public async Task GivenOtherMembersHavePermissionsToDeleteTeamProject_WhenFix_ThenPermissionsAreUpdated()
{
var client = Substitute.For <IVstsRestClient>();
InitializePermissions(client, _deleteTeamProjectAllow);
InitializeApplicationGroupsLookup(client, _pa, _rpa,
new ApplicationGroup {
FriendlyDisplayName = "Contributors", TeamFoundationId = "afewsf"
});
InitializeMembersLookup(client);
var rule = new NobodyCanDeleteTheTeamProject(client);
await rule.ReconcileAsync("");
await client
.Received()
.PostAsync(Arg.Any <IVstsRequest <Permissions.UpdateWrapper, object> >(),
Arg.Is <Permissions.UpdateWrapper>(x =>
x.UpdatePackage.Contains("afewsf") &&
x.UpdatePackage.Contains(@"PermissionId"":0")));
await client
.DidNotReceive()
.PostAsync(Arg.Any <IVstsRequest <Permissions.UpdateWrapper, object> >(),
Arg.Is <Permissions.UpdateWrapper>(x =>
x.UpdatePackage.Contains(_pa.TeamFoundationId)));
await client
.Received(1)
.PostAsync(Arg.Any <IVstsRequest <Permissions.UpdateWrapper, object> >(),
Arg.Is <Permissions.UpdateWrapper>(x =>
x.UpdatePackage.Contains(_rpa.TeamFoundationId))); // Only the DENY update
}
public async Task GivenRabobankProjectAdministratorsGroupDoesNotExist_WhenFix_ThenThatGroupIsCreated()
{
// Arrange
var client = Substitute.For <IVstsRestClient>();
InitializePermissions(client, _deleteTeamProjectAllow);
InitializeApplicationGroupsLookup(client, _pa);
InitializeMembersLookup(client);
client
.PostAsync(Arg.Any <IVstsRequest <SecurePipelineScan.VstsService.Requests.Security.ManageGroupData, ApplicationGroup> >(),
Arg.Any <SecurePipelineScan.VstsService.Requests.Security.ManageGroupData>())
.Returns(_rpa);
// Act
var rule = new NobodyCanDeleteTheTeamProject(client);
await rule.ReconcileAsync("");
// Assert
await client
.Received()
.PostAsync(
Arg.Any <IVstsRequest <SecurePipelineScan.VstsService.Requests.Security.ManageGroupData, ApplicationGroup> >(),
Arg.Any <SecurePipelineScan.VstsService.Requests.Security.ManageGroupData>());
}
GivenProjectAdministratorsGroupContainsOtherMembers_WhenFix_ThenMembersAreAddedToRabobankProjectAdministratorsGroup()
{
var client = Substitute.For <IVstsRestClient>();
InitializePermissions(client, _deleteTeamProjectAllow);
InitializeApplicationGroupsLookup(client, _pa, _rpa);
InitializeMembersLookup(client,
_rpa,
new ApplicationGroup {
TeamFoundationId = "asdf"
},
new ApplicationGroup {
TeamFoundationId = "gsdgs"
});
var rule = new NobodyCanDeleteTheTeamProject(client);
await rule.ReconcileAsync("");
await client
.Received()
.PostAsync(Arg.Any <IVstsRequest <SecurePipelineScan.VstsService.Requests.Security.AddMemberData, object> >(),
Arg.Is <SecurePipelineScan.VstsService.Requests.Security.AddMemberData>(x =>
x.GroupsToJoinJson.Contains(_rpa.TeamFoundationId) &&
x.ExistingUsersJson.Contains("asdf") &&
x.ExistingUsersJson.Contains("gsdgs")));
}
public async Task GivenProjectAdministratorsGroupContainsOtherMembers_WhenFix_ThenMembersAreRemoved()
{
var client = Substitute.For <IVstsRestClient>();
InitializePermissions(client, _deleteTeamProjectAllow);
InitializeApplicationGroupsLookup(client, _pa, _rpa);
InitializeMembersLookup(client,
new ApplicationGroup {
TeamFoundationId = "asdf"
},
new ApplicationGroup {
TeamFoundationId = "gsdgs"
});
var rule = new NobodyCanDeleteTheTeamProject(client);
await rule.ReconcileAsync("");
await client
.Received()
.PostAsync(Arg.Any <IVstsRequest <SecurePipelineScan.VstsService.Requests.Security.EditMembersData, object> >(),
Arg.Is <SecurePipelineScan.VstsService.Requests.Security.RemoveMembersData>(x =>
x.RemoveItemsJson.Contains("asdf") &&
x.RemoveItemsJson.Contains("gsdgs") &&
x.GroupId == "1234"));
}
public async Task GivenOnlyProjectAdministratorHasPermissionToDeleteTeamProject_WhenEvaluate_ThenTrue()
{
var client = Substitute.For <IVstsRestClient>();
InitializePermissions(client, _deleteTeamProjectAllow);
InitializeApplicationGroupsLookup(client, _pa);
InitializeMembersLookup(client);
var rule = new NobodyCanDeleteTheTeamProject(client);
(await rule.EvaluateAsync("")).ShouldBeTrue();
}
public async Task GivenProjectAdministratorsHasOtherMember_WhenEvaluate_ThenFalse()
{
var client = Substitute.For <IVstsRestClient>();
InitializePermissions(client);
InitializeApplicationGroupsLookup(client, _pa);
InitializeMembersLookup(client, new ApplicationGroup());
var rule = new NobodyCanDeleteTheTeamProject(client);
(await rule.EvaluateAsync("")).ShouldBeFalse();
}
public async Task GivenContributorsHasPermissionToDeleteTeamProject_WhenEvaluate_ThenFalse()
{
var client = Substitute.For <IVstsRestClient>();
InitializePermissions(client, _deleteTeamProjectAllow);
InitializeApplicationGroupsLookup(client, new ApplicationGroup {
FriendlyDisplayName = "Contributors"
});
InitializeMembersLookup(client);
var rule = new NobodyCanDeleteTheTeamProject(client);
(await rule.EvaluateAsync("")).ShouldBeFalse();
}
GivenProjectAdministratorsGroupContainsRabobankAdministratorsGroups_WhenFix_ThenThatMemberIsNotRemoved()
{
var client = Substitute.For <IVstsRestClient>();
InitializePermissions(client, _deleteTeamProjectAllow);
InitializeApplicationGroupsLookup(client, _pa, _rpa);
InitializeMembersLookup(client, _rpa);
var rule = new NobodyCanDeleteTheTeamProject(client);
await rule.ReconcileAsync("");
await client
.DidNotReceive()
.PostAsync(Arg.Any <IVstsRequest <SecurePipelineScan.VstsService.Requests.Security.RemoveMembersData, object> >(),
Arg.Any <SecurePipelineScan.VstsService.Requests.Security.RemoveMembersData>());
}
GivenRabobankProjectAdministratorsHasInheritedAllowToDeleteTeamProject_WhenFix_ThenPermissionsAreUpdated()
{
var client = Substitute.For <IVstsRestClient>();
InitializePermissions(client, _deleteTeamProjectAllow);
InitializeApplicationGroupsLookup(client, _pa, _rpa,
new ApplicationGroup {
FriendlyDisplayName = "Contributors"
});
InitializeMembersLookup(client);
var rule = new NobodyCanDeleteTheTeamProject(client);
await rule.ReconcileAsync("");
await client
.Received()
.PostAsync(Arg.Any <IVstsRequest <Permissions.UpdateWrapper, object> >(),
Arg.Is <Permissions.UpdateWrapper>(x =>
x.UpdatePackage.Contains(_rpa.TeamFoundationId) &&
x.UpdatePackage.Contains(@"PermissionBit"":4") &&
x.UpdatePackage.Contains(@"PermissionId"":2")));
}
public async Task ReconcileIntegrationTest()
{
var client = new VstsRestClient(_config.Organization, _config.Token);
await ManagePermissions
.ForTeamProject(client, _config.Project)
.Permissions((4, "52d39943-cb85-4d7f-8fa8-c6baac873819"))
.SetToAsync(PermissionId.Allow);
var rule = new NobodyCanDeleteTheTeamProject(client);
(await rule.EvaluateAsync(_config.Project))
.ShouldBe(false);
await rule.ReconcileAsync(_config.Project);
await Policy
.Handle <Exception>()
.WaitAndRetryAsync(Constants.NumRetries, t => TimeSpan.FromSeconds(t))
.ExecuteAsync(async() =>
{
(await rule.EvaluateAsync(_config.Project)).ShouldBe(true);
});
}
public async Task FixIntegrationTest()
{
var rule = new NobodyCanDeleteTheTeamProject(new VstsRestClient(_config.Organization, _config.Token));
await rule.ReconcileAsync(_config.Project);
}
