public SpecificationPermissionHandler(IUsersApiClient usersApiClient, IOptions <PermissionOptions> permissionOptions, IFeatureToggle features)
{
Guard.ArgumentNotNull(usersApiClient, nameof(usersApiClient));
Guard.ArgumentNotNull(permissionOptions, nameof(permissionOptions));
Guard.ArgumentNotNull(features, nameof(features));
_usersApiClient = usersApiClient;
_permissionOptions = permissionOptions.Value;
_features = features;
}
public GetHelpController(ILogger <GetHelpController> logger, IQnaApiClient qnaApiClient,
IUsersApiClient usersApiClient, ISessionService sessionService, IOptions <List <TaskListConfiguration> > taskListConfiguration,
IGetHelpWithQuestionEmailService emailService)
{
_logger = logger;
_qnaApiClient = qnaApiClient;
_usersApiClient = usersApiClient;
_sessionService = sessionService;
_taskListConfiguration = taskListConfiguration.Value;
_emailService = emailService;
}
public AuthorizationHelper(IAuthorizationService authorizationService, IUsersApiClient usersClient, ILogger logger, IOptions <PermissionOptions> permissionOptions)
{
Guard.ArgumentNotNull(authorizationService, nameof(authorizationService));
Guard.ArgumentNotNull(usersClient, nameof(usersClient));
Guard.ArgumentNotNull(logger, nameof(logger));
Guard.ArgumentNotNull(permissionOptions, nameof(permissionOptions));
_authorizationService = authorizationService;
_usersClient = usersClient;
_logger = logger;
_permissionOptions = permissionOptions.Value;
}
public async Task Specifications_SecurityTrimList_WhenUserDoesNotHaveAccessToAllFundingStreams_ThenReturnEmpty()
{
// Arrange
IEnumerable <SpecificationSummary> specifications = new List <SpecificationSummary>
{
new SpecificationSummary
{
Id = "spec1",
FundingStreams = new List <PolicyModels.FundingStream>
{
new PolicyModels.FundingStream {
Id = "fs1"
}, new PolicyModels.FundingStream {
Id = "fs2"
}
}
}
};
string userId = "testuser";
ClaimsPrincipal user = BuildClaimsPrincipal(userId);
SpecificationActionTypes permissionRequired = SpecificationActionTypes.CanCreateQaTests;
ApiResponse <IEnumerable <FundingStreamPermission> > permissionsResponse =
new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK,
new List <FundingStreamPermission>
{
new FundingStreamPermission {
FundingStreamId = "fs1", CanCreateQaTests = true
},
new FundingStreamPermission {
FundingStreamId = "fs2", CanCreateQaTests = false
},
new FundingStreamPermission {
FundingStreamId = "fs3", CanCreateQaTests = true
}
});
IAuthorizationService authorizationService = Substitute.For <IAuthorizationService>();
IUsersApiClient usersClient = Substitute.For <IUsersApiClient>();
usersClient
.GetFundingStreamPermissionsForUser(userId)
.Returns(permissionsResponse);
AuthorizationHelper authHelper = CreateAuthenticationHelper(authorizationService, usersClient);
// Act
IEnumerable <SpecificationSummary> results = await authHelper.SecurityTrimList(user, specifications, permissionRequired);
// Assert
results.Should().BeEmpty();
}
public async Task FundingStreams_SecurityTrimList_WhenUserHasAccessToSome_ThenReturnSome()
{
// Arrange
IEnumerable <PolicyModels.FundingStream> fundingStreamIds = new List <PolicyModels.FundingStream>
{
new PolicyModels.FundingStream {
Id = "fs1"
},
new PolicyModels.FundingStream {
Id = "fs2"
},
new PolicyModels.FundingStream {
Id = "fs3"
}
};
string userId = "testuser";
ClaimsPrincipal user = BuildClaimsPrincipal(userId);
FundingStreamActionTypes permissionRequired = FundingStreamActionTypes.CanCreateSpecification;
ApiResponse <IEnumerable <FundingStreamPermission> > permissionsResponse =
new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK,
new List <FundingStreamPermission>
{
new FundingStreamPermission {
FundingStreamId = "fs1", CanCreateSpecification = false
},
new FundingStreamPermission {
FundingStreamId = "fs2", CanCreateSpecification = true
},
new FundingStreamPermission {
FundingStreamId = "fs3", CanCreateSpecification = false
}
});
IAuthorizationService authorizationService = Substitute.For <IAuthorizationService>();
IUsersApiClient usersClient = Substitute.For <IUsersApiClient>();
usersClient
.GetFundingStreamPermissionsForUser(userId)
.Returns(permissionsResponse);
AuthorizationHelper authHelper = CreateAuthenticationHelper(authorizationService, usersClient);
// Act
IEnumerable <PolicyModels.FundingStream> results = await authHelper.SecurityTrimList(user, fundingStreamIds, permissionRequired);
// Assert
results.Should().HaveCount(1);
results.Should().Contain(r => r.Id == "fs2");
}
public CreateChatCommandHandler(
IChatRepository chatRepository,
IEventBus eventBus,
ILogger <CreateChatCommandHandler> logger,
IUsersApiClient usersApiClient,
IMapper mapper,
ChatsContext context)
{
_chatRepository = chatRepository;
_eventBus = eventBus;
_logger = logger;
_usersApiClient = usersApiClient;
_mapper = mapper;
_context = context;
}
public async Task ApplyPermissions(UserPermission userPermission)
{
List <UserPermission> userPermissions = new List <UserPermission>()
{
userPermission
};
StaticHttpClientFactory httpClientFactory = new StaticHttpClientFactory();
IUsersApiClient usersClient = GenerateUsersApiClient(logger, httpClientFactory, environmentConfiguration);
PermissionService permissionService = new PermissionService(usersClient, logger);
var result = await permissionService.ApplyPermissions(userPermissions);
var failedRequests = result.Values.Where(r => r.StatusCode != System.Net.HttpStatusCode.OK);
if (failedRequests.Any())
{
throw new Exception($"Failed to Set Permissions on {failedRequests.Count()} Users");
}
}
public async Task InvokeAsync(HttpContext context)
{
if (context.User.Identity.IsAuthenticated)
{
bool haveCookieForConfirmedSkills = context.Request.Cookies.ContainsKey(UserConstants.SkillsConfirmationCookieName);
if (!haveCookieForConfirmedSkills && DoesRequestRequireSkills(context.Request))
{
IUsersApiClient usersApiClient = context.RequestServices.GetService <IUsersApiClient>();
UserProfile profile = context.User.GetUserProfile();
ApiResponse <User> apiResponse = await usersApiClient.GetUserByUserId(profile.Id);
if (apiResponse.StatusCode != HttpStatusCode.OK)
{
context.Response.StatusCode = (int)apiResponse.StatusCode;
context.Response.WriteAsync("Could not verify that user has confirmed skills").Wait();
return;
}
if (!apiResponse.Content.HasConfirmedSkills)
{
context.Response.StatusCode = 451;
context.Response.WriteAsync("User has not confirmed skills").Wait();
return;
}
CookieOptions option = new CookieOptions
{
Expires = DateTime.Now.AddDays(1),
Secure = true,
HttpOnly = true
};
context.Response.Cookies.Append(UserConstants.SkillsConfirmationCookieName, "true", option);
}
}
await _next(context);
}
