public void CoreAccessAuthorizeAttribute_When_RouteData_NotHave_Location_ReturnsForbidden() { Logger.Init("", "CoreAccessControl.log", "CoreAccessControl", Severity.Information, mock: true); var accessor = new ControllerTestBase().GetMockHttpContextAccessor(); ActionContext actionContext = new ActionContext( httpContext: accessor.Object.HttpContext, routeData: new RouteData(), actionDescriptor: new ActionDescriptor() ); AuthorizationFilterContext filterContext = new AuthorizationFilterContext(actionContext, new List <IFilterMetadata>()); // Act CoreAccessAuthorizeAttribute authAttr = new CoreAccessAuthorizeAttribute(Domain.Models.PermissionDomain.Admin, Domain.Models.PermissionAction.Read); authAttr.OnAuthorization(filterContext); // Assert var result = Assert.IsType <ObjectResult>(filterContext.Result); Assert.Equal((int)System.Net.HttpStatusCode.Forbidden, (int)result.StatusCode); }
public void CoreAccessAuthorizeAttribute_When_DoNotHaveEnoughPermission() { Logger.Init("", "CoreAccessControl.log", "CoreAccessControl", Severity.Information, mock: true); var keyVal = new RouteValueDictionary(); keyVal.Add("locationId", 1); var accessor = new ControllerTestBase().GetMockHttpContextAccessor(GetFakeClaims(), keyVal); ActionContext actionContext = new ActionContext( httpContext: accessor.Object.HttpContext, routeData: new RouteData(), actionDescriptor: new ActionDescriptor() ); AuthorizationFilterContext filterContext = new AuthorizationFilterContext(actionContext, new List <IFilterMetadata>()); // Act CoreAccessAuthorizeAttribute authAttr = new CoreAccessAuthorizeAttribute(PermissionDomain.Admin, PermissionAction.Read); authAttr.OnAuthorization(filterContext); // Assert var result = Assert.IsType <ObjectResult>(filterContext.Result); Assert.Equal((int)System.Net.HttpStatusCode.Forbidden, (int)result.StatusCode); // Act authAttr = new CoreAccessAuthorizeAttribute(PermissionDomain.Admin, PermissionActionCondition.And, PermissionAction.Read, PermissionAction.Write); authAttr.OnAuthorization(filterContext); // Assert result = Assert.IsType <ObjectResult>(filterContext.Result); Assert.Equal((int)System.Net.HttpStatusCode.Forbidden, (int)result.StatusCode); // Act authAttr = new CoreAccessAuthorizeAttribute(PermissionDomain.Config, PermissionActionCondition.Or, PermissionAction.Read, PermissionAction.Write); authAttr.OnAuthorization(filterContext); // Assert result = Assert.IsType <ObjectResult>(filterContext.Result); Assert.Equal((int)System.Net.HttpStatusCode.Forbidden, (int)result.StatusCode); }