public async Task ShouldNotBeAbleToExecuteAnyQueriesWithoutPermission() { using var context = new SiteContext() .WithPermissionsContext(new PermissionsContext { UsePermissionsContext = true }); await context.InitializeAsync(); var response = await context.GraphQLClient.Client.GetAsync("api/graphql"); Assert.Equal(System.Net.HttpStatusCode.Unauthorized, response.StatusCode); }
public async Task ShouldCreateBlog(string databaseProvider, string connectionString) { using var context = new SiteContext() .WithDatabaseProvider(databaseProvider) .WithConnectionString(connectionString); // Act await context.InitializeAsync(); var result = await context.Client.GetAsync("/"); Assert.True(result.IsSuccessStatusCode); }
public async Task ShouldNotReturnBlogsWithoutViewBlogContentPermission() { using var context = new SiteContext() .WithPermissionsContext(new PermissionsContext { UsePermissionsContext = true, AuthorizedPermissions = new[] { GraphQLApi.Permissions.ExecuteGraphQL } }); await context.InitializeAsync(); var result = await context.GraphQLClient.Content .Query("blog", builder => { builder.WithField("contentItemId"); }); Assert.Equal(GraphQLApi.ValidationRules.RequiresPermissionValidationRule.ErrorCode, result["errors"][0]["extensions"]["code"]); }
public async Task ShouldReturnBlogsWithViewBlogContentPermission() { using var context = new SiteContext() .WithPermissionsContext(new PermissionsContext { UsePermissionsContext = true, AuthorizedPermissions = new[] { GraphQLApi.Permissions.ExecuteGraphQL, Contents.Permissions.ViewContent } }); await context.InitializeAsync(); var result = await context.GraphQLClient.Content .Query("blog", builder => { builder.WithField("contentItemId"); }); Assert.NotEmpty(result["data"]["blog"]); }