private void GivenRole() { _roleApiModel = new RoleApiModel { Name = "stub-create-delete-user-name" }; }
private async Task WhenSpecifiedRoleRequestedById() { var actionResult = await _roleController.Get(_databaseRole.Id); var jsonResult = (JsonResult)actionResult; _roleApiModel = (RoleApiModel)jsonResult.Value; }
public async Task Post_ReturnsOkResult_WhenModelIsValid() { var model = new RoleApiModel(); var result = await _sut.Post(model); Assert.IsType(typeof(OkResult), result); }
public void AddRole_ReturnsForbidden(RoleApiModel roleToPost, string scope) { var existingClient = ExistingClients.First(); var rolesModule = CreateBrowser(new Claim(Claims.Scope, scope), new Claim(Claims.ClientId, existingClient.Id)); var result = rolesModule.Post($"/roles", with => with.JsonBody(roleToPost)).Result; Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode); }
public async Task <RoleApiModel> AddRole(string accessToken, RoleApiModel roleModel) { var message = new HttpRequestMessage(HttpMethod.Post, new RoleRouteBuilder().Route) .AddContent(roleModel) .AddAcceptHeader() .AddBearerToken(accessToken); return(await SendAndParseJson <RoleApiModel>(message).ConfigureAwait(false)); }
public async Task Post_CallsCreateMethod_WhenModelIsValid() { var model = new RoleApiModel { Name = "role-stub" }; await _sut.Post(model); _roleServiceMock.Verify(accountService => accountService.CreateAsync(model.Name), Times.Once); }
private async Task RegisterRole() { var response = await this.PostWithJsonBody(this._authorizationClient.BaseAddress, "/roles", FunctionalTestHelpers.RoleHcAdmin, this._installerAccessToken).ConfigureAwait(false); Assert.Equal(System.Net.HttpStatusCode.Created, response.StatusCode); string responseString = await response.Content.ReadAsStringAsync(); RoleApiModel responseRole = responseString.FromJson <RoleApiModel>(); this._roleId = responseRole.Id; }
private async Task RemoveRoleFromGroupAsync(GroupRoleApiModel group, RoleApiModel role) { var groupRoleResponse = await _browser.Delete($"/groups/{group.GroupName}/roles", with => { with.HttpRequest(); with.JsonBody(new[] { new { RoleId = role.Id } }); }); Assert.Equal(HttpStatusCode.OK, groupRoleResponse.StatusCode); }
private async Task RemoveUserFromRoleAsync(UserApiModel user, RoleApiModel role) { var userRole = await _browser.Delete($"/user/{user.IdentityProvider}/{user.SubjectId}/roles", with => { with.HttpRequest(); with.JsonBody(new[] { role }); }); Assert.Equal(HttpStatusCode.OK, userRole.StatusCode); }
public async Task <IActionResult> Post([FromBody] RoleApiModel roleApiModel) { if (ModelState.IsValid) { await _roleService.CreateAsync(roleApiModel.Name); _logger.LogInformation($"New role {roleApiModel.Name} was created"); return(Ok()); } return(BadRequest(ModelState)); }
private async Task AssociateUserToRoleAsync(UserApiModel user, RoleApiModel role) { var groupRoleResponse = await _browser.Post($"/user/{user.IdentityProvider}/{user.SubjectId}/roles", with => { with.HttpRequest(); with.JsonBody(new[] { role }); }); Assert.Equal(HttpStatusCode.OK, groupRoleResponse.StatusCode); }
/// <inheritdoc/> public async Task CreateRoleAsync(RoleApiModel role, CancellationToken ct) { if (role == null) { throw new ArgumentNullException(nameof(role)); } var uri = new UriBuilder($"{_serviceUri}/v2/roles"); var request = _httpClient.NewRequest(uri.Uri, Resource.Platform); _serializer.SerializeToRequest(request, role); var response = await _httpClient.PutAsync(request, ct).ConfigureAwait(false); response.Validate(); }
public void AddRole_ReturnsBadRequest(RoleApiModel roleToPost, int errorCount) { var existingClient = ExistingClients.First(); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, existingClient.Id)); var result = rolesModule.Post($"/roles", with => with.JsonBody(roleToPost)).Result; Assert.Equal(HttpStatusCode.BadRequest, result.StatusCode); var error = result.Body.DeserializeJson <Error>(); Assert.NotNull(error); if (errorCount > 0) { Assert.Equal(errorCount, error.Details.Length); } }
private async Task AssociateGroupToRoleAsync(GroupRoleApiModel group, RoleApiModel role) { var groupRoleResponse = await _browser.Post($"/groups/{group.GroupName}/roles", with => { with.HttpRequest(); with.JsonBody(new[] { new { role.Grain, role.SecurableItem, role.Name, role.Id } }); }); Assert.Equal(HttpStatusCode.OK, groupRoleResponse.StatusCode); }
public void AddRole_Succeeds() { var existingClient = ExistingClients.First(); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, existingClient.Id)); var roleToPost = new RoleApiModel { Grain = "app", SecurableItem = existingClient.Id, Name = "test" }; var result = rolesModule.Post($"/roles", with => with.JsonBody(roleToPost)).Result; Assert.Equal(HttpStatusCode.Created, result.StatusCode); var newRole = result.Body.DeserializeJson <RoleApiModel>(); Assert.Equal(roleToPost.Name, newRole.Name); Assert.NotNull(newRole.Id); }
public async Task CreateRoleAsync(RoleApiModel roleApiModel) { if (ModelState.IsValid) { var role = new RoleModel { Name = roleApiModel.Name }; var result = await _roleManager.CreateAsync(role); if (result.Succeeded) { _logger.LogInformation("New Role created"); } else { _logger.LogInformation("Role not created."); } } }
public IHttpActionResult Get(int id, [FromUri] BaseApiParameterModel param) { try { if (id <= 0) { return(BadRequest(Messages.ApiIllegalParameter)); } RoleModel model; model = dbContext.RoleModels.Where(x => x.Id == id).SingleOrDefault(); if (model == null) { return(NotFound()); } RoleApiModel result = Mapper.Map <RoleApiModel>(model); return(Ok(result)); } catch (Exception ex) { return(InternalServerError(ex)); } }
public void TestInheritance_Success() { var group = Group1; // Adding permissions var post = this.Browser.Post("/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Grain", "app"); with.FormValue("SecurableItem", "userprincipal"); with.FormValue("Name", "greatgrandfatherpermissions"); }).Result; var ggfperm = post.Body.DeserializeJson <PermissionApiModel>(); post = this.Browser.Post("/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Grain", "app"); with.FormValue("SecurableItem", "userprincipal"); with.FormValue("Name", "grandfatherpermissions"); }).Result; var gfperm = post.Body.DeserializeJson <PermissionApiModel>(); post = this.Browser.Post("/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Grain", "app"); with.FormValue("SecurableItem", "userprincipal"); with.FormValue("Name", "fatherpermissions"); }).Result; var fperm = post.Body.DeserializeJson <PermissionApiModel>(); post = this.Browser.Post("/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Grain", "app"); with.FormValue("SecurableItem", "userprincipal"); with.FormValue("Name", "himselfpermissions"); }).Result; var hsperm = post.Body.DeserializeJson <PermissionApiModel>(); post = this.Browser.Post("/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Grain", "app"); with.FormValue("SecurableItem", "userprincipal"); with.FormValue("Name", "sonpermissions"); }).Result; var sonperm = post.Body.DeserializeJson <PermissionApiModel>(); // Adding Roles var role = new RoleApiModel() { Grain = "app", SecurableItem = "userprincipal", Name = "greatgrandfather", Permissions = new List <PermissionApiModel> { ggfperm } }; post = this.Browser.Post("/roles", with => // -3 { with.HttpRequest(); with.Header("Accept", "application/json"); with.JsonBody(role); }).Result; var ggf = post.Body.DeserializeJson <RoleApiModel>(); post = this.Browser.Post("/roles", with => // -2 { with.HttpRequest(); with.Header("Accept", "application/json"); role.Name = "grandfather"; role.ParentRole = ggf.Id; role.Permissions = new List <PermissionApiModel> { gfperm }; with.JsonBody(role); }).Result; var gf = post.Body.DeserializeJson <RoleApiModel>(); post = this.Browser.Post("/roles", with => // -1 { with.HttpRequest(); with.Header("Accept", "application/json"); role.Name = "father"; role.ParentRole = gf.Id; role.Permissions = new List <PermissionApiModel> { fperm }; with.JsonBody(role); }).Result; var f = post.Body.DeserializeJson <RoleApiModel>(); post = this.Browser.Post("/roles", with => // 0 { with.HttpRequest(); with.Header("Accept", "application/json"); role.Name = "himself"; role.ParentRole = f.Id; role.Permissions = new List <PermissionApiModel> { hsperm }; with.JsonBody(role); }).Result; var hs = post.Body.DeserializeJson <RoleApiModel>(); post = this.Browser.Post("/roles", with => // 1 { with.HttpRequest(); with.Header("Accept", "application/json"); role.Name = "son"; role.ParentRole = hs.Id; role.Permissions = new List <PermissionApiModel> { sonperm }; with.JsonBody(role); }).Result; post.Body.DeserializeJson <RoleApiModel>(); // Adding groups this.Browser.Post("/groups", with => { with.HttpRequest(); with.FormValue("Id", group); with.FormValue("GroupName", group); with.FormValue("GroupSource", Source1); with.Header("Accept", "application/json"); }).Wait(); this.Browser.Post($"/groups/{group}/roles", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Id", hs.Identifier); with.Header("Accept", "application/json"); }).Wait(); // Get the permissions var get = this.Browser.Get("/user/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); }).Result; Assert.Equal(HttpStatusCode.OK, get.StatusCode); Assert.True(get.Body.AsString().Contains("greatgrandfatherpermissions")); Assert.True(get.Body.AsString().Contains("grandfatherpermissions")); Assert.True(get.Body.AsString().Contains("fatherpermissions")); Assert.True(get.Body.AsString().Contains("himselfpermissions")); Assert.False(get.Body.AsString().Contains("sonpermissions")); }
public void TestRoleBlacklist_Success() { // Adding permissions var post = this.Browser.Post("/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Grain", "app"); with.FormValue("SecurableItem", "userprincipal"); with.FormValue("Name", "viewpatient"); }).Result; var viewPatientPermission = post.Body.DeserializeJson <PermissionApiModel>(); post = this.Browser.Post("/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Grain", "app"); with.FormValue("SecurableItem", "userprincipal"); with.FormValue("Name", "editpatient"); }).Result; var editPatientPermission = post.Body.DeserializeJson <PermissionApiModel>(); // Adding roles var role = new RoleApiModel() { Grain = "app", SecurableItem = "userprincipal", Name = "viewer", Permissions = new List <PermissionApiModel> { viewPatientPermission } }; post = this.Browser.Post("/roles", with => // -3 { with.HttpRequest(); with.Header("Accept", "application/json"); with.JsonBody(role); }).Result; var viewerRole = post.Body.DeserializeJson <RoleApiModel>(); post = this.Browser.Post("/roles", with => // -2 { with.HttpRequest(); with.Header("Accept", "application/json"); role.Name = "editor"; role.Permissions = new List <PermissionApiModel>() { editPatientPermission }; // Role denies viewPatient permission role.DeniedPermissions = new List <PermissionApiModel> { viewPatientPermission }; with.JsonBody(role); }).Result; var editorRole = post.Body.DeserializeJson <RoleApiModel>(); // Adding groups this.Browser.Post("/groups", with => { with.HttpRequest(); with.FormValue("Id", Group1); with.FormValue("GroupName", Group1); with.FormValue("GroupSource", Source1); with.Header("Accept", "application/json"); }).Wait(); this.Browser.Post("/groups", with => { with.HttpRequest(); with.FormValue("Id", Group2); with.FormValue("GroupName", Group2); with.FormValue("GroupSource", Source2); with.Header("Accept", "application/json"); }).Wait(); this.Browser.Post($"/groups/{Group1}/roles", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Id", viewerRole.Identifier); }).Wait(); this.Browser.Post($"/groups/{Group2}/roles", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Id", editorRole.Identifier); }).Wait(); // Get the permissions var get = this.Browser.Get("/user/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); }).Result; Assert.Equal(HttpStatusCode.OK, get.StatusCode); var permissions = get.Body.DeserializeJson <UserPermissionsApiModel>(); Assert.Contains("app/userprincipal.editpatient", permissions.Permissions); Assert.DoesNotContain("app/userprincipal.viewpatient", permissions.Permissions); // Denied by role Assert.Equal(1, permissions.Permissions.Count()); }
public void TestUserDeniedPermissionHasPrecedence_Success() { // Adding permissions var post = this.Browser.Post("/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Grain", "app"); with.FormValue("SecurableItem", "userprincipal"); with.FormValue("Name", "viewpatient"); }).Result; var viewPatientPermission = post.Body.DeserializeJson <PermissionApiModel>(); post = this.Browser.Post("/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Grain", "app"); with.FormValue("SecurableItem", "userprincipal"); with.FormValue("Name", "editpatient"); }).Result; var editPatientPermission = post.Body.DeserializeJson <PermissionApiModel>(); // Adding roles var role = new RoleApiModel() { Grain = "app", SecurableItem = "userprincipal", Name = "viewer", Permissions = new List <PermissionApiModel> { viewPatientPermission } }; post = this.Browser.Post("/roles", with => // -3 { with.HttpRequest(); with.Header("Accept", "application/json"); with.JsonBody(role); }).Result; var viewerRole = post.Body.DeserializeJson <RoleApiModel>(); post = this.Browser.Post("/roles", with => // -2 { with.HttpRequest(); with.Header("Accept", "application/json"); role.Name = "editor"; role.Permissions = new List <PermissionApiModel> { editPatientPermission }; with.JsonBody(role); }).Result; var editorRole = post.Body.DeserializeJson <RoleApiModel>(); // Adding groups this.Browser.Post("/groups", with => { with.HttpRequest(); with.FormValue("Id", Group1); with.FormValue("GroupName", Group1); with.FormValue("GroupSource", Source1); with.Header("Accept", "application/json"); }).Wait(); this.Browser.Post("/groups", with => { with.HttpRequest(); with.FormValue("Id", Group2); with.FormValue("GroupName", Group2); with.FormValue("GroupSource", Source2); with.Header("Accept", "application/json"); }).Wait(); this.Browser.Post($"/groups/{Group1}/roles", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Id", viewerRole.Identifier); }).Wait(); this.Browser.Post($"/groups/{Group2}/roles", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Id", editorRole.Identifier); }).Wait(); // Adding same permission to blacklist and whitellist string subjectId = "userprincipal"; editPatientPermission.PermissionAction = PermissionAction.Deny; this.Browser.Post($"/user/{IdentityProvider}/{subjectId}/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); var perms = new List <PermissionApiModel> { editPatientPermission }; with.JsonBody(perms); }).Wait(); var modifyPatientPermission = new PermissionApiModel() { Grain = "app", SecurableItem = "userprincipal", Name = "modifypatient" }; modifyPatientPermission.PermissionAction = PermissionAction.Allow; this.Browser.Post($"/user/{IdentityProvider}/{subjectId}/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); var perms = new List <PermissionApiModel> { editPatientPermission, modifyPatientPermission }; with.JsonBody(perms); }).Wait(); // Get the permissions var get = this.Browser.Get("/user/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); }).Result; Assert.Equal(HttpStatusCode.OK, get.StatusCode); var permissions = get.Body.DeserializeJson <UserPermissionsApiModel>(); Assert.Contains("app/userprincipal.viewpatient", permissions.Permissions); // from role Assert.Contains("app/userprincipal.modifypatient", permissions.Permissions); // only whitelisted Assert.DoesNotContain("app/userprincipal.editpatient", permissions.Permissions); // from role & backlisted & whitelisted Assert.Equal(2, permissions.Permissions.Count()); // Deny modifypatient and try again modifyPatientPermission.PermissionAction = PermissionAction.Deny; this.Browser.Post($"/user/{IdentityProvider}/{subjectId}/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); var perms = new List <PermissionApiModel>() { editPatientPermission, modifyPatientPermission }; with.JsonBody(perms); }).Wait(); get = this.Browser.Get("/user/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); }).Result; Assert.Equal(HttpStatusCode.OK, get.StatusCode); permissions = get.Body.DeserializeJson <UserPermissionsApiModel>(); Assert.Contains("app/userprincipal.viewpatient", permissions.Permissions); // from role Assert.DoesNotContain("app/userprincipal.modifypatient", permissions.Permissions); // backlisted & whitelisted Assert.DoesNotContain("app/userprincipal.editpatient", permissions.Permissions); // from role & backlisted & whitelisted Assert.Equal(1, permissions.Permissions.Count()); }
public IHttpActionResult Put(int id, [FromBody] RoleApiModel value) { return(StatusCode(HttpStatusCode.MethodNotAllowed)); }
public void TestUserWhitelist_Success() { // Adding permissions var post = this.Browser.Post("/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Grain", "app"); with.FormValue("SecurableItem", "userprincipal"); with.FormValue("Name", "viewpatient"); }).Result; var viewPatientPermission = post.Body.DeserializeJson <PermissionApiModel>(); post = this.Browser.Post("/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Grain", "app"); with.FormValue("SecurableItem", "userprincipal"); with.FormValue("Name", "editpatient"); }).Result; var editPatientPermission = post.Body.DeserializeJson <PermissionApiModel>(); // Adding roles var role = new RoleApiModel() { Grain = "app", SecurableItem = "userprincipal", Name = "viewer", Permissions = new List <PermissionApiModel> { viewPatientPermission } }; post = this.Browser.Post("/roles", with => // -3 { with.HttpRequest(); with.Header("Accept", "application/json"); with.JsonBody(role); }).Result; var viewerRole = post.Body.DeserializeJson <RoleApiModel>(); post = this.Browser.Post("/roles", with => // -2 { with.HttpRequest(); with.Header("Accept", "application/json"); role.Name = "editor"; role.Permissions = new List <PermissionApiModel> { editPatientPermission }; with.JsonBody(role); }).Result; var editorRole = post.Body.DeserializeJson <RoleApiModel>(); // Adding groups this.Browser.Post("/groups", with => { with.HttpRequest(); with.FormValue("Id", Group1); with.FormValue("GroupName", Group1); with.FormValue("GroupSource", Source1); with.Header("Accept", "application/json"); }).Wait(); this.Browser.Post("/groups", with => { with.HttpRequest(); with.FormValue("Id", Group2); with.FormValue("GroupName", Group2); with.FormValue("GroupSource", Source2); with.Header("Accept", "application/json"); }).Wait(); this.Browser.Post($"/groups/{Group1}/roles", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Id", viewerRole.Identifier); }).Wait(); this.Browser.Post($"/groups/{Group2}/roles", with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.FormValue("Id", editorRole.Identifier); }).Wait(); // Adding permission (user also can modify patient, even though role doesn't) var modifyPatientPermission = new PermissionApiModel() { Grain = "app", SecurableItem = "userprincipal", Name = "modifypatient", PermissionAction = PermissionAction.Allow }; string subjectId = "userprincipal"; this.Browser.Post($"/user/{IdentityProvider}/{subjectId}/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); var perms = new List <PermissionApiModel> { modifyPatientPermission }; with.JsonBody(perms); }).Wait(); // Get the permissions var get = this.Browser.Get("/user/permissions", with => { with.HttpRequest(); with.Header("Accept", "application/json"); }).Result; Assert.Equal(HttpStatusCode.OK, get.StatusCode); var permissions = get.Body.DeserializeJson <UserPermissionsApiModel>(); Assert.Contains("app/userprincipal.editpatient", permissions.Permissions); Assert.Contains("app/userprincipal.viewpatient", permissions.Permissions); Assert.Contains("app/userprincipal.modifypatient", permissions.Permissions); Assert.Equal(3, permissions.Permissions.Count()); }