public async Task EditCalculationStatus_GivenUserDoesNotHaveCanApproveAnyCalculationPermission_Returns403()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel()
{
PublishStatus = PublishStatus.Approved
};
ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
{
FundingStreamId = "fs1", SpecificationId = specificationId
});
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
calcsClient
.GetCalculationById(Arg.Is(calculationId))
.Returns(response);
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanEditCalculations))
.Returns(true);
authorizationHelper.GetUserFundingStreamPermissions(Arg.Any <ClaimsPrincipal>(), Arg.Any <string>())
.Returns(Task.FromResult(new Common.ApiClient.Users.Models.FundingStreamPermission()));
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient);
// Act
IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model);
// Assert
result.Should().BeOfType <ForbidResult>();
await authorizationHelper
.Received(1)
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations));
await authorizationHelper
.Received(1)
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations));
}
public async Task EditCalculationStatus_GivenRequestContainsACalculationInADifferentSpecification_ReturnsError()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel()
{
PublishStatus = PublishStatus.Approved
};
ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
{
FundingStreamId = "fs1", SpecificationId = "anotherSpec"
});
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
calcsClient
.GetCalculationById(Arg.Is(calculationId))
.Returns(response);
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanEditCalculations))
.Returns(true);
authorizationHelper.GetUserFundingStreamPermissions(Arg.Any <ClaimsPrincipal>(), Arg.Any <string>())
.Returns(Task.FromResult(new Common.ApiClient.Users.Models.FundingStreamPermission()));
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient);
// Act
IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model);
// Assert
result
.Should()
.BeOfType <PreconditionFailedResult>()
.Which
.Value
.Should()
.Be("The calculation requested is not contained within the specification requested");
}
public void EditCalculationStatus_GivenFailedStatusCodeFromApprovingCalc_ThrowsInvalidOperationException()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel();
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.Forbidden);
calcsClient
.UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
.Returns(response);
ValidatedApiResponse <Calculation> calculation = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
{
FundingStreamId = "fs1", SpecificationId = specificationId
});
calcsClient
.GetCalculationById(Arg.Is(calculationId))
.Returns(calculation);
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = TestAuthHelper.CreateAuthorizationHelperSubstitute(specificationId, SpecificationActionTypes.CanApproveAnyCalculations);
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient);
// Act
Func <Task> test = async() => await controller.ApproveCalculation(specificationId, calculationId, model);
// Assert
test
.Should()
.Throw <InvalidOperationException>();
}
public async Task EditCalculationStatus_GivenBadRequestStatusCodeFromApprovingCalc_ReturnsBadRequestObjectResponse()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel();
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.BadRequest);
calcsClient
.UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
.Returns(response);
ValidatedApiResponse <Calculation> calculation = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
{
FundingStreamId = "fs1", SpecificationId = specificationId
});
calcsClient
.GetCalculationById(Arg.Is(calculationId))
.Returns(calculation);
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = TestAuthHelper.CreateAuthorizationHelperSubstitute(specificationId, SpecificationActionTypes.CanApproveAnyCalculations);
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient);
IActionResult actionResult = await controller.ApproveCalculation(specificationId, calculationId, model);
actionResult
.Should()
.BeOfType <BadRequestObjectResult>();
}
public async Task EditCalculationStatus_GivenUserHaveCanApproveCalculationPermissionAndIsLastAuthor_ReturnsForbid()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel()
{
PublishStatus = PublishStatus.Approved
};
ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
{
FundingStreamId = "fs1", Author = new Reference()
{
Id = "SomeOne"
}, SpecificationId = specificationId
});
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
calcsClient
.GetCalculationById(Arg.Is(calculationId))
.Returns(response);
calcsClient
.UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
.Returns(new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, new PublishStatusResult()));
var identity = Substitute.For <IIdentity>();
identity.Name.Returns("BSir");
ClaimsPrincipal user = new ClaimsPrincipal(new List <ClaimsIdentity>()
{
new ClaimsIdentity(identity,
new [] {
new Claim("http://schemas.microsoft.com/identity/claims/objectidentifier", "SomeOne"),
new Claim(ClaimTypes.GivenName, "Bob"),
new Claim(ClaimTypes.Surname, "Sir")
})
});
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations))
.Returns(true);
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient, user);
// Act
IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model);
// Assert
result.Should()
.BeOfType <ForbidResult>();
await authorizationHelper
.Received(1)
.DoesUserHavePermission(Arg.Is(user), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations));
await authorizationHelper
.Received(1)
.DoesUserHavePermission(Arg.Is(user), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations));
}
public async Task EditCalculationStatus_GivenUserHaveCanApproveAnyCalculationPermissionAndCalcIsAlreadyApproved_ReturnsOK()
{
//Arrange
string specificationId = "abc123";
string calculationId = "5";
PublishStatusEditModel model = new PublishStatusEditModel()
{
PublishStatus = PublishStatus.Approved
};
ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation()
{
FundingStreamId = "fs1", SpecificationId = specificationId,
});
ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>();
calcsClient
.GetCalculationById(Arg.Is(calculationId))
.Returns(response);
calcsClient
.UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model))
.Returns(new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, new PublishStatusResult()
{
PublishStatus = PublishStatus.Approved
}));
IMapper mapper = MappingHelper.CreateFrontEndMapper();
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations))
.Returns(true);
CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient);
// Act
IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model);
// Assert
result.Should()
.BeOfType <OkObjectResult>()
.Which
.Value
.Should()
.BeOfType <PublishStatusResult>()
.Which
.Should()
.BeEquivalentTo(new PublishStatusResult()
{
PublishStatus = PublishStatus.Approved
});
await authorizationHelper
.Received(1)
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations));
await authorizationHelper
.Received(0)
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations));
}
