public async Task EditCalculationStatus_GivenUserDoesNotHaveEditCalculationPermission_Returns403() { //Arrange string specificationId = "abc123"; string calculationId = "5"; PublishStatusEditModel model = new PublishStatusEditModel(); PublishStatusResult publishStatusResult = new PublishStatusResult(); ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, publishStatusResult); ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>(); calcsClient .UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model)) .Returns(response); IMapper mapper = MappingHelper.CreateFrontEndMapper(); IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>(); authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanEditCalculations)) .Returns(false); CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper); // Act IActionResult result = await controller.EditCalculationStatus(specificationId, calculationId, model); // Assert result.Should().BeOfType <ForbidResult>(); }
public void EditCalculationStatus_GivenFailedStatusCode_ThrowsInvalidOperationException() { //Arrange string specificationId = "abc123"; string calculationId = "5"; PublishStatusEditModel model = new PublishStatusEditModel(); ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.BadRequest); ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>(); calcsClient .UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model)) .Returns(response); IMapper mapper = MappingHelper.CreateFrontEndMapper(); IAuthorizationHelper authorizationHelper = TestAuthHelper.CreateAuthorizationHelperSubstitute(specificationId, SpecificationActionTypes.CanEditCalculations); CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper); // Act Func <Task> test = async() => await controller.EditCalculationStatus(specificationId, calculationId, model); // Assert test .Should() .Throw <InvalidOperationException>(); }
public async Task EditCalculationStatus_GivenOKResponseFromApi_ReturnsOK() { //Arrange string specificationId = "abc123"; string calculationId = "5"; PublishStatusEditModel model = new PublishStatusEditModel(); PublishStatusResult publishStatusResult = new PublishStatusResult(); ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, publishStatusResult); ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>(); calcsClient .UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model)) .Returns(response); IMapper mapper = MappingHelper.CreateFrontEndMapper(); IAuthorizationHelper authorizationHelper = TestAuthHelper.CreateAuthorizationHelperSubstitute(specificationId, SpecificationActionTypes.CanEditCalculations); CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper); // Act IActionResult result = await controller.EditCalculationStatus(specificationId, calculationId, model); // Assert result .Should() .BeOfType <OkObjectResult>() .Which .Value .Should() .Be(publishStatusResult); }
public async Task <IActionResult> ApproveCalculation([FromRoute] string specificationId, [FromRoute] string calculationId, [FromBody] PublishStatusEditModel publishStatusEditModel) { Guard.IsNullOrWhiteSpace(calculationId, nameof(calculationId)); Guard.ArgumentNotNull(publishStatusEditModel, nameof(publishStatusEditModel)); ApiResponse <Calculation> calculationResult = await _calcClient.GetCalculationById(calculationId); IActionResult errorResult = calculationResult.IsSuccessOrReturnFailureResult("GetCalculationById"); if (errorResult != null) { return(errorResult); } if (calculationResult.Content.SpecificationId != specificationId) { return(new PreconditionFailedResult("The calculation requested is not contained within the specification requested")); } bool canApprove = await CanUserApproveCalculation(calculationResult.Content); if (!canApprove) { return(new ForbidResult()); } if (calculationResult.Content.PublishStatus == PublishStatus.Approved) { return(Ok(new PublishStatusResult() { PublishStatus = PublishStatus.Approved })); } ValidatedApiResponse <PublishStatusResult> response = await _calcClient.UpdatePublishStatus(calculationId, publishStatusEditModel); if (response.IsBadRequest(out BadRequestObjectResult badRequest)) { return(badRequest); } if (response.StatusCode == HttpStatusCode.OK) { return(Ok(response.Content)); } else { throw new InvalidOperationException($"An error occurred while retrieving code context. Status code={response.StatusCode}"); } }
public async Task <IActionResult> EditCalculationStatus([FromRoute] string specificationId, [FromRoute] string calculationId, [FromBody] PublishStatusEditModel publishStatusEditModel) { Guard.IsNullOrWhiteSpace(calculationId, nameof(calculationId)); Guard.ArgumentNotNull(publishStatusEditModel, nameof(publishStatusEditModel)); if (!await _authorizationHelper.DoesUserHavePermission(User, specificationId, SpecificationActionTypes.CanEditCalculations)) { return(new ForbidResult()); } ValidatedApiResponse <PublishStatusResult> response = await _calcClient.UpdatePublishStatus(calculationId, publishStatusEditModel); if (response.StatusCode == System.Net.HttpStatusCode.OK) { return(Ok(response.Content)); } else { throw new InvalidOperationException($"An error occurred while retrieving code context. Status code={response.StatusCode}"); } }
public async Task EditCalculationStatus_GivenBadRequestStatusCodeFromApprovingCalc_ReturnsBadRequestObjectResponse() { //Arrange string specificationId = "abc123"; string calculationId = "5"; PublishStatusEditModel model = new PublishStatusEditModel(); ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>(); ValidatedApiResponse <PublishStatusResult> response = new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.BadRequest); calcsClient .UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model)) .Returns(response); ValidatedApiResponse <Calculation> calculation = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation() { FundingStreamId = "fs1", SpecificationId = specificationId }); calcsClient .GetCalculationById(Arg.Is(calculationId)) .Returns(calculation); IMapper mapper = MappingHelper.CreateFrontEndMapper(); IAuthorizationHelper authorizationHelper = TestAuthHelper.CreateAuthorizationHelperSubstitute(specificationId, SpecificationActionTypes.CanApproveAnyCalculations); CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient); IActionResult actionResult = await controller.ApproveCalculation(specificationId, calculationId, model); actionResult .Should() .BeOfType <BadRequestObjectResult>(); }
public async Task EditCalculationStatus_GivenUserHaveCanApproveCalculationPermissionAndIsLastAuthor_ReturnsForbid() { //Arrange string specificationId = "abc123"; string calculationId = "5"; PublishStatusEditModel model = new PublishStatusEditModel() { PublishStatus = PublishStatus.Approved }; ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation() { FundingStreamId = "fs1", Author = new Reference() { Id = "SomeOne" }, SpecificationId = specificationId }); ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>(); calcsClient .GetCalculationById(Arg.Is(calculationId)) .Returns(response); calcsClient .UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model)) .Returns(new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, new PublishStatusResult())); var identity = Substitute.For <IIdentity>(); identity.Name.Returns("BSir"); ClaimsPrincipal user = new ClaimsPrincipal(new List <ClaimsIdentity>() { new ClaimsIdentity(identity, new [] { new Claim("http://schemas.microsoft.com/identity/claims/objectidentifier", "SomeOne"), new Claim(ClaimTypes.GivenName, "Bob"), new Claim(ClaimTypes.Surname, "Sir") }) }); IMapper mapper = MappingHelper.CreateFrontEndMapper(); IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>(); authorizationHelper.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations)) .Returns(true); CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient, user); // Act IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model); // Assert result.Should() .BeOfType <ForbidResult>(); await authorizationHelper .Received(1) .DoesUserHavePermission(Arg.Is(user), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations)); await authorizationHelper .Received(1) .DoesUserHavePermission(Arg.Is(user), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations)); }
public async Task EditCalculationStatus_GivenUserHaveCanApproveAnyCalculationPermissionAndCalcIsAlreadyApproved_ReturnsOK() { //Arrange string specificationId = "abc123"; string calculationId = "5"; PublishStatusEditModel model = new PublishStatusEditModel() { PublishStatus = PublishStatus.Approved }; ValidatedApiResponse <Calculation> response = new ValidatedApiResponse <Calculation>(HttpStatusCode.OK, new Calculation() { FundingStreamId = "fs1", SpecificationId = specificationId, }); ICalculationsApiClient calcsClient = Substitute.For <ICalculationsApiClient>(); calcsClient .GetCalculationById(Arg.Is(calculationId)) .Returns(response); calcsClient .UpdatePublishStatus(Arg.Is(calculationId), Arg.Is(model)) .Returns(new ValidatedApiResponse <PublishStatusResult>(HttpStatusCode.OK, new PublishStatusResult() { PublishStatus = PublishStatus.Approved })); IMapper mapper = MappingHelper.CreateFrontEndMapper(); IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>(); authorizationHelper .DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations)) .Returns(true); CalculationController controller = CreateCalculationController(calcsClient, mapper, authorizationHelper, resultsApiClient); // Act IActionResult result = await controller.ApproveCalculation(specificationId, calculationId, model); // Assert result.Should() .BeOfType <OkObjectResult>() .Which .Value .Should() .BeOfType <PublishStatusResult>() .Which .Should() .BeEquivalentTo(new PublishStatusResult() { PublishStatus = PublishStatus.Approved }); await authorizationHelper .Received(1) .DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveAnyCalculations)); await authorizationHelper .Received(0) .DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveCalculations)); }