public async Task TestConstructor_OnActionExecutingAsync_UserHasPermission() { var permissionModel = new PermissionModel { Id = Permission.ViewProgram.Id, Name = Permission.ViewProgram.Value }; var id = 1; var user = GetTestUser(); var foreignResourceCache = new ForeignResourceCache(0, 1, 0, null, null, null); userProvider.Setup(x => x.GetCurrentUser()).Returns(user); userProvider.Setup(x => x.IsUserValidAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(true); resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(1); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); permissionService.Setup(x => x.HasPermission(It.IsAny <int>(), It.IsAny <int?>(), It.IsAny <int>(), It.IsAny <List <IPermission> >())).Returns(true); permissionService.Setup(x => x.GetPermissionByNameAsync(It.IsAny <string>())).ReturnsAsync(permissionModel); var attribute = new ResourceAuthorizeAttribute(permissionModel.Name, ResourceType.Program.Value, id); var actionContext = ContextUtil.CreateActionContext(); actionContext.RequestContext.Principal = Thread.CurrentPrincipal; var cts = new CancellationTokenSource(); await attribute.OnActionExecutingAsync(actionContext, cts.Token); Assert.AreEqual(AuthorizationResult.Allowed, attribute.GetAuthorizationResult()); }
public void TestDeletePermission_PermissionAssignmentDoesNotExist() { var foreignResourceId = 1; var user = new UserAccount { PrincipalId = 2 }; var permissionAssignment = new PermissionAssignment { PermissionId = 1, PrincipalId = user.PrincipalId, ResourceId = 3 }; var foreignResourceCache = new ForeignResourceCache(foreignResourceId, permissionAssignment.ResourceId, 0, null, null, null); context.PermissionAssignments.Add(permissionAssignment); context.UserAccounts.Add(user); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); var deletedPermission = new DeletedPermission(user.PrincipalId, 0, 0, ResourceType.Project.Value); Func <Task> f = async() => { await service.DeletePermissionAsync(deletedPermission); }; service.Invoking(x => x.DeletePermission(deletedPermission)).ShouldThrow <ModelNotFoundException>() .WithMessage("The permission assignment was not found."); f.ShouldThrow <ModelNotFoundException>() .WithMessage("The permission assignment was not found."); }
public void TestRevokePermission_MultiplePermissionsExist() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); var permissionAssignment1 = new PermissionAssignment { PrincipalId = grantee.PrincipalId, PermissionId = permission.PermissionId, ResourceId = resource.ResourceId, IsAllowed = false }; var permissionAssignment2 = new PermissionAssignment { PrincipalId = grantee.PrincipalId, PermissionId = permission.PermissionId, ResourceId = resource.ResourceId, IsAllowed = false }; context.Principals.Add(grantor); context.Principals.Add(grantee); context.Permissions.Add(permission); context.Resources.Add(resource); context.PermissionAssignments.Add(permissionAssignment1); context.PermissionAssignments.Add(permissionAssignment2); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); var revokedPermission = new RevokedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId); Func <Task> revokeAction = async() => { await service.RevokePermissionAsync(revokedPermission); }; service.Invoking(x => x.RevokePermission(revokedPermission)).ShouldThrow <NotSupportedException>() .WithMessage("There should not be more than one permission assignment to set is allowed true."); revokeAction.ShouldThrow <NotSupportedException>() .WithMessage("There should not be more than one permission assignment to set is allowed true."); }
public async Task TestGetUserPermissionsForResourceAsync_CheckDistinctPermissionsReturned() { var resourceId = 1; var foreignResourceId = 3; var resourceType = "Program"; var resourceTypeId = 1; var principalId = 1; var permissionId = 2; var permissionName = "my permission"; var permissionModel = new PermissionModel { Id = permissionId, Name = permissionName }; var foreignResourceCache = new ForeignResourceCache(foreignResourceId, resourceId, resourceTypeId, null, null, null); var simpleUser = new SimpleUser { Id = Guid.NewGuid() }; var userPermissions = new List <IPermission>(); userPermissions.Add(new SimplePermission { IsAllowed = true, PermissionId = permissionId, PrincipalId = principalId, ResourceId = resourceId, ForeignResourceId = foreignResourceId, ResourceTypeId = resourceTypeId }); userPermissions.Add(new SimplePermission { IsAllowed = true, PermissionId = permissionId, PrincipalId = principalId, ResourceId = resourceId, ForeignResourceId = foreignResourceId, ResourceTypeId = resourceTypeId }); resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(resourceTypeId); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); permissionService.Setup(x => x.GetPermissionByIdAsync(It.IsAny <int>())).ReturnsAsync(permissionModel); userProvider.Setup(x => x.GetPermissionsAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(userPermissions); userProvider.Setup(x => x.GetPrincipalIdAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(principalId); userProvider.Setup(x => x.GetCurrentUser()).Returns(simpleUser); var results = await controller.GetUserPermissionsForResourceAsync(resourceType, foreignResourceId); Assert.IsInstanceOfType(results, typeof(OkNegotiatedContentResult <List <ResourcePermissionViewModel> >)); var okResult = (OkNegotiatedContentResult <List <ResourcePermissionViewModel> >)results; Assert.AreEqual(1, okResult.Content.Count()); var firstPermission = okResult.Content.First(); Assert.AreEqual(permissionName, firstPermission.PermissionName); Assert.AreEqual(permissionId, firstPermission.PermissionId); userProvider.Verify(x => x.GetCurrentUser(), Times.Once()); }
public async Task TestGetUserPermissionsAsync_UserHasPermissionDeniedByParentButGrantedByResource() { var resourceId = 1; var parentResourceId = 2; var foreignResourceId = 3; var resourceType = "Program"; var resourceTypeId = 1; var parentResourceTypeId = 2; var foreignResourceCache = new ForeignResourceCache(foreignResourceId, resourceId, resourceTypeId, null, null, null); var principalId = 1; var permissionName = "my permission"; var permissionModel = new PermissionModel { Id = 1, Name = permissionName }; var simpleUser = new SimpleUser { Id = Guid.NewGuid() }; var userPermissions = new List <IPermission>(); userPermissions.Add(new SimplePermission { IsAllowed = true, ForeignResourceId = foreignResourceId, PermissionId = permissionModel.Id, PrincipalId = principalId, ResourceId = resourceId, ResourceTypeId = resourceTypeId }); userPermissions.Add(new SimplePermission { IsAllowed = false, ForeignResourceId = foreignResourceId, PermissionId = permissionModel.Id, PrincipalId = principalId, ResourceId = parentResourceId, ResourceTypeId = parentResourceTypeId }); resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(resourceTypeId); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); permissionService.Setup(x => x.GetPermissionByNameAsync(It.IsAny <string>())).ReturnsAsync(permissionModel); permissionService.Setup(x => x.GetPermissionByIdAsync(It.IsAny <int>())).ReturnsAsync(permissionModel); userProvider.Setup(x => x.GetPermissionsAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(userPermissions); userProvider.Setup(x => x.GetPrincipalIdAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(principalId); var permissions = await controller.GetUserPermissionsAsync(simpleUser, resourceType, foreignResourceId); Assert.AreEqual(1, permissions.Count()); Assert.AreEqual(permissionName, permissions.First().PermissionName); Assert.AreEqual(permissionModel.Id, permissions.First().PermissionId); resourceService.Verify(x => x.GetResourceTypeId(It.IsAny <string>()), Times.Once()); }
public void TestToString_UnknownResourceType() { var foreignResourceId = 1; var resourceId = 2; var resourceTypeId = -1; var parentForeignResourceId = 4; var parentResourceId = 5; var parentResourceTypeId = ResourceType.Program.Id; var cache = new ForeignResourceCache(foreignResourceId, resourceId, resourceTypeId, parentForeignResourceId, parentResourceId, parentResourceTypeId); Assert.IsNotNull(cache.ToString()); }
public async Task TestGrantPermission_PermissionIsNotAResourcePermission() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); context.Principals.Add(grantor); context.Principals.Add(grantee); context.Permissions.Add(permission); context.Resources.Add(resource); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList()); resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList()); Assert.AreEqual(0, context.PermissionAssignments.Count()); var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId); service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <NotSupportedException>() .WithMessage(String.Format("The requested permission with id [{0}] is not a valid permission for the resource.", permission.PermissionId)); Func <Task> f = async() => { await service.GrantPermissionsAsync(grantedPermission); }; f.ShouldThrow <NotSupportedException>() .WithMessage(String.Format("The requested permission with id [{0}] is not a valid permission for the resource.", permission.PermissionId)); }
public void TestConstructor() { var foreignResourceId = 1; var resourceId = 2; var resourceTypeId = ResourceType.Project.Id; var parentForeignResourceId = 4; var parentResourceId = 5; var parentResourceTypeId = ResourceType.Program.Id; var cache = new ForeignResourceCache(foreignResourceId, resourceId, resourceTypeId, parentForeignResourceId, parentResourceId, parentResourceTypeId); Assert.AreEqual(foreignResourceId, cache.ForeignResourceId); Assert.AreEqual(resourceId, cache.ResourceId); Assert.AreEqual(resourceTypeId, cache.ResourceTypeId); Assert.AreEqual(parentForeignResourceId, cache.ParentForeignResourceId); Assert.AreEqual(parentResourceId, cache.ParentResourceId); Assert.AreEqual(parentResourceTypeId, cache.ParentResourceTypeId); }
public void TestGrantPermission_ResourceDoesNotExist() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; context.Principals.Add(grantor); context.Principals.Add(grantee); context.Permissions.Add(permission); ForeignResourceCache foreignResourceCache = null; resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, 0, resourceType.Value, grantor.PrincipalId); //invoking async Func <Task> grantAction = async() => { await service.GrantPermissionsAsync(grantedPermission); }; service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.", grantedPermission.ForeignResourceId, grantedPermission.ResourceTypeAsString)); grantAction.ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.", grantedPermission.ForeignResourceId, grantedPermission.ResourceTypeAsString)); }
public async Task TestDeletePermission_PrincipalIsUserAccount() { var foreignResourceId = 1; var user = new UserAccount { PrincipalId = 2 }; var permissionAssignment = new PermissionAssignment { PermissionId = 1, PrincipalId = user.PrincipalId, ResourceId = 3 }; var foreignResourceCache = new ForeignResourceCache(foreignResourceId, permissionAssignment.ResourceId, 0, null, null, null); context.SetupActions.Add(() => { user.PermissionsRevisedOn = null; context.PermissionAssignments.Add(permissionAssignment); context.UserAccounts.Add(user); }); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); var deletedPermission = new DeletedPermission(permissionAssignment.PrincipalId, foreignResourceId, permissionAssignment.PermissionId, ResourceType.Project.Value); context.Revert(); Assert.AreEqual(1, context.PermissionAssignments.Count()); service.DeletePermission(deletedPermission); Assert.AreEqual(0, context.PermissionAssignments.Count()); DateTimeOffset.UtcNow.Should().BeCloseTo(user.PermissionsRevisedOn.Value, 2000); context.Revert(); Assert.AreEqual(1, context.PermissionAssignments.Count()); await service.DeletePermissionAsync(deletedPermission); Assert.AreEqual(0, context.PermissionAssignments.Count()); DateTimeOffset.UtcNow.Should().BeCloseTo(user.PermissionsRevisedOn.Value, 2000); }
public async Task TestConstructor_OnActionExecutingAsync_ResourceTypeIsNotKnown() { var id = 1; var foreignResourceCache = new ForeignResourceCache(0, id, 0, null, null, null); var actionArgument = "id"; var permissionModel = new PermissionModel { Id = Permission.ViewProgram.Id, Name = Permission.ViewProgram.Value }; var resourceType = "idontexist"; var user = GetTestUser(); userProvider.Setup(x => x.GetCurrentUser()).Returns(user); resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(default(int?)); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); permissionService.Setup(x => x.HasPermission(It.IsAny <int>(), It.IsAny <int?>(), It.IsAny <int>(), It.IsAny <List <IPermission> >())).Returns(true); permissionService.Setup(x => x.GetPermissionByNameAsync(It.IsAny <string>())).ReturnsAsync(permissionModel); userProvider.Setup(x => x.IsUserValidAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(true); var attribute = new ResourceAuthorizeAttribute(permissionModel.Name, resourceType, actionArgument); var actionContext = ContextUtil.CreateActionContext(); actionContext.RequestContext.Principal = Thread.CurrentPrincipal; actionContext.ActionArguments.Add(actionArgument, id); var cts = new CancellationTokenSource(); var exceptionCaught = false; try { await attribute.OnActionExecutingAsync(actionContext, cts.Token); } catch (NotSupportedException e) { exceptionCaught = true; Assert.AreEqual(String.Format("The resource type name [{0}] does not have a matching resource id in CAM.", resourceType), e.Message); } Assert.IsTrue(exceptionCaught); }
public async Task TestConstructor_OnActionExecutingAsync_UserDoesNotHavePermission() { var permissionModel = new PermissionModel { Id = Permission.ViewProgram.Id, Name = Permission.ViewProgram.Value }; var exceptionCaught = false; var id = 1; var foreignResourceCache = new ForeignResourceCache(0, id, 0, null, null, null); var user = GetTestUser(); userProvider.Setup(x => x.GetCurrentUser()).Returns(user); userProvider.Setup(x => x.IsUserValidAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(true); resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(1); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); permissionService.Setup(x => x.HasPermission(It.IsAny <int>(), It.IsAny <int?>(), It.IsAny <int>(), It.IsAny <List <IPermission> >())).Returns(false); permissionService.Setup(x => x.GetPermissionByNameAsync(It.IsAny <string>())).ReturnsAsync(permissionModel); var attribute = new ResourceAuthorizeAttribute(permissionModel.Name, ResourceType.Program.Value, id); try { var actionContext = ContextUtil.CreateActionContext(); actionContext.RequestContext.Principal = Thread.CurrentPrincipal; var cts = new CancellationTokenSource(); await attribute.OnActionExecutingAsync(actionContext, cts.Token); } catch (HttpResponseException e) { exceptionCaught = true; Assert.AreEqual(HttpStatusCode.Forbidden, e.Response.StatusCode); } Assert.IsTrue(exceptionCaught); Assert.AreEqual(AuthorizationResult.Denied, attribute.GetAuthorizationResult()); //make sure we fall into checking permissions userProvider.Verify(x => x.GetPermissionsAsync(It.IsAny <IWebApiUser>()), Times.Once()); }
public void TestRevokePermission_GrantorDoesNotExist() { var grantee = new Principal { PrincipalId = 1, }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); context.Principals.Add(grantee); context.Permissions.Add(permission); context.Resources.Add(resource); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); var revokedPermission = new RevokedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, 0); //invoking async Func <Task> revokeAction = async() => { await service.RevokePermissionAsync(revokedPermission); }; service.Invoking(x => x.RevokePermission(revokedPermission)).ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The user with id [{0}] granting the permission could not be found.", revokedPermission.Audit.UserId)); revokeAction.ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The user with id [{0}] granting the permission could not be found.", revokedPermission.Audit.UserId)); }
public async Task TestGetUserPermissionsAsync_UserHasZeroPermissions() { var resourceId = 1; var foreignResourceId = 3; var foreignResourceCache = new ForeignResourceCache(0, resourceId, 0, null, null, null); var resourceType = "Program"; var simpleUser = new SimpleUser { Id = Guid.NewGuid() }; var userPermissions = new List <IPermission>(); resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(1); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); userProvider.Setup(x => x.GetPermissionsAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(userPermissions); var permissions = await controller.GetUserPermissionsAsync(simpleUser, resourceType, foreignResourceId); Assert.AreEqual(0, permissions.Count()); resourceService.Verify(x => x.GetResourceTypeId(It.IsAny <string>()), Times.Once()); userProvider.Verify(x => x.GetPermissionsAsync(It.IsAny <IWebApiUser>()), Times.Once()); }
public void TestRevokePermission_PermissionDoesNotExist() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); context.Principals.Add(grantor); context.Principals.Add(grantee); context.Resources.Add(resource); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); var revokedPermission = new RevokedPermission(grantee.PrincipalId, 0, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId); //invoking async Func <Task> revokeAction = async() => { await service.RevokePermissionAsync(revokedPermission); }; service.Invoking(x => x.RevokePermission(revokedPermission)).ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The permission with id [{0}] was not found.", revokedPermission.PermissionId)); revokeAction.ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The permission with id [{0}] was not found.", revokedPermission.PermissionId)); }
public async Task TestDeletePermission_PrincipalIsNotUserAccount() { var foreignResourceId = 1; var principal = new Principal { PrincipalId = 2 }; var permissionAssignment = new PermissionAssignment { PermissionId = 1, PrincipalId = principal.PrincipalId, ResourceId = 3 }; var foreignResourceCache = new ForeignResourceCache(foreignResourceId, permissionAssignment.ResourceId, 0, null, null, null); context.SetupActions.Add(() => { context.PermissionAssignments.Add(permissionAssignment); context.Principals.Add(principal); }); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); var deletedPermission = new DeletedPermission(permissionAssignment.PrincipalId, foreignResourceId, permissionAssignment.PermissionId, ResourceType.Project.Value); context.Revert(); Assert.AreEqual(1, context.PermissionAssignments.Count()); service.DeletePermission(deletedPermission); Assert.AreEqual(0, context.PermissionAssignments.Count()); context.Revert(); Assert.AreEqual(1, context.PermissionAssignments.Count()); await service.DeletePermissionAsync(deletedPermission); Assert.AreEqual(0, context.PermissionAssignments.Count()); }
public void TestDeletePermission_ForeignResourceByIdDoesNotExist() { var user = new UserAccount { PrincipalId = 2 }; context.UserAccounts.Add(user); ForeignResourceCache foreignResourceCache = null; resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); var deletedPermission = new DeletedPermission(user.PrincipalId, 0, 0, ResourceType.Project.Value); Func <Task> f = async() => { await service.DeletePermissionAsync(deletedPermission); }; service.Invoking(x => x.DeletePermission(deletedPermission)).ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.", 0, ResourceType.Project.Value)); f.ShouldThrow <ModelNotFoundException>() .WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.", 0, ResourceType.Project.Value)); }
public async Task TestRevokePermission_PrincipalIsNotUserAccount() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); context.SetupActions.Add(() => { context.Principals.Add(grantor); context.Principals.Add(grantee); context.Permissions.Add(permission); context.Resources.Add(resource); Assert.AreEqual(0, context.PermissionAssignments.Count()); }); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList(permission)); resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList(permission)); Action tester = () => { Assert.AreEqual(1, context.PermissionAssignments.Count()); var firstAssignment = context.PermissionAssignments.First(); Assert.IsFalse(firstAssignment.IsAllowed); Assert.AreEqual(grantor.PrincipalId, firstAssignment.AssignedBy); Assert.AreEqual(permission.PermissionId, firstAssignment.PermissionId); Assert.AreEqual(grantee.PrincipalId, firstAssignment.PrincipalId); Assert.AreEqual(resource.ResourceId, firstAssignment.ResourceId); DateTimeOffset.Now.Should().BeCloseTo(firstAssignment.AssignedOn, 2000); }; context.Revert(); var revokedPermission = new RevokedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId); service.RevokePermission(revokedPermission); tester(); context.Revert(); context.PermissionAssignments = new PermissionAssignmentTestDbSet(); await service.RevokePermissionAsync(revokedPermission); tester(); }
public async Task TestRevokePermission_PermissionIsAlreadyGrantedButAllowed() { var grantor = new Principal { PrincipalId = 1, }; var grantee = new Principal { PrincipalId = 2 }; var permission = new CAM.Data.Permission { PermissionId = CAM.Data.Permission.EditOffice.Id, PermissionName = CAM.Data.Permission.EditOffice.Value }; var resourceType = ResourceType.Program; var resource = new Resource { ResourceId = 8, ForeignResourceId = 10, ResourceTypeId = resourceType.Id, }; var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null); var permissionAssignment = new PermissionAssignment { PrincipalId = grantee.PrincipalId, PermissionId = permission.PermissionId, ResourceId = resource.ResourceId, IsAllowed = true }; context.SetupActions.Add(() => { context.Principals.Add(grantor); context.Principals.Add(grantee); context.Permissions.Add(permission); context.Resources.Add(resource); context.PermissionAssignments.Add(permissionAssignment); permissionAssignment.IsAllowed = true; Assert.AreEqual(1, context.PermissionAssignments.Count()); }); resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache); resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache); resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList(permission)); resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList(permission)); Action tester = () => { Assert.AreEqual(1, context.PermissionAssignments.Count()); Assert.IsFalse(context.PermissionAssignments.First().IsAllowed); }; context.Revert(); var revokedPermission = new RevokedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId); service.RevokePermission(revokedPermission); context.Revert(); await service.RevokePermissionAsync(revokedPermission); tester(); }