public async Task Evaluate_should_return_matched_permissions()
{
_policy.Roles.AddRange(new[] {
new Role {
Name = "role", Subjects = { "1" }
},
new Role {
Name = "xoxo", Subjects = { "2" }
},
});
_policy.Permissions.AddRange(new[] {
new Permission {
Name = "a", Roles = { "role" }
},
new Permission {
Name = "c", Roles = { "role" }
},
new Permission {
Name = "b", Roles = { "xoxo" }
},
});
var user = TestUser.Create("1");
var result = await LocalPolicyService.EvaluateAsync(user, _policy);
result.Permissions.Should().BeEquivalentTo(new[] { "a", "c" });
}
public async Task Evaluate_should_not_allow_identity_roles_to_match_permissions()
{
_policy.Permissions.AddRange(new[] {
new Permission {
Name = "perm", Roles = { "role" }
},
});
var user = TestUser.Create("1", roles: new[] { "role" });
var result = await LocalPolicyService.EvaluateAsync(user, _policy);
result.Permissions.Should().BeEmpty();
}
public async Task Evaluate_should_return_remove_duplicate_roles()
{
_policy.Roles.AddRange(new[] {
new Role {
Name = "a", Subjects = { "1" }
},
new Role {
Name = "a", Subjects = { "1" }
},
});
var user = TestUser.Create("1");
var result = await LocalPolicyService.EvaluateAsync(user, _policy);
result.Roles.Should().BeEquivalentTo(new[] { "a" });
}
public async Task Evaluate_should_not_return_unmatched_roles()
{
_policy.Roles.AddRange(new[] {
new Role {
Name = "c", Subjects = { "2" }
},
new Role {
Name = "a", Subjects = { "3" }
},
new Role {
Name = "b", Subjects = { "2" }
},
});
var user = TestUser.Create("1");
var result = await LocalPolicyService.EvaluateAsync(user, _policy);
result.Roles.Should().BeEmpty();
}
public void Evaluate_should_require_user()
{
Func <Task> a = () => LocalPolicyService.EvaluateAsync(null, _policy);
a.Should().Throw <ArgumentNullException>();
}
