public void DeleteRole_WrongScope_ReturnsForbidden() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); AssertDeleteRole(HttpStatusCode.Forbidden, existingClient.Id, existingRole.Id.ToString(), Scopes.ReadScope); }
public void DeleteRole_Succeeds() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); AssertDeleteRole(HttpStatusCode.NoContent, existingClient.Id, existingRole.Id.ToString(), Scopes.WriteScope); }
public void AddPermissionsToRole_Forbidden(string clientId, string securableItem, string scope) { var role = ExistingRoles.First(r => r.Grain == "app" && r.SecurableItem == securableItem); var permission = ExistingPermissions.First(p => p.Grain == role.Grain && p.SecurableItem == role.SecurableItem); PostPermissionAndAssert(role, permission, clientId, HttpStatusCode.Forbidden, scope); }
public void DeletePermissionFromRole_BadRequest() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); DeletePermissionAndAssert(existingClient.Id, "notaguid", existingPermission, HttpStatusCode.BadRequest, Scopes.WriteScope); }
public void DeletePermissionFromRole_WrongScope_Forbidden() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); DeletePermissionAndAssert(existingClient.Id, existingRole.Id.ToString(), existingPermission, HttpStatusCode.Forbidden, Scopes.ReadScope); }
public void DeletePermissionFromRole_Forbidden() { var existingClient = ExistingClients.First(); var notFoundRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == notFoundRole.Grain && p.SecurableItem == notFoundRole.SecurableItem); DeletePermissionAndAssert("sourcemartdesigner", notFoundRole.Id.ToString(), existingPermission, HttpStatusCode.Forbidden); }
public void DeletePermissionFromRole_PermissionNotFound() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); DeletePermissionAndAssert(existingClient.Id, existingRole.Id.ToString(), existingPermission, HttpStatusCode.NotFound); }
public void AddPermissionsToRole_IncompatiblePermission_WrongSecurable() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem != existingRole.SecurableItem); PostPermissionAndAssert(existingRole, existingPermission, existingClient.Id, HttpStatusCode.BadRequest); }
public void DeleteRole_WrongClient_ReturnsForbidden(string cliendId) { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, cliendId)); var result = rolesModule.Delete($"/roles/{existingRole.Id}").Result; Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode); }
public void AddPermissionsToRole_IncompatiblePermission_PermissionAlreadyExists() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); existingRole.Permissions.Add(existingPermission); PostPermissionAndAssert(existingRole, existingPermission, existingClient.Id, HttpStatusCode.Conflict); }
public void GetRoles_ReturnsRoleForRoleName() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); Assert.NotNull(existingRole); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.ClientId, existingClient.Id)); var result = rolesModule.Get($"/roles/app/{existingRole.SecurableItem}/{existingRole.Name}").Result; AssertRolesOK(result, 1, existingRole.Id); }
public void AddPermissionsToRole_PermissionNotFound() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var permission = new Permission { Id = Guid.NewGuid(), Grain = "app", SecurableItem = "patientsafety", Name = "notfound" }; PostPermissionAndAssert(existingRole, permission, existingClient.Id, HttpStatusCode.NotFound); }
public void AddPermissionsToRole_BadRequest() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, existingClient.Id)); var result = rolesModule.Post($"/roles/{existingRole.Id}/permissions", with => with.JsonBody(existingPermission)) .Result; Assert.Equal(HttpStatusCode.BadRequest, result.StatusCode); }
public void AddPermissionsToRole_Succeeds() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, existingClient.Id)); var result = rolesModule.Post($"/roles/{existingRole.Id}/permissions", with => with.JsonBody(new List <Permission> { existingPermission })) .Result; AssertRoleOK(result, 1); }
private IList <Role> AddExistingRoles(string securableItemName) { var role1 = new Role { Id = Guid.NewGuid(), Grain = Domain.Defaults.Authorization.AppGrain, SecurableItem = securableItemName, Name = "role1" + Guid.NewGuid() }; var role2 = new Role { Id = Guid.NewGuid(), Grain = Domain.Defaults.Authorization.AppGrain, SecurableItem = securableItemName, Name = "role2" + Guid.NewGuid() }; var role3 = new Role { Id = Guid.NewGuid(), Grain = Domain.Defaults.Authorization.AppGrain, SecurableItem = "sourcemartdesigner", Name = "role3" + Guid.NewGuid() }; var role4 = new Role { Id = Guid.NewGuid(), Grain = Domain.Defaults.Authorization.AppGrain, SecurableItem = securableItemName, Name = "role4" + Guid.NewGuid() }; ExistingRoles.Add(role1); ExistingRoles.Add(role2); ExistingRoles.Add(role3); ExistingRoles.Add(role4); return(new List <Role> { role1, role2, role3, role4 }); }
private void SetupTestData() { var adminGroup = new Group { Id = @"Fabric\Health Catalyst Admin", Name = @"Fabric\Health Catalyst Admin" }; var contributorGroup = new Group { Id = @"Fabric\Health Catalyst Contributor", Name = @"Fabric\Health Catalyst Contributor" }; var customGroup = new Group { Id = "Custom Group", Name = "Custom Group" }; _existingGroups = new List <Group> { adminGroup, contributorGroup, customGroup }; _existingUsers = new List <User> { new User("user123", "Windows") { Groups = new List <string> { customGroup.Name } } }; var contributorRole = new Role { Id = Guid.NewGuid(), Grain = "app", SecurableItem = "patientsafety", Name = "contributor" }; var customGroupRole = new Role { Id = Guid.NewGuid(), Grain = "app", SecurableItem = "patientsafety", Name = "custom" }; ExistingRoles.Add(contributorRole); ExistingRoles.Add(customGroupRole); var adminRole = ExistingRoles.First(r => r.Grain == "app" && r.SecurableItem == "patientsafety" && r.Name == "admin"); adminGroup.Roles.Add(adminRole); adminGroup.Roles.Add(contributorRole); contributorGroup.Roles.Add(contributorRole); customGroup.Roles.Add(customGroupRole); adminRole.Groups.Add(adminGroup.Identifier); contributorRole.Groups.Add(adminGroup.Identifier); contributorRole.Groups.Add(contributorGroup.Identifier); customGroupRole.Groups.Add(customGroup.Identifier); var manageUsersPermission = ExistingPermissions.First(p => p.Grain == adminRole.Grain && p.SecurableItem == adminRole.SecurableItem && p.Name == "manageusers"); var updatePatientPermission = ExistingPermissions.First(p => p.Grain == adminRole.Grain && p.SecurableItem == adminRole.SecurableItem && p.Name == "updatepatient"); ExistingPermissions.Add(new Permission { Id = Guid.NewGuid(), Grain = "app", SecurableItem = "patientsafety", Name = "custom" }); var customPermission = ExistingPermissions.First(p => p.Grain == "app" && p.SecurableItem == "patientsafety" && p.Name == "custom"); adminRole.Permissions.Add(manageUsersPermission); contributorRole.Permissions.Add(updatePatientPermission); customGroupRole.Permissions.Add(customPermission); }