public async Task ShouldNotBeAbleToExecuteAnyQueriesWithoutPermission()
{
using var context = new SiteContext()
.WithPermissionsContext(new PermissionsContext { UsePermissionsContext = true });
await context.InitializeAsync();
var response = await context.GraphQLClient.Client.GetAsync("api/graphql");
Assert.Equal(System.Net.HttpStatusCode.Unauthorized, response.StatusCode);
}
public async Task ShouldCreateBlog(string databaseProvider, string connectionString)
{
using var context = new SiteContext()
.WithDatabaseProvider(databaseProvider)
.WithConnectionString(connectionString);
// Act
await context.InitializeAsync();
var result = await context.Client.GetAsync("/");
Assert.True(result.IsSuccessStatusCode);
}
public async Task ShouldNotReturnBlogsWithoutViewBlogContentPermission()
{
using var context = new SiteContext()
.WithPermissionsContext(new PermissionsContext
{
UsePermissionsContext = true,
AuthorizedPermissions = new[]
{
GraphQLApi.Permissions.ExecuteGraphQL
}
});
await context.InitializeAsync();
var result = await context.GraphQLClient.Content
.Query("blog", builder =>
{
builder.WithField("contentItemId");
});
Assert.Equal(GraphQLApi.ValidationRules.RequiresPermissionValidationRule.ErrorCode, result["errors"][0]["extensions"]["code"]);
}
public async Task ShouldReturnBlogsWithViewBlogContentPermission()
{
using var context = new SiteContext()
.WithPermissionsContext(new PermissionsContext
{
UsePermissionsContext = true,
AuthorizedPermissions = new[]
{
GraphQLApi.Permissions.ExecuteGraphQL,
Contents.Permissions.ViewContent
}
});
await context.InitializeAsync();
var result = await context.GraphQLClient.Content
.Query("blog", builder =>
{
builder.WithField("contentItemId");
});
Assert.NotEmpty(result["data"]["blog"]);
}
