public async Task WhenUserIsKnown_AndHasNoPermissions_ShouldNotSucceed()
{
// Arrange
string userId = Guid.NewGuid().ToString();
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) }));
List <string> fundingStreamIds = new List <string> {
WellKnownFundingStreamId
};
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
usersApiClient.GetFundingStreamPermissionsForUser(Arg.Is(userId)).Returns(new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, Enumerable.Empty <FundingStreamPermission>()));
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = CreateFeatureToggle(true);
FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeFalse();
}
public async Task WhenRoleBasedFeatureIsNotEnabled_AndUserIsNotKnownToTheSystem_ShouldSucceed()
{
// Arrange
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()) }));
List <string> fundingStreamIds = new List <string> {
WellKnownFundingStreamId
};
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = CreateFeatureToggle(false);
FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public async Task WhenUserIsNotKnown_ShouldNotSucceed()
{
// Arrange
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity());
List <string> fundingStreamIds = new List <string> {
WellKnownFundingStreamId
};
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = CreateFeatureToggle(true);
FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeFalse();
}
public async Task WhenUserIsAdmin_ShouldSucceed()
{
// Arrange
List <Claim> claims = new List <Claim>
{
new Claim(Constants.ObjectIdentifierClaimType, Guid.NewGuid().ToString()),
new Claim(Constants.GroupsClaimType, actualOptions.AdminGroupId.ToString())
};
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims));
List <string> fundingStreamIds = new List <string> {
WellKnownFundingStreamId
};
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, fundingStreamIds);
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
IFeatureToggle features = CreateFeatureToggle(true);
FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options, features);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public async Task WhenUserCanCreateSpecification_ShouldSucceed()
{
// Arrange
string userId = Guid.NewGuid().ToString();
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) }));
List <string> fundingStreamIds = new List <string> {
WellKnownFundingStreamId
};
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, FundingStreamActionTypes.CanCreateSpecification, fundingStreamIds);
FundingStreamPermission actualPermission = new FundingStreamPermission
{
CanCreateSpecification = true,
FundingStreamId = WellKnownFundingStreamId
};
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
usersApiClient.GetFundingStreamPermissionsForUser(Arg.Is(userId)).Returns(new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, new List <FundingStreamPermission> {
actualPermission
}));
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeTrue();
}
public async Task WhenUserApproveCalculationForDifferentFundingStreams_AndDifferentPermissions_ShouldNotSucceed()
{
// Arrange
string userId = Guid.NewGuid().ToString();
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(Constants.ObjectIdentifierClaimType, userId) }));
List <string> fundingStreamIds = new List <string> {
WellKnownFundingStreamId, "fs2", "fs3"
};
AuthorizationHandlerContext authContext = CreateAuthenticationContext(principal, FundingStreamActionTypes.CanApproveCalculations, fundingStreamIds);
List <FundingStreamPermission> actualPermissions = new List <FundingStreamPermission> {
new FundingStreamPermission {
CanApproveCalculations = true, FundingStreamId = "fs4"
},
new FundingStreamPermission {
CanApproveCalculations = false, FundingStreamId = "fs5"
},
new FundingStreamPermission {
CanApproveCalculations = true, FundingStreamId = "fs6"
}
};
IUsersApiClient usersApiClient = Substitute.For <IUsersApiClient>();
usersApiClient.GetFundingStreamPermissionsForUser(Arg.Is(userId)).Returns(new ApiResponse <IEnumerable <FundingStreamPermission> >(HttpStatusCode.OK, actualPermissions));
IOptions <PermissionOptions> options = Substitute.For <IOptions <PermissionOptions> >();
options.Value.Returns(actualOptions);
FundingStreamPermissionHandler authHandler = new FundingStreamPermissionHandler(usersApiClient, options);
// Act
await authHandler.HandleAsync(authContext);
// Assert
authContext.HasSucceeded.Should().BeFalse();
}
