public void AddPermissionsToRole_Forbidden(string clientId, string securableItem, string scope)
{
var role = ExistingRoles.First(r => r.Grain == "app" && r.SecurableItem == securableItem);
var permission =
ExistingPermissions.First(p => p.Grain == role.Grain && p.SecurableItem == role.SecurableItem);
PostPermissionAndAssert(role, permission, clientId, HttpStatusCode.Forbidden, scope);
}
public void DeletePermissionFromRole_BadRequest()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
DeletePermissionAndAssert(existingClient.Id, "notaguid", existingPermission, HttpStatusCode.BadRequest, Scopes.WriteScope);
}
public void DeletePermissionFromRole_WrongScope_Forbidden()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
DeletePermissionAndAssert(existingClient.Id, existingRole.Id.ToString(), existingPermission, HttpStatusCode.Forbidden, Scopes.ReadScope);
}
public void DeletePermissionFromRole_Forbidden()
{
var existingClient = ExistingClients.First();
var notFoundRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == notFoundRole.Grain &&
p.SecurableItem == notFoundRole.SecurableItem);
DeletePermissionAndAssert("sourcemartdesigner", notFoundRole.Id.ToString(), existingPermission, HttpStatusCode.Forbidden);
}
public void DeletePermissionFromRole_PermissionNotFound()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
DeletePermissionAndAssert(existingClient.Id, existingRole.Id.ToString(), existingPermission, HttpStatusCode.NotFound);
}
public void AddPermissionsToRole_IncompatiblePermission_WrongSecurable()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem != existingRole.SecurableItem);
PostPermissionAndAssert(existingRole, existingPermission, existingClient.Id, HttpStatusCode.BadRequest);
}
public void DeletePermission_Successful()
{
var permissionsModule = CreateBrowser(new Claim(Claims.ClientId, "patientsafety"),
new Claim(Claims.Scope, Scopes.ReadScope),
new Claim(Claims.Scope, Scopes.WriteScope));
var existingPermission = ExistingPermissions.First();
var actual = permissionsModule.Delete($"/permissions/{existingPermission.Id}").Result;
Assert.Equal(HttpStatusCode.NoContent, actual.StatusCode);
MockPermissionStore.Verify(permissionStore => permissionStore.Delete(existingPermission));
}
public void AddPermissionsToRole_IncompatiblePermission_PermissionAlreadyExists()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
existingRole.Permissions.Add(existingPermission);
PostPermissionAndAssert(existingRole, existingPermission, existingClient.Id, HttpStatusCode.Conflict);
}
public void GetPermissions_ReturnsPermissionForId()
{
var permissionsModule = CreateBrowser(new Claim(Claims.ClientId, "patientsafety"),
new Claim(Claims.Scope, Scopes.ReadScope),
new Claim(Claims.Scope, Scopes.WriteScope));
var existingPermission = ExistingPermissions.First();
var actual = permissionsModule.Get($"/permissions/{existingPermission.Id}").Result;
Assert.Equal(HttpStatusCode.OK, actual.StatusCode);
var newPermission = actual.Body.DeserializeJson <PermissionApiModel>();
Assert.Equal(existingPermission.Id, newPermission.Id);
}
public void AddPermissionsToRole_BadRequest()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope),
new Claim(Claims.ClientId, existingClient.Id));
var result = rolesModule.Post($"/roles/{existingRole.Id}/permissions",
with => with.JsonBody(existingPermission))
.Result;
Assert.Equal(HttpStatusCode.BadRequest, result.StatusCode);
}
public void AddPermissionsToRole_RoleNotFound()
{
var existingClient = ExistingClients.First();
var role = new Role
{
Id = Guid.NewGuid(),
Grain = "app",
SecurableItem = "patientsafety",
Name = "notfound"
};
var existingPermission =
ExistingPermissions.First(p => p.Grain == role.Grain &&
p.SecurableItem == role.SecurableItem);
PostPermissionAndAssert(role, existingPermission, existingClient.Id, HttpStatusCode.NotFound);
}
public void DeletePermissionFromRole_RoleNotFound()
{
var existingClient = ExistingClients.First();
var notFoundRole = new Role
{
Id = Guid.NewGuid(),
Grain = "app",
SecurableItem = existingClient.Id,
Name = "notfound"
};
var existingPermission =
ExistingPermissions.First(p => p.Grain == notFoundRole.Grain &&
p.SecurableItem == notFoundRole.SecurableItem);
notFoundRole.Permissions.Add(existingPermission);
DeletePermissionAndAssert(existingClient.Id, notFoundRole.Id.ToString(), existingPermission, HttpStatusCode.NotFound);
}
public void AddPermissionsToRole_Succeeds()
{
var existingClient = ExistingClients.First();
var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id);
var existingPermission =
ExistingPermissions.First(p => p.Grain == existingRole.Grain &&
p.SecurableItem == existingRole.SecurableItem);
var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope),
new Claim(Claims.ClientId, existingClient.Id));
var result = rolesModule.Post($"/roles/{existingRole.Id}/permissions",
with => with.JsonBody(new List <Permission> {
existingPermission
}))
.Result;
AssertRoleOK(result, 1);
}
public void AddPermission_PermissionAlreadyExists()
{
var permissionsModule = CreateBrowser(new Claim(Claims.ClientId, "patientsafety"),
new Claim(Claims.Scope, Scopes.ReadScope),
new Claim(Claims.Scope, Scopes.WriteScope));
var existingPermission =
ExistingPermissions.First(p => p.Grain == "app" && p.SecurableItem == "patientsafety");
var actual = permissionsModule.Post("/permissions",
with => with.JsonBody(new Permission
{
Grain = existingPermission.Grain,
SecurableItem = existingPermission.SecurableItem,
Name = existingPermission.Name
})).Result;
Assert.Equal(HttpStatusCode.Conflict, actual.StatusCode);
}
private void SetupTestData()
{
var adminGroup = new Group
{
Id = @"Fabric\Health Catalyst Admin",
Name = @"Fabric\Health Catalyst Admin"
};
var contributorGroup = new Group
{
Id = @"Fabric\Health Catalyst Contributor",
Name = @"Fabric\Health Catalyst Contributor"
};
var customGroup = new Group
{
Id = "Custom Group",
Name = "Custom Group"
};
_existingGroups = new List <Group>
{
adminGroup,
contributorGroup,
customGroup
};
_existingUsers = new List <User>
{
new User("user123", "Windows")
{
Groups = new List <string>
{
customGroup.Name
}
}
};
var contributorRole = new Role
{
Id = Guid.NewGuid(),
Grain = "app",
SecurableItem = "patientsafety",
Name = "contributor"
};
var customGroupRole = new Role
{
Id = Guid.NewGuid(),
Grain = "app",
SecurableItem = "patientsafety",
Name = "custom"
};
ExistingRoles.Add(contributorRole);
ExistingRoles.Add(customGroupRole);
var adminRole = ExistingRoles.First(r => r.Grain == "app" &&
r.SecurableItem == "patientsafety" &&
r.Name == "admin");
adminGroup.Roles.Add(adminRole);
adminGroup.Roles.Add(contributorRole);
contributorGroup.Roles.Add(contributorRole);
customGroup.Roles.Add(customGroupRole);
adminRole.Groups.Add(adminGroup.Identifier);
contributorRole.Groups.Add(adminGroup.Identifier);
contributorRole.Groups.Add(contributorGroup.Identifier);
customGroupRole.Groups.Add(customGroup.Identifier);
var manageUsersPermission =
ExistingPermissions.First(p => p.Grain == adminRole.Grain &&
p.SecurableItem == adminRole.SecurableItem &&
p.Name == "manageusers");
var updatePatientPermission =
ExistingPermissions.First(p => p.Grain == adminRole.Grain &&
p.SecurableItem == adminRole.SecurableItem &&
p.Name == "updatepatient");
ExistingPermissions.Add(new Permission
{
Id = Guid.NewGuid(),
Grain = "app",
SecurableItem = "patientsafety",
Name = "custom"
});
var customPermission =
ExistingPermissions.First(p => p.Grain == "app" &&
p.SecurableItem == "patientsafety" &&
p.Name == "custom");
adminRole.Permissions.Add(manageUsersPermission);
contributorRole.Permissions.Add(updatePatientPermission);
customGroupRole.Permissions.Add(customPermission);
}