public void NonAdminCannotApproveValidators() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataApiClient); try { var validatorDefinition = new ValidatorDefinition("MyClass", ValidatorType.TextRules, "Id EXISTS"); AssertStatusCode( () => dataApiClient.SubmitValidatorAsync(validatorDefinition).Wait(), HttpStatusCode.OK, "Could not submit validator"); AssertStatusCode( () => dataApiClient.ApproveValidatorAsync(validatorDefinition.Id).Wait(), HttpStatusCode.Unauthorized, "Non-admin validator approval"); AssertStatusCode( () => adminDataApiClient.ApproveValidatorAsync(validatorDefinition.Id).Wait(), HttpStatusCode.OK, "Admin validator approval"); AssertStatusCode( () => dataApiClient.UnapproveValidatorAsync(validatorDefinition.Id).Wait(), HttpStatusCode.Unauthorized, "Non-admin validator unapproval"); AssertStatusCode( () => adminDataApiClient.UnapproveValidatorAsync(validatorDefinition.Id).Wait(), HttpStatusCode.OK, "Admin validator unapproval"); AssertStatusCode( () => dataApiClient.DeleteValidatorAsync(validatorDefinition.Id).Wait(), HttpStatusCode.OK, "Could not delete validator"); } finally { UserGenerator.DeleteUser(dataApiClient); } }
public void UsersCanReportDataToEachOther() { UserGenerator.RegisterAndLoginUserWithRole(Role.Viewer, adminDataApiClient, out var otherDataApiClient); var dataType = nameof(UnitTestDataObject2); var dataObjectId = "FakeID"; try { AssertStatusCode( () => analystDataApiClient.ReportTo(otherDataApiClient.LoggedInUsername, dataType, dataObjectId).Wait(), HttpStatusCode.OK); List <SubscriptionNotification> notifications = null; AssertStatusCode( () => notifications = otherDataApiClient.GetSubscribedObjects().Result, HttpStatusCode.OK); Assert.That(notifications.Count, Is.EqualTo(1)); var notification = notifications.Single(); Assert.That(notification.DataType, Is.EqualTo(dataType)); Assert.That(notification.DataObjectId, Is.EqualTo(dataObjectId)); Assert.That(notification.ModificationType, Is.EqualTo(DataModificationType.Created)); AssertStatusCode( () => otherDataApiClient.DeleteNotificationAsync(notification.Id).Wait(), HttpStatusCode.OK); } finally { UserGenerator.DeleteUser(otherDataApiClient); } }
public void ValidatorAcceptsMatchingObject() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataApiClient); var validatorDefinition = new ValidatorDefinition(nameof(UnitTestDataObject2), ValidatorType.TextRules, "Number IS LESS THAN 150"); var testObject = new UnitTestDataObject2 { Name = "Hello world!", Number = 42 }; var objectId = "ValidatorAcceptsMatchingObject"; try { AssertStatusCode( () => dataApiClient.SubmitValidatorAsync(validatorDefinition).Wait(), HttpStatusCode.OK, "Could not submit validator"); AssertStatusCode( () => dataApiClient.ReplaceAsync(testObject, objectId).Wait(), HttpStatusCode.OK, "Could not submit data"); } finally { dataApiClient.DeleteAsync <UnitTestDataObject2>(objectId).Wait(); dataApiClient.DeleteValidatorAsync(validatorDefinition.Id).Wait(); UserGenerator.DeleteUser(dataApiClient); } }
public void ManagerCanSetRoles() { UserGenerator.RegisterAndLoginUserWithRole(Role.UserManager, adminDataApiClient, out var managerDataApiClient); UserGenerator.RegisterAndLoginUserWithoutRoles(out var unprivilegedDataApiClient); var collectionName = nameof(UnitTestDataObject1); MakeCollectionProtected(collectionName); try { AssertStatusCode( () => managerDataApiClient.SetCollectionRoleForUser(unprivilegedDataApiClient.LoggedInUsername, new [] { Role.Viewer }, collectionName), HttpStatusCode.OK); CollectionInformation collectionPermissions = null; AssertStatusCode( () => collectionPermissions = unprivilegedDataApiClient.GetCollectionInformationAsync(collectionName).Result, HttpStatusCode.OK); Assert.That(collectionPermissions, Is.Not.Null); Assert.That(collectionPermissions.UserRoles.Count, Is.EqualTo(1)); Assert.That(collectionPermissions.UserRoles.Single(), Is.EqualTo(Role.Viewer)); } finally { MakeCollectionUnprotected(collectionName); UserGenerator.DeleteUser(unprivilegedDataApiClient); UserGenerator.DeleteUser(managerDataApiClient); } }
public async Task MeasureOutputPerformance() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataApiClient); var resultFormat = ResultFormat.Json; var resultStream = await dataApiClient.SearchAsync($"SELECT Data.id FROM {DataApiClient.GetCollectionName<UnitTestDataObject1>()}", resultFormat); var resultTable = await Client.Serialization.SeachResultStreamExtensions.ReadAllSearchResultsAsync(resultStream); var stopWatch = Stopwatch.StartNew(); var batches = new List <UnitTestDataObject1>(); foreach (var componentId in resultTable.Select(x => x.Value <string>("Data_id"))) { var batch = dataApiClient.GetAsync <UnitTestDataObject1>(componentId).Result; batches.Add(batch); } stopWatch.Stop(); var rowCount = batches.Count; var averageRetreivalTime = stopWatch.Elapsed.TotalMilliseconds / rowCount; Console.WriteLine($"It took {stopWatch.Elapsed.TotalSeconds:F3}s to retreive {rowCount} objects (avg: {averageRetreivalTime:F0}ms)"); UserGenerator.DeleteUser(dataApiClient); }
public void ViewerCanGetAndSearchData() { UserGenerator.RegisterAndLoginUserWithRole(Role.Viewer, adminDataApiClient, out var viewerDataApiClient); var testObject = new UnitTestDataObject1(); var objectId = analystDataApiClient.InsertAsync(testObject).Result; try { UnitTestDataObject1 retreivedObject = null; AssertStatusCode( () => retreivedObject = viewerDataApiClient.GetAsync <UnitTestDataObject1>(objectId).Result, HttpStatusCode.OK, "Get"); Assert.That(retreivedObject.Id, Is.EqualTo(testObject.Id)); var query = $"SELECT * FROM {nameof(UnitTestDataObject1)}"; AssertStatusCode( () => viewerDataApiClient.SearchAsync(query, ResultFormat.Json).Wait(), HttpStatusCode.OK, "Search"); } finally { analystDataApiClient.DeleteAsync <UnitTestDataObject1>(objectId).Wait(); UserGenerator.DeleteUser(viewerDataApiClient); } }
public void DataProducerCanGetId() { UserGenerator.RegisterAndLoginUserWithRole(Role.DataProducer, adminDataApiClient, out var dataProducerApiClient); var dataType = nameof(UnitTestDataObject1); string id = null; AssertStatusCode( () => id = dataProducerApiClient.GetNewIdAsync(dataType).Result, HttpStatusCode.OK); Assert.That(id, Is.Not.Null); analystDataApiClient.DeleteAsync <UnitTestDataObject1>(id); }
public void LoginAdmin() { Assume.That(adminDataApiClient.IsAvailable()); var adminUserAuthenticationResult = adminDataApiClient.Login(ApiSetup.UnitTestAdminUsername, ApiSetup.UnitTestAdminPassword); Assume.That(adminDataApiClient.LoginMethod, Is.EqualTo(LoginMethod.JsonWebToken)); if (!adminUserAuthenticationResult.IsAuthenticated) { throw new Exception("Could not log unit test admin in"); } analystAuthenticationResult = UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out analystDataApiClient); }
public async Task ViewQueryParametersAreApplied() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataApiClient); // Generate data for test var searchDataCount = 5; var limit = 2; // This is our view parameter. If view parameters work as expected, only 2 of the 5 search objects are returned. Assume.That(searchDataCount, Is.GreaterThan(limit)); var searchData = SearchDataGenerator.GenerateAndSubmitSearchData(searchDataCount, dataApiClient); ViewInformation viewInformation = null; try { // Setup var viewQuery = $"SELECT Data.Id AS Id FROM {nameof(UnitTestSearchObject)} LIMIT {{limit}}"; var expires = DateTime.UtcNow.AddMinutes(3); Assert.That(() => viewInformation = dataApiClient.CreateViewAsync(viewQuery, expires).Result, Throws.Nothing); Assert.That(viewInformation, Is.Not.Null); // Test 1: BadRequest response if no parameters provided var resultFormat = ResultFormat.Json; AssertStatusCode( () => dataApiClient.GetViewAsync(viewInformation.ViewId, resultFormat).Wait(), HttpStatusCode.BadRequest); // Test 2: View is correctly generated when all parameters are provided and parameters are correctly applied var viewParameters = new Dictionary <string, string> { { "limit", limit.ToString() } }; Stream viewResult = null; Assert.That( async() => viewResult = await dataApiClient.GetViewAsync(viewInformation.ViewId, resultFormat, viewParameters), Throws.Nothing); var resultTable = await Client.Serialization.SeachResultStreamExtensions.ReadAllSearchResultsAsync(viewResult); Assert.That(resultTable.Count, Is.EqualTo(limit)); } finally { SearchDataGenerator.DeleteData(searchData, dataApiClient); if (viewInformation != null) { dataApiClient.DeleteViewAsync(viewInformation.ViewId).Wait(); } UserGenerator.DeleteUser(dataApiClient); } }
public void NonManagerCannotSeeRoles() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var analyst2DataApiClient); try { AssertStatusCode( () => analystDataApiClient.GetGlobalRolesForUser(analyst2DataApiClient.LoggedInUsername).Wait(), HttpStatusCode.Unauthorized); } finally { UserGenerator.DeleteUser(analyst2DataApiClient); } }
public void ManagerCannotAddRolesToThemself() { UserGenerator.RegisterAndLoginUserWithRole(Role.UserManager, adminDataApiClient, out var managerDataApiClient); try { AssertStatusCode( () => managerDataApiClient.AddGlobalRoleToUser(managerDataApiClient.LoggedInUsername, Role.Admin), HttpStatusCode.Unauthorized); } finally { UserGenerator.DeleteUser(managerDataApiClient); } }
public void CollectionPermissionsAreUsedForProtectedCollection() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataApiClient); var dataType = nameof(UnitTestSearchObject); adminDataApiClient.SetCollectionOptions( new CollectionOptions(dataType) { IsProtected = true }); var submittedData = SearchDataGenerator.GenerateAndSubmitSearchData(1, adminDataApiClient); try { // Make sure our user is not already permitted to access data from this collection AssertStatusCode( () => dataApiClient.GetManyAsync <UnitTestSearchObject>("").Wait(), HttpStatusCode.Unauthorized, "Get many with user without roles"); adminDataApiClient.AddCollectionRoleToUser(dataApiClient.LoggedInUsername, Role.Analyst, dataType); // Check that user has access List <UnitTestSearchObject> searchObjects = null; AssertStatusCode( () => searchObjects = dataApiClient.GetManyAsync <UnitTestSearchObject>("").Result, HttpStatusCode.OK, "Get many with user with added role"); Assert.That(searchObjects.Count, Is.EqualTo(1)); // Remove access adminDataApiClient.RemoveCollectionRoleFromUser(dataApiClient.LoggedInUsername, Role.Analyst, dataType); // Check that user no longer has access AssertStatusCode( () => dataApiClient.GetManyAsync <UnitTestSearchObject>("").Wait(), HttpStatusCode.Unauthorized, "Get many with user with removed role"); } finally { adminDataApiClient.SetCollectionOptions( new CollectionOptions(dataType) { IsProtected = false }); SearchDataGenerator.DeleteData(submittedData, adminDataApiClient); UserGenerator.DeleteUser(dataApiClient); } }
public void NonManagerUserCannotDeleteOtherUsers() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var analyst2DataApiClient); try { // User should not be able to add role to themself AssertStatusCode( () => analystDataApiClient.DeleteUser(analyst2DataApiClient.LoggedInUsername), HttpStatusCode.Unauthorized); } finally { UserGenerator.DeleteUser(analyst2DataApiClient); } }
public void NonManagerUserCannotChangePasswordOfOtherUser() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var analyst2DataApiClient); try { var newPassword = UserGenerator.GeneratePassword(); AssertStatusCode( () => analystDataApiClient.ChangePassword(analyst2DataApiClient.LoggedInUsername, newPassword), HttpStatusCode.Unauthorized); } finally { UserGenerator.DeleteUser(analyst2DataApiClient); } }
public void ManagerCanAddRoles() { UserGenerator.RegisterAndLoginUserWithRole(Role.UserManager, adminDataApiClient, out var managerDataApiClient); UserGenerator.RegisterAndLoginUserWithoutRoles(out var unpriviligedDataApiClient); try { AssertStatusCode( () => managerDataApiClient.AddGlobalRoleToUser(unpriviligedDataApiClient.LoggedInUsername, Role.Admin), HttpStatusCode.OK); } finally { UserGenerator.DeleteUser(managerDataApiClient); UserGenerator.DeleteUser(unpriviligedDataApiClient); } }
public void DeleteManyDeletesExpectedItems() { UserGenerator.RegisterAndLoginUserWithRole(Role.DataProducer, adminDataApiClient, out var otherUserDataApiClient); var testObject1 = new UnitTestDataObject1 { Id = "DeleteManyTest_DeleteMe_1" }; var testObject2 = new UnitTestDataObject1 { Id = "DeleteManyTest_DeleteMe_2" }; var testObject3 = new UnitTestDataObject1 { Id = "DeleteManyTest_DoNotDelete" }; var testObject4 = new UnitTestDataObject1 { Id = "DeleteManyTest_DeleteMe_Otheruser" }; analystDataApiClient.ReplaceAsync(testObject1, testObject1.Id); analystDataApiClient.ReplaceAsync(testObject2, testObject2.Id); analystDataApiClient.ReplaceAsync(testObject3, testObject3.Id); otherUserDataApiClient.ReplaceAsync(testObject4, testObject4.Id); Task.Delay(500).Wait(); // Work-around for test objects occasionaly not being available when query below is executed try { List <DeleteResult> deleteResults = null; AssertStatusCode( () => deleteResults = analystDataApiClient.DeleteMany <UnitTestDataObject1>("Data.Id LIKE '%DeleteMe%'").Result, HttpStatusCode.OK); Assert.That(deleteResults.Count, Is.EqualTo(3)); Assert.That(deleteResults, Has.Exactly(2).Matches <DeleteResult>(x => x.IsDeleted)); Assert.That(deleteResults, Has.Exactly(1).Matches <DeleteResult>(x => !x.IsDeleted)); Assert.That(analystDataApiClient.ExistsAsync <UnitTestDataObject1>(testObject1.Id).Result, Is.False); Assert.That(analystDataApiClient.ExistsAsync <UnitTestDataObject1>(testObject2.Id).Result, Is.False); Assert.That(analystDataApiClient.ExistsAsync <UnitTestDataObject1>(testObject3.Id).Result, Is.True); Assert.That(analystDataApiClient.ExistsAsync <UnitTestDataObject1>(testObject4.Id).Result, Is.True); } finally { analystDataApiClient.DeleteAsync <UnitTestDataObject1>(testObject1.Id); analystDataApiClient.DeleteAsync <UnitTestDataObject1>(testObject2.Id); analystDataApiClient.DeleteAsync <UnitTestDataObject1>(testObject3.Id); otherUserDataApiClient.DeleteAsync <UnitTestDataObject1>(testObject4.Id); UserGenerator.DeleteUser(otherUserDataApiClient); } }
public void ValidatorRejectsNonMatchingObject() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataApiClient); var validatorDefinition = new ValidatorDefinition(nameof(UnitTestDataObject2), ValidatorType.TextRules, "Number IS LESS THAN 150"); var testObject = new UnitTestDataObject2 { Name = "Hello world!", Number = 250 }; var objectId = "ValidatorRejectsNonMatchingObject"; try { AssertStatusCode( () => dataApiClient.InsertAsync(testObject, objectId).Wait(), HttpStatusCode.OK, "Submit data before validator"); AssertStatusCode( () => dataApiClient.SubmitValidatorAsync(validatorDefinition).Wait(), HttpStatusCode.OK, "Could not submit validator"); try { AssertStatusCode( () => adminDataApiClient.ApproveValidatorAsync(validatorDefinition.Id).Wait(), HttpStatusCode.OK, "Approve validator"); AssertStatusCode( () => dataApiClient.ApplyValidatorAsync(testObject).Wait(), HttpStatusCode.BadRequest, "Apply validator"); testObject.Number = 251; AssertStatusCode( () => dataApiClient.ReplaceAsync(testObject, objectId).Wait(), HttpStatusCode.BadRequest, "Submit data after validator"); var retreivedObject = dataApiClient.GetAsync <UnitTestDataObject2>(objectId).Result; Assert.That(retreivedObject.Number, Is.EqualTo(250)); } finally { dataApiClient.DeleteValidatorAsync(validatorDefinition.Id).Wait(); } } finally { dataApiClient.DeleteAsync <UnitTestDataObject2>(objectId).Wait(); UserGenerator.DeleteUser(dataApiClient); } }
public void ViewerCanGetAllUserProfiles() { UserGenerator.RegisterAndLoginUserWithRole(Role.Viewer, adminDataApiClient, out var viewerDataApiClient); try { List <UserProfile> userProfiles = null; AssertStatusCode( () => userProfiles = viewerDataApiClient.GetAllUserProfiles().Result, HttpStatusCode.OK); Assert.That(userProfiles, Is.Not.Null); Assert.That(userProfiles, Has.One.Matches <UserProfile>(profile => profile.Username == viewerDataApiClient.LoggedInUsername)); } finally { UserGenerator.DeleteUser(viewerDataApiClient); } }
public void DataFromOtherUserCanBeOverwrittenAndDeletedIfEnabled() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var analyst2DataApiClient); var testObject = new UnitTestDataObject1(); string objectId = null; Assert.That(() => objectId = analystDataApiClient.InsertAsync(testObject).Result, Throws.Nothing); Assert.That(objectId, Is.Not.Null); // Enable overwriting of data adminDataApiClient.SetCollectionOptions( new CollectionOptions(nameof(UnitTestDataObject1)) { NonAdminUsersCanOverwriteData = true }); try { // Test 1: Delete // NOTE: Order of tests is important, because overwriting data // results in taking ownership of the object // and then be able to delete it, but we also want to // test that we can delete even if the object isn't ours. AssertStatusCode( () => analyst2DataApiClient.DeleteAsync <UnitTestDataObject1>(objectId).Wait(), HttpStatusCode.OK, "Delete"); // Test 2: Overwrite AssertStatusCode( () => analyst2DataApiClient.ReplaceAsync(new UnitTestDataObject1(), objectId).Wait(), HttpStatusCode.OK, "Replace"); } finally { UserGenerator.DeleteUser(analyst2DataApiClient); analystDataApiClient.DeleteAsync <UnitTestDataObject1>(objectId).Wait(); adminDataApiClient.SetCollectionOptions( new CollectionOptions(nameof(UnitTestDataObject1)) { NonAdminUsersCanOverwriteData = false }); } }
public void LoggedInUserCanCreateAccessAndDeleteOwnViews() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataApiClient); var query = "SELECT * FROM Computers LIMIT 3"; var expires = DateTime.UtcNow.AddMinutes(3); ViewInformation viewInformation = null; try { Assert.That(() => viewInformation = dataApiClient.CreateViewAsync(query, expires).Result, Throws.Nothing); Assert.That(viewInformation, Is.Not.Null); Assert.That(() => dataApiClient.GetViewAsync(viewInformation.ViewId, ResultFormat.Json).Wait(), Throws.Nothing); Assert.That(() => dataApiClient.DeleteViewAsync(viewInformation.ViewId).Wait(), Throws.Nothing); } finally { UserGenerator.DeleteUser(dataApiClient); } }
public void LoggedInUserCanSubmitAndDeleteValidator() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataApiClient); try { var validatorDefinition = new ValidatorDefinition("MyClass", ValidatorType.TextRules, "Id EXISTS"); AssertStatusCode( () => dataApiClient.SubmitValidatorAsync(validatorDefinition).Wait(), HttpStatusCode.OK, "Could not submit validator"); AssertStatusCode( () => dataApiClient.DeleteValidatorAsync(validatorDefinition.Id).Wait(), HttpStatusCode.OK, "Could not delete validator"); } finally { UserGenerator.DeleteUser(dataApiClient); } }
public void NonManagerUserCannotAddRoles() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var analyst2DataApiClient); try { // User should not be able to add role to themself AssertStatusCode( () => analyst2DataApiClient.AddGlobalRoleToUser(analyst2DataApiClient.LoggedInUsername, Role.Admin), HttpStatusCode.Unauthorized, "Add role to self"); // User should not be able to add role to other user AssertStatusCode( () => analystDataApiClient.AddGlobalRoleToUser(analyst2DataApiClient.LoggedInUsername, Role.Admin), HttpStatusCode.Unauthorized, "Add role to other user"); } finally { UserGenerator.DeleteUser(analyst2DataApiClient); } }
public void UserCanSeeOwnRoles() { var userRole = Role.Analyst; UserGenerator.RegisterAndLoginUserWithRole(userRole, adminDataApiClient, out var dataApiClient); try { List <Role> roles = null; AssertStatusCode( () => roles = dataApiClient.GetGlobalRolesForUser(dataApiClient.LoggedInUsername).Result, HttpStatusCode.OK); Assert.That(roles, Is.Not.Null); Assert.That(roles, Is.EquivalentTo(new[] { userRole })); } finally { UserGenerator.DeleteUser(dataApiClient); } }
public void ManagerCanDeleteUser() { UserGenerator.RegisterAndLoginUserWithRole(Role.UserManager, adminDataApiClient, out var managerDataApiClient); UserGenerator.RegisterAndLoginUserWithoutRoles(out var unprivilegedDataApiClient); try { AssertStatusCode( () => managerDataApiClient.DeleteUser(unprivilegedDataApiClient.LoggedInUsername), HttpStatusCode.OK); } catch (AssertionException) { UserGenerator.DeleteUser(unprivilegedDataApiClient); } finally { UserGenerator.DeleteUser(managerDataApiClient); } }
public void OtherUserCannotSubmitObjectWithSameId() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataProducerApiClient); var dataType = nameof(UnitTestDataObject1); string id = null; AssertStatusCode( () => id = dataProducerApiClient.GetNewIdAsync(dataType).Result, HttpStatusCode.OK); Assert.That(id, Is.Not.Null); var testObject = new UnitTestDataObject1 { Id = id }; AssertStatusCode( () => analystDataApiClient.InsertAsync(testObject, id).Wait(), HttpStatusCode.Conflict); dataProducerApiClient.DeleteAsync <UnitTestDataObject1>(id); }
public void DataFromOtherUserCannotBeOverwrittenNorDeleted() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var analyst2DataApiClient); // Make sure overwriting is disabled adminDataApiClient.SetCollectionOptions( new CollectionOptions(nameof(UnitTestDataObject1)) { NonAdminUsersCanOverwriteData = false }); var testObject = new UnitTestDataObject1(); string objectId = null; Assert.That(() => objectId = analystDataApiClient.InsertAsync(testObject).Result, Throws.Nothing); Assert.That(objectId, Is.Not.Null); try { // Test 1: Overwrite var otherTestObject = new UnitTestDataObject1 { Id = objectId }; AssertStatusCode( () => analyst2DataApiClient.ReplaceAsync(otherTestObject, otherTestObject.Id).Wait(), HttpStatusCode.Unauthorized); // Test 2: Delete AssertStatusCode( () => analyst2DataApiClient.DeleteAsync <UnitTestDataObject1>(objectId).Wait(), HttpStatusCode.Unauthorized); AssertStatusCode( () => analystDataApiClient.DeleteAsync <UnitTestDataObject1>(objectId).Wait(), HttpStatusCode.OK); } finally { UserGenerator.DeleteUser(analyst2DataApiClient); } }
public void MeasureInputPerformance() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataApiClient); var testObjects = Enumerable.Range(0, 1000).Select(idx => new UnitTestDataObject1()).ToList(); var stopWatch = Stopwatch.StartNew(); foreach (var testObject in testObjects) { dataApiClient.InsertAsync(testObject).Wait(); } stopWatch.Stop(); var averageStorageTime = stopWatch.Elapsed.TotalMilliseconds / testObjects.Count; Console.WriteLine($"It took {stopWatch.Elapsed.TotalSeconds:F3}s to store {testObjects.Count} objects (avg: {averageStorageTime:F0}ms)"); foreach (var testObject in testObjects) { dataApiClient.DeleteAsync <UnitTestDataObject1>(testObject.Id).Wait(); } UserGenerator.DeleteUser(dataApiClient); }
public void ViewQueriesWithPlaceholderInFromArgumentAreRejected() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataApiClient); var query = "SELECT * FROM {placeholder} LIMIT 3"; var expires = DateTime.UtcNow.AddMinutes(3); ViewInformation viewInformation = null; try { AssertStatusCode( () => viewInformation = dataApiClient.CreateViewAsync(query, expires).Result, HttpStatusCode.BadRequest); } catch { // If test fails and view is created, delete it again dataApiClient.DeleteViewAsync(viewInformation.ViewId).Wait(); } finally { UserGenerator.DeleteUser(dataApiClient); } }
public void RolesCanBeSetMoreThanOnce() { // Sounds silly, but relates to bug-2835 UserGenerator.RegisterAndLoginUserWithRole(Role.UserManager, adminDataApiClient, out var managerDataApiClient); UserGenerator.RegisterAndLoginUserWithoutRoles(out var unprivilegedDataApiClient); var collectionName = nameof(UnitTestDataObject1); MakeCollectionProtected(collectionName); try { AssertStatusCode( () => managerDataApiClient.SetCollectionRoleForUser( unprivilegedDataApiClient.LoggedInUsername, new [] { Role.Viewer }, collectionName), HttpStatusCode.OK); var collectionPermissions = unprivilegedDataApiClient.GetCollectionInformationAsync(collectionName).Result; Assert.That(collectionPermissions.UserRoles.Count, Is.EqualTo(1)); Assert.That(collectionPermissions.UserRoles.Single(), Is.EqualTo(Role.Viewer)); AssertStatusCode( () => managerDataApiClient.SetCollectionRoleForUser( unprivilegedDataApiClient.LoggedInUsername, new[] { Role.Viewer, Role.UserManager }, collectionName), HttpStatusCode.OK); collectionPermissions = unprivilegedDataApiClient.GetCollectionInformationAsync(collectionName).Result; Assert.That(collectionPermissions.UserRoles, Is.EquivalentTo(new[] { Role.Viewer, Role.UserManager })); } finally { MakeCollectionUnprotected(collectionName); UserGenerator.DeleteUser(unprivilegedDataApiClient); UserGenerator.DeleteUser(managerDataApiClient); } }
public void GlobalPermissionsAreUsedForUnprotectedCollection() { UserGenerator.RegisterAndLoginUserWithRole(Role.Analyst, adminDataApiClient, out var dataApiClient); var dataType = nameof(UnitTestSearchObject); // Make sure collection is not protected adminDataApiClient.SetCollectionOptions( new CollectionOptions(dataType) { IsProtected = false }); var submittedData = SearchDataGenerator.GenerateAndSubmitSearchData(1, adminDataApiClient); try { // Check that user has access List <UnitTestSearchObject> searchObjects = null; AssertStatusCode( () => searchObjects = dataApiClient.GetManyAsync <UnitTestSearchObject>("").Result, HttpStatusCode.OK, "Get many with authorized user"); Assert.That(searchObjects.Count, Is.EqualTo(1)); // Remove role adminDataApiClient.RemoveGlobalRoleFromUser(dataApiClient.LoggedInUsername, Role.Analyst); AssertStatusCode( () => dataApiClient.GetManyAsync <UnitTestSearchObject>("").Wait(), HttpStatusCode.Unauthorized, "Get many with unauthorized user"); } finally { SearchDataGenerator.DeleteData(submittedData, adminDataApiClient); UserGenerator.DeleteUser(dataApiClient); } }