public async Task DoesUserHavePermission_WhenUserHasAccessToNone_ThenReturnFalse() { // Arrange IEnumerable <string> fundingStreamIds = new List <string> { "fs1", "fs2", "fs3" }; string userId = "testuser"; ClaimsPrincipal user = BuildClaimsPrincipal(userId); FundingStreamActionTypes permissionRequired = FundingStreamActionTypes.CanCreateSpecification; ApiResponse <IEnumerable <Common.ApiClient.Users.Models.FundingStreamPermission> > permissionsResponse = new ApiResponse <IEnumerable <Common.ApiClient.Users.Models.FundingStreamPermission> >(System.Net.HttpStatusCode.OK, new List <Common.ApiClient.Users.Models.FundingStreamPermission> { new Common.ApiClient.Users.Models.FundingStreamPermission { FundingStreamId = "fs1", CanCreateSpecification = false }, new Common.ApiClient.Users.Models.FundingStreamPermission { FundingStreamId = "fs2", CanCreateSpecification = false }, new Common.ApiClient.Users.Models.FundingStreamPermission { FundingStreamId = "fs3", CanCreateSpecification = false } }); IAuthorizationService authorizationService = Substitute.For <IAuthorizationService>(); IUsersApiClient usersClient = Substitute.For <IUsersApiClient>(); usersClient .GetFundingStreamPermissionsForUser(userId) .Returns(permissionsResponse); AuthorizationHelper authHelper = CreateAuthenticationHelper(authorizationService, usersClient); // Act bool result = await authHelper.DoesUserHavePermission(user, fundingStreamIds, permissionRequired); // Assert result.Should().BeFalse(); }