public async Task TestConstructor_OnActionExecutingAsync_UserHasPermission()
{
var permissionModel = new PermissionModel
{
Id = Permission.ViewProgram.Id,
Name = Permission.ViewProgram.Value
};
var id = 1;
var user = GetTestUser();
var foreignResourceCache = new ForeignResourceCache(0, 1, 0, null, null, null);
userProvider.Setup(x => x.GetCurrentUser()).Returns(user);
userProvider.Setup(x => x.IsUserValidAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(true);
resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(1);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
permissionService.Setup(x => x.HasPermission(It.IsAny <int>(), It.IsAny <int?>(), It.IsAny <int>(), It.IsAny <List <IPermission> >())).Returns(true);
permissionService.Setup(x => x.GetPermissionByNameAsync(It.IsAny <string>())).ReturnsAsync(permissionModel);
var attribute = new ResourceAuthorizeAttribute(permissionModel.Name, ResourceType.Program.Value, id);
var actionContext = ContextUtil.CreateActionContext();
actionContext.RequestContext.Principal = Thread.CurrentPrincipal;
var cts = new CancellationTokenSource();
await attribute.OnActionExecutingAsync(actionContext, cts.Token);
Assert.AreEqual(AuthorizationResult.Allowed, attribute.GetAuthorizationResult());
}
public void TestDeletePermission_PermissionAssignmentDoesNotExist()
{
var foreignResourceId = 1;
var user = new UserAccount
{
PrincipalId = 2
};
var permissionAssignment = new PermissionAssignment
{
PermissionId = 1,
PrincipalId = user.PrincipalId,
ResourceId = 3
};
var foreignResourceCache = new ForeignResourceCache(foreignResourceId, permissionAssignment.ResourceId, 0, null, null, null);
context.PermissionAssignments.Add(permissionAssignment);
context.UserAccounts.Add(user);
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var deletedPermission = new DeletedPermission(user.PrincipalId, 0, 0, ResourceType.Project.Value);
Func <Task> f = async() =>
{
await service.DeletePermissionAsync(deletedPermission);
};
service.Invoking(x => x.DeletePermission(deletedPermission)).ShouldThrow <ModelNotFoundException>()
.WithMessage("The permission assignment was not found.");
f.ShouldThrow <ModelNotFoundException>()
.WithMessage("The permission assignment was not found.");
}
public void TestRevokePermission_MultiplePermissionsExist()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
var permissionAssignment1 = new PermissionAssignment
{
PrincipalId = grantee.PrincipalId,
PermissionId = permission.PermissionId,
ResourceId = resource.ResourceId,
IsAllowed = false
};
var permissionAssignment2 = new PermissionAssignment
{
PrincipalId = grantee.PrincipalId,
PermissionId = permission.PermissionId,
ResourceId = resource.ResourceId,
IsAllowed = false
};
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
context.PermissionAssignments.Add(permissionAssignment1);
context.PermissionAssignments.Add(permissionAssignment2);
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var revokedPermission = new RevokedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
Func <Task> revokeAction = async() =>
{
await service.RevokePermissionAsync(revokedPermission);
};
service.Invoking(x => x.RevokePermission(revokedPermission)).ShouldThrow <NotSupportedException>()
.WithMessage("There should not be more than one permission assignment to set is allowed true.");
revokeAction.ShouldThrow <NotSupportedException>()
.WithMessage("There should not be more than one permission assignment to set is allowed true.");
}
public async Task TestGetUserPermissionsForResourceAsync_CheckDistinctPermissionsReturned()
{
var resourceId = 1;
var foreignResourceId = 3;
var resourceType = "Program";
var resourceTypeId = 1;
var principalId = 1;
var permissionId = 2;
var permissionName = "my permission";
var permissionModel = new PermissionModel
{
Id = permissionId,
Name = permissionName
};
var foreignResourceCache = new ForeignResourceCache(foreignResourceId, resourceId, resourceTypeId, null, null, null);
var simpleUser = new SimpleUser
{
Id = Guid.NewGuid()
};
var userPermissions = new List <IPermission>();
userPermissions.Add(new SimplePermission
{
IsAllowed = true,
PermissionId = permissionId,
PrincipalId = principalId,
ResourceId = resourceId,
ForeignResourceId = foreignResourceId,
ResourceTypeId = resourceTypeId
});
userPermissions.Add(new SimplePermission
{
IsAllowed = true,
PermissionId = permissionId,
PrincipalId = principalId,
ResourceId = resourceId,
ForeignResourceId = foreignResourceId,
ResourceTypeId = resourceTypeId
});
resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(resourceTypeId);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
permissionService.Setup(x => x.GetPermissionByIdAsync(It.IsAny <int>())).ReturnsAsync(permissionModel);
userProvider.Setup(x => x.GetPermissionsAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(userPermissions);
userProvider.Setup(x => x.GetPrincipalIdAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(principalId);
userProvider.Setup(x => x.GetCurrentUser()).Returns(simpleUser);
var results = await controller.GetUserPermissionsForResourceAsync(resourceType, foreignResourceId);
Assert.IsInstanceOfType(results, typeof(OkNegotiatedContentResult <List <ResourcePermissionViewModel> >));
var okResult = (OkNegotiatedContentResult <List <ResourcePermissionViewModel> >)results;
Assert.AreEqual(1, okResult.Content.Count());
var firstPermission = okResult.Content.First();
Assert.AreEqual(permissionName, firstPermission.PermissionName);
Assert.AreEqual(permissionId, firstPermission.PermissionId);
userProvider.Verify(x => x.GetCurrentUser(), Times.Once());
}
public async Task TestGetUserPermissionsAsync_UserHasPermissionDeniedByParentButGrantedByResource()
{
var resourceId = 1;
var parentResourceId = 2;
var foreignResourceId = 3;
var resourceType = "Program";
var resourceTypeId = 1;
var parentResourceTypeId = 2;
var foreignResourceCache = new ForeignResourceCache(foreignResourceId, resourceId, resourceTypeId, null, null, null);
var principalId = 1;
var permissionName = "my permission";
var permissionModel = new PermissionModel
{
Id = 1,
Name = permissionName
};
var simpleUser = new SimpleUser
{
Id = Guid.NewGuid()
};
var userPermissions = new List <IPermission>();
userPermissions.Add(new SimplePermission
{
IsAllowed = true,
ForeignResourceId = foreignResourceId,
PermissionId = permissionModel.Id,
PrincipalId = principalId,
ResourceId = resourceId,
ResourceTypeId = resourceTypeId
});
userPermissions.Add(new SimplePermission
{
IsAllowed = false,
ForeignResourceId = foreignResourceId,
PermissionId = permissionModel.Id,
PrincipalId = principalId,
ResourceId = parentResourceId,
ResourceTypeId = parentResourceTypeId
});
resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(resourceTypeId);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
permissionService.Setup(x => x.GetPermissionByNameAsync(It.IsAny <string>())).ReturnsAsync(permissionModel);
permissionService.Setup(x => x.GetPermissionByIdAsync(It.IsAny <int>())).ReturnsAsync(permissionModel);
userProvider.Setup(x => x.GetPermissionsAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(userPermissions);
userProvider.Setup(x => x.GetPrincipalIdAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(principalId);
var permissions = await controller.GetUserPermissionsAsync(simpleUser, resourceType, foreignResourceId);
Assert.AreEqual(1, permissions.Count());
Assert.AreEqual(permissionName, permissions.First().PermissionName);
Assert.AreEqual(permissionModel.Id, permissions.First().PermissionId);
resourceService.Verify(x => x.GetResourceTypeId(It.IsAny <string>()), Times.Once());
}
public void TestToString_UnknownResourceType()
{
var foreignResourceId = 1;
var resourceId = 2;
var resourceTypeId = -1;
var parentForeignResourceId = 4;
var parentResourceId = 5;
var parentResourceTypeId = ResourceType.Program.Id;
var cache = new ForeignResourceCache(foreignResourceId, resourceId, resourceTypeId, parentForeignResourceId, parentResourceId, parentResourceTypeId);
Assert.IsNotNull(cache.ToString());
}
public async Task TestGrantPermission_PermissionIsNotAResourcePermission()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList());
resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList());
Assert.AreEqual(0, context.PermissionAssignments.Count());
var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <NotSupportedException>()
.WithMessage(String.Format("The requested permission with id [{0}] is not a valid permission for the resource.", permission.PermissionId));
Func <Task> f = async() =>
{
await service.GrantPermissionsAsync(grantedPermission);
};
f.ShouldThrow <NotSupportedException>()
.WithMessage(String.Format("The requested permission with id [{0}] is not a valid permission for the resource.", permission.PermissionId));
}
public void TestConstructor()
{
var foreignResourceId = 1;
var resourceId = 2;
var resourceTypeId = ResourceType.Project.Id;
var parentForeignResourceId = 4;
var parentResourceId = 5;
var parentResourceTypeId = ResourceType.Program.Id;
var cache = new ForeignResourceCache(foreignResourceId, resourceId, resourceTypeId, parentForeignResourceId, parentResourceId, parentResourceTypeId);
Assert.AreEqual(foreignResourceId, cache.ForeignResourceId);
Assert.AreEqual(resourceId, cache.ResourceId);
Assert.AreEqual(resourceTypeId, cache.ResourceTypeId);
Assert.AreEqual(parentForeignResourceId, cache.ParentForeignResourceId);
Assert.AreEqual(parentResourceId, cache.ParentResourceId);
Assert.AreEqual(parentResourceTypeId, cache.ParentResourceTypeId);
}
public void TestGrantPermission_ResourceDoesNotExist()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
ForeignResourceCache foreignResourceCache = null;
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var grantedPermission = new GrantedPermission(grantee.PrincipalId, permission.PermissionId, 0, resourceType.Value, grantor.PrincipalId);
//invoking async
Func <Task> grantAction = async() =>
{
await service.GrantPermissionsAsync(grantedPermission);
};
service.Invoking(x => x.GrantPermission(grantedPermission)).ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.",
grantedPermission.ForeignResourceId,
grantedPermission.ResourceTypeAsString));
grantAction.ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.",
grantedPermission.ForeignResourceId,
grantedPermission.ResourceTypeAsString));
}
public async Task TestDeletePermission_PrincipalIsUserAccount()
{
var foreignResourceId = 1;
var user = new UserAccount
{
PrincipalId = 2
};
var permissionAssignment = new PermissionAssignment
{
PermissionId = 1,
PrincipalId = user.PrincipalId,
ResourceId = 3
};
var foreignResourceCache = new ForeignResourceCache(foreignResourceId, permissionAssignment.ResourceId, 0, null, null, null);
context.SetupActions.Add(() =>
{
user.PermissionsRevisedOn = null;
context.PermissionAssignments.Add(permissionAssignment);
context.UserAccounts.Add(user);
});
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var deletedPermission = new DeletedPermission(permissionAssignment.PrincipalId, foreignResourceId, permissionAssignment.PermissionId, ResourceType.Project.Value);
context.Revert();
Assert.AreEqual(1, context.PermissionAssignments.Count());
service.DeletePermission(deletedPermission);
Assert.AreEqual(0, context.PermissionAssignments.Count());
DateTimeOffset.UtcNow.Should().BeCloseTo(user.PermissionsRevisedOn.Value, 2000);
context.Revert();
Assert.AreEqual(1, context.PermissionAssignments.Count());
await service.DeletePermissionAsync(deletedPermission);
Assert.AreEqual(0, context.PermissionAssignments.Count());
DateTimeOffset.UtcNow.Should().BeCloseTo(user.PermissionsRevisedOn.Value, 2000);
}
public async Task TestConstructor_OnActionExecutingAsync_ResourceTypeIsNotKnown()
{
var id = 1;
var foreignResourceCache = new ForeignResourceCache(0, id, 0, null, null, null);
var actionArgument = "id";
var permissionModel = new PermissionModel
{
Id = Permission.ViewProgram.Id,
Name = Permission.ViewProgram.Value
};
var resourceType = "idontexist";
var user = GetTestUser();
userProvider.Setup(x => x.GetCurrentUser()).Returns(user);
resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(default(int?));
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
permissionService.Setup(x => x.HasPermission(It.IsAny <int>(), It.IsAny <int?>(), It.IsAny <int>(), It.IsAny <List <IPermission> >())).Returns(true);
permissionService.Setup(x => x.GetPermissionByNameAsync(It.IsAny <string>())).ReturnsAsync(permissionModel);
userProvider.Setup(x => x.IsUserValidAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(true);
var attribute = new ResourceAuthorizeAttribute(permissionModel.Name, resourceType, actionArgument);
var actionContext = ContextUtil.CreateActionContext();
actionContext.RequestContext.Principal = Thread.CurrentPrincipal;
actionContext.ActionArguments.Add(actionArgument, id);
var cts = new CancellationTokenSource();
var exceptionCaught = false;
try
{
await attribute.OnActionExecutingAsync(actionContext, cts.Token);
}
catch (NotSupportedException e)
{
exceptionCaught = true;
Assert.AreEqual(String.Format("The resource type name [{0}] does not have a matching resource id in CAM.", resourceType), e.Message);
}
Assert.IsTrue(exceptionCaught);
}
public async Task TestConstructor_OnActionExecutingAsync_UserDoesNotHavePermission()
{
var permissionModel = new PermissionModel
{
Id = Permission.ViewProgram.Id,
Name = Permission.ViewProgram.Value
};
var exceptionCaught = false;
var id = 1;
var foreignResourceCache = new ForeignResourceCache(0, id, 0, null, null, null);
var user = GetTestUser();
userProvider.Setup(x => x.GetCurrentUser()).Returns(user);
userProvider.Setup(x => x.IsUserValidAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(true);
resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(1);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
permissionService.Setup(x => x.HasPermission(It.IsAny <int>(), It.IsAny <int?>(), It.IsAny <int>(), It.IsAny <List <IPermission> >())).Returns(false);
permissionService.Setup(x => x.GetPermissionByNameAsync(It.IsAny <string>())).ReturnsAsync(permissionModel);
var attribute = new ResourceAuthorizeAttribute(permissionModel.Name, ResourceType.Program.Value, id);
try
{
var actionContext = ContextUtil.CreateActionContext();
actionContext.RequestContext.Principal = Thread.CurrentPrincipal;
var cts = new CancellationTokenSource();
await attribute.OnActionExecutingAsync(actionContext, cts.Token);
}
catch (HttpResponseException e)
{
exceptionCaught = true;
Assert.AreEqual(HttpStatusCode.Forbidden, e.Response.StatusCode);
}
Assert.IsTrue(exceptionCaught);
Assert.AreEqual(AuthorizationResult.Denied, attribute.GetAuthorizationResult());
//make sure we fall into checking permissions
userProvider.Verify(x => x.GetPermissionsAsync(It.IsAny <IWebApiUser>()), Times.Once());
}
public void TestRevokePermission_GrantorDoesNotExist()
{
var grantee = new Principal
{
PrincipalId = 1,
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var revokedPermission = new RevokedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, 0);
//invoking async
Func <Task> revokeAction = async() =>
{
await service.RevokePermissionAsync(revokedPermission);
};
service.Invoking(x => x.RevokePermission(revokedPermission)).ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The user with id [{0}] granting the permission could not be found.", revokedPermission.Audit.UserId));
revokeAction.ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The user with id [{0}] granting the permission could not be found.", revokedPermission.Audit.UserId));
}
public async Task TestGetUserPermissionsAsync_UserHasZeroPermissions()
{
var resourceId = 1;
var foreignResourceId = 3;
var foreignResourceCache = new ForeignResourceCache(0, resourceId, 0, null, null, null);
var resourceType = "Program";
var simpleUser = new SimpleUser
{
Id = Guid.NewGuid()
};
var userPermissions = new List <IPermission>();
resourceService.Setup(x => x.GetResourceTypeId(It.IsAny <string>())).Returns(1);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
userProvider.Setup(x => x.GetPermissionsAsync(It.IsAny <IWebApiUser>())).ReturnsAsync(userPermissions);
var permissions = await controller.GetUserPermissionsAsync(simpleUser, resourceType, foreignResourceId);
Assert.AreEqual(0, permissions.Count());
resourceService.Verify(x => x.GetResourceTypeId(It.IsAny <string>()), Times.Once());
userProvider.Verify(x => x.GetPermissionsAsync(It.IsAny <IWebApiUser>()), Times.Once());
}
public void TestRevokePermission_PermissionDoesNotExist()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Resources.Add(resource);
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var revokedPermission = new RevokedPermission(grantee.PrincipalId, 0, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
//invoking async
Func <Task> revokeAction = async() =>
{
await service.RevokePermissionAsync(revokedPermission);
};
service.Invoking(x => x.RevokePermission(revokedPermission)).ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The permission with id [{0}] was not found.", revokedPermission.PermissionId));
revokeAction.ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The permission with id [{0}] was not found.", revokedPermission.PermissionId));
}
public async Task TestDeletePermission_PrincipalIsNotUserAccount()
{
var foreignResourceId = 1;
var principal = new Principal
{
PrincipalId = 2
};
var permissionAssignment = new PermissionAssignment
{
PermissionId = 1,
PrincipalId = principal.PrincipalId,
ResourceId = 3
};
var foreignResourceCache = new ForeignResourceCache(foreignResourceId, permissionAssignment.ResourceId, 0, null, null, null);
context.SetupActions.Add(() =>
{
context.PermissionAssignments.Add(permissionAssignment);
context.Principals.Add(principal);
});
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var deletedPermission = new DeletedPermission(permissionAssignment.PrincipalId, foreignResourceId, permissionAssignment.PermissionId, ResourceType.Project.Value);
context.Revert();
Assert.AreEqual(1, context.PermissionAssignments.Count());
service.DeletePermission(deletedPermission);
Assert.AreEqual(0, context.PermissionAssignments.Count());
context.Revert();
Assert.AreEqual(1, context.PermissionAssignments.Count());
await service.DeletePermissionAsync(deletedPermission);
Assert.AreEqual(0, context.PermissionAssignments.Count());
}
public void TestDeletePermission_ForeignResourceByIdDoesNotExist()
{
var user = new UserAccount
{
PrincipalId = 2
};
context.UserAccounts.Add(user);
ForeignResourceCache foreignResourceCache = null;
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
var deletedPermission = new DeletedPermission(user.PrincipalId, 0, 0, ResourceType.Project.Value);
Func <Task> f = async() =>
{
await service.DeletePermissionAsync(deletedPermission);
};
service.Invoking(x => x.DeletePermission(deletedPermission)).ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.", 0, ResourceType.Project.Value));
f.ShouldThrow <ModelNotFoundException>()
.WithMessage(String.Format("The foreign resource with id [{0}] and resource type [{1}] does not exist in CAM.", 0, ResourceType.Project.Value));
}
public async Task TestRevokePermission_PrincipalIsNotUserAccount()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
context.SetupActions.Add(() =>
{
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
Assert.AreEqual(0, context.PermissionAssignments.Count());
});
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList(permission));
resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList(permission));
Action tester = () =>
{
Assert.AreEqual(1, context.PermissionAssignments.Count());
var firstAssignment = context.PermissionAssignments.First();
Assert.IsFalse(firstAssignment.IsAllowed);
Assert.AreEqual(grantor.PrincipalId, firstAssignment.AssignedBy);
Assert.AreEqual(permission.PermissionId, firstAssignment.PermissionId);
Assert.AreEqual(grantee.PrincipalId, firstAssignment.PrincipalId);
Assert.AreEqual(resource.ResourceId, firstAssignment.ResourceId);
DateTimeOffset.Now.Should().BeCloseTo(firstAssignment.AssignedOn, 2000);
};
context.Revert();
var revokedPermission = new RevokedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
service.RevokePermission(revokedPermission);
tester();
context.Revert();
context.PermissionAssignments = new PermissionAssignmentTestDbSet();
await service.RevokePermissionAsync(revokedPermission);
tester();
}
public async Task TestRevokePermission_PermissionIsAlreadyGrantedButAllowed()
{
var grantor = new Principal
{
PrincipalId = 1,
};
var grantee = new Principal
{
PrincipalId = 2
};
var permission = new CAM.Data.Permission
{
PermissionId = CAM.Data.Permission.EditOffice.Id,
PermissionName = CAM.Data.Permission.EditOffice.Value
};
var resourceType = ResourceType.Program;
var resource = new Resource
{
ResourceId = 8,
ForeignResourceId = 10,
ResourceTypeId = resourceType.Id,
};
var foreignResourceCache = new ForeignResourceCache(resource.ForeignResourceId, resource.ResourceId, resource.ResourceTypeId, null, null, null);
var permissionAssignment = new PermissionAssignment
{
PrincipalId = grantee.PrincipalId,
PermissionId = permission.PermissionId,
ResourceId = resource.ResourceId,
IsAllowed = true
};
context.SetupActions.Add(() =>
{
context.Principals.Add(grantor);
context.Principals.Add(grantee);
context.Permissions.Add(permission);
context.Resources.Add(resource);
context.PermissionAssignments.Add(permissionAssignment);
permissionAssignment.IsAllowed = true;
Assert.AreEqual(1, context.PermissionAssignments.Count());
});
resourceService.Setup(x => x.GetResourceByForeignResourceId(It.IsAny <int>(), It.IsAny <int>())).Returns(foreignResourceCache);
resourceService.Setup(x => x.GetResourceByForeignResourceIdAsync(It.IsAny <int>(), It.IsAny <int>())).ReturnsAsync(foreignResourceCache);
resourceService.Setup(x => x.GetResourcePermissions(It.IsAny <string>(), It.IsAny <int?>())).Returns(GetAvailablePermissionsList(permission));
resourceService.Setup(x => x.GetResourcePermissionsAsync(It.IsAny <string>(), It.IsAny <int?>())).ReturnsAsync(GetAvailablePermissionsList(permission));
Action tester = () =>
{
Assert.AreEqual(1, context.PermissionAssignments.Count());
Assert.IsFalse(context.PermissionAssignments.First().IsAllowed);
};
context.Revert();
var revokedPermission = new RevokedPermission(grantee.PrincipalId, permission.PermissionId, resource.ForeignResourceId, resourceType.Value, grantor.PrincipalId);
service.RevokePermission(revokedPermission);
context.Revert();
await service.RevokePermissionAsync(revokedPermission);
tester();
}
