public void EvaluateReturnsSuccessWithoutEvaluationIfNoPoliciesFound()
        {
            // Arrange
            var service = new TestSecurityPolicyService();
            var user    = new User("testUser");

            // Act
            var result = service.Evaluate(SecurityPolicyAction.PackagePush, CreateHttpContext(user));

            // Assert
            Assert.True(result.Success);
            Assert.Null(result.ErrorMessage);

            service.MockPushPolicy1.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyContext>()), Times.Never);
            service.MockPushPolicy2.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyContext>()), Times.Never);
        }
        public void EvaluateReturnsAfterFirstFailure()
        {
            // Arrange
            var service = new TestSecurityPolicyService(success1: false, success2: true);
            var user    = new User("testUser");

            user.SecurityPolicies.Add(new UserSecurityPolicy("MockPushPolicy1"));
            user.SecurityPolicies.Add(new UserSecurityPolicy("MockPushPolicy2"));

            // Act
            var result = service.Evaluate(SecurityPolicyAction.PackagePush, CreateHttpContext(user));

            // Assert
            Assert.False(result.Success);
            Assert.Equal("MockPushPolicy1", result.ErrorMessage);

            service.MockPushPolicy1.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyContext>()), Times.Once);
            service.MockPushPolicy2.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyContext>()), Times.Never);
        }