public async Task GetSurveyAsync_Returns_Survey_Contributors()
{
// All contexts that share the same service provider will share the same InMemory database
var options = CreateNewContextOptions();
// Run the test against one instance of the context
using (var context = new ApplicationDbContext(options))
{
var survey = new Survey
{
Id = 1,
Contributors = new List<SurveyContributor>
{
new SurveyContributor { SurveyId = 1, UserId = 2 }
}
};
context.Add(survey);
context.SaveChanges();
}
// Use a separate instance of the context to verify correct data was saved to database
using (var context = new ApplicationDbContext(options))
{
var store = new SqlServerSurveyStore(context);
var result = await store.GetSurveyAsync(1);
Assert.NotNull(result.Contributors);
Assert.NotEmpty(result.Contributors);
}
}
public void Handle_Read_PassesForContributor()
{
var survey = new Survey("test survey") { Contributors = new List<SurveyContributor> { new SurveyContributor { UserId = 54321 } } };
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "54321"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
new Claim(AzureADClaimTypes.TenantId, "tenantid")
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Read, survey);
Assert.True(authzContext.HasSucceeded);
}
public void Handle_Update_PassesForOwner()
{
var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "54321"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
new Claim(AzureADClaimTypes.TenantId, "tenantid"),
new Claim(ClaimTypes.Role, Roles.SurveyCreator)
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Update, survey);
Assert.True(authzContext.HasSucceeded);
}
public async Task GetSurveyAsync_Returns_Survey_Contributors()
{
IServiceProvider provider = _serviceCollection.BuildServiceProvider();
using (var context = provider.GetService<ApplicationDbContext>())
{
var survey = new Survey
{
Id = 1,
Contributors = new List<SurveyContributor>
{
new SurveyContributor { SurveyId = 1, UserId = 2 }
}
};
context.Add(survey);
context.SaveChanges();
}
var store = provider.GetService<SqlServerSurveyStore>();
var result = await store.GetSurveyAsync(1);
Assert.NotNull(result.Contributors);
Assert.NotEmpty(result.Contributors);
}
internal new void Handle(AuthorizationContext context, OperationAuthorizationRequirement operation, Survey resource)
{
base.Handle(context, operation, resource);
}
public void Handle_Delete_PassesForAdminUserWithOtherRoles()
{
var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
new Claim(ClaimTypes.Role, Roles.SurveyReader),
new Claim(ClaimTypes.Role, Roles.SurveyAdmin),
new Claim(ClaimTypes.Role, Roles.SurveyReader)
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Delete, survey);
Assert.True(authzContext.HasSucceeded);
}
public void Handle_Delete_FailsForAdminOfDifferentTenant()
{
var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "11111"), // Different tenant from survey
new Claim(AzureADClaimTypes.TenantId, "tenantid"),
new Claim(ClaimTypes.Role, Roles.SurveyAdmin)
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Delete, survey);
Assert.False(authzContext.HasSucceeded);
}
public void Handle_Create_FailesForUserWithNoCreatorRoleAssignments()
{
var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
new Claim(AzureADClaimTypes.TenantId, "tenantid"),
new Claim(ClaimTypes.Role, Roles.SurveyReader),
new Claim(ClaimTypes.Role, Roles.SurveyReader)
}));
var authzContext = new AuthorizationHandlerContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Create, survey);
Assert.False(authzContext.HasSucceeded);
}
public async Task<Survey> DeleteSurveyAsync(Survey survey)
{
_dbContext.Surveys.Remove(survey);
await _dbContext
.SaveChangesAsync()
.ConfigureAwait(false);
return survey;
}
public async Task<Survey> AddSurveyAsync(Survey survey)
{
_dbContext.Surveys.Add(survey);
await _dbContext
.SaveChangesAsync()
.ConfigureAwait(false);
return survey;
}
public async Task<Survey> UpdateSurveyAsync(Survey survey)
{
_dbContext.Surveys.Attach(survey);
_dbContext.Entry(survey).State = EntityState.Modified;
await _dbContext
.SaveChangesAsync()
.ConfigureAwait(false);
return survey;
}
