public void GetSubjects() { PermissionTestUtils.PolicyCheckBuilder <ContentSecurityPolicies>() .ExpectResourceCheckToFail(_release, ContentSecurityPolicies.CanViewRelease) .AssertForbidden( userService => { var service = BuildReleaseMetaService(userService: userService.Object); return(service.GetSubjects(_release.Id)); } ); }
public void GetReleaseStatusesAsync() { PermissionTestUtils.PolicyCheckBuilder <ContentSecurityPolicies>() .ExpectResourceCheck(_release, ContentSecurityPolicies.CanViewRelease, false) .AssertForbidden( async userService => { var service = BuildReleaseStatusService(userService: userService.Object); return(await service.GetReleaseStatusAsync(_release.Id)); } ); }
public void Query_LatestRelease_CanViewSubjectData() { PermissionTestUtils.PolicyCheckBuilder <DataSecurityPolicies>() .ExpectResourceCheckToFail(_subject, DataSecurityPolicies.CanViewSubjectData) .AssertForbidden( async userService => { var publication = new Model.Publication { Id = Guid.NewGuid(), }; var release = new Model.Release { Id = Guid.NewGuid(), }; var subjectService = new Mock <ISubjectService>(); subjectService .Setup(s => s.IsSubjectForLatestPublishedRelease(_subject.Id)) .ReturnsAsync(false); subjectService .Setup(s => s.GetPublicationForSubject(_subject.Id)) .ReturnsAsync(publication); var releaseService = new Mock <IReleaseService>(); releaseService .Setup(s => s.GetLatestPublishedRelease(publication.Id)) .Returns(release); var service = BuildTableBuilderService( userService: userService.Object, subjectService: subjectService.Object, releaseService: releaseService.Object ); return(await service.Query( new ObservationQueryContext { SubjectId = _subject.Id } )); } ); }
public static async Task AssertSecurityPoliciesChecked <TProtectedResource, TReturn, TService>( Func <TService, Task <Either <ActionResult, TReturn> > > protectedAction, TProtectedResource resource, Mock <IUserService> userService, TService service, params SecurityPolicies[] policies) { policies.ToList().ForEach(policy => userService .Setup(s => s.MatchesPolicy(resource, policy)) .ReturnsAsync(policy != policies.Last())); var result = await protectedAction.Invoke(service); PermissionTestUtils.AssertForbidden(result); policies.ToList().ForEach(policy => userService.Verify(s => s.MatchesPolicy(resource, policy))); }
public void Query_ReleaseId_CanViewSubjectData() { PermissionTestUtils.PolicyCheckBuilder <DataSecurityPolicies>() .ExpectResourceCheckToFail(_subject, DataSecurityPolicies.CanViewSubjectData) .AssertForbidden( async userService => { var releaseSubject = new ReleaseSubject { ReleaseId = _release.Id, Release = _release, SubjectId = _subject.Id, Subject = _subject, }; var statisticsPersistenceHelper = StatisticsPersistenceHelperMock(_subject); MockUtils.SetupCall(statisticsPersistenceHelper, releaseSubject); var subjectService = new Mock <ISubjectService>(); subjectService .Setup(s => s.IsSubjectForLatestPublishedRelease(_subject.Id)) .ReturnsAsync(false); var service = BuildTableBuilderService( userService: userService.Object, subjectService: subjectService.Object, statisticsPersistenceHelper: statisticsPersistenceHelper.Object ); return(await service.Query( releaseSubject.ReleaseId, new ObservationQueryContext { SubjectId = _subject.Id } )); } ); }