public void Handle_Read_PassesForContributor()
{
var survey = new Survey("test survey") { Contributors = new List<SurveyContributor> { new SurveyContributor { UserId = 54321 } } };
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "54321"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
new Claim(AzureADClaimTypes.TenantId, "tenantid")
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Read, survey);
Assert.True(authzContext.HasSucceeded);
}
public void Handle_Update_PassesForOwner()
{
var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "54321"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
new Claim(AzureADClaimTypes.TenantId, "tenantid"),
new Claim(ClaimTypes.Role, Roles.SurveyCreator)
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Update, survey);
Assert.True(authzContext.HasSucceeded);
}
public void Handle_Delete_PassesForAdmin()
{
var survey = new Survey("test survey")
{
OwnerId = 54321, TenantId = 12345
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
new Claim(ClaimTypes.Role, Roles.SurveyAdmin)
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Delete, survey);
Assert.True(authzContext.HasSucceeded);
}
public void Handle_Read_FailsForNonOwner()
{
var survey = new Survey("test survey")
{
OwnerId = 54321, TenantId = 54321
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
new Claim(AzureADClaimTypes.TenantId, "tenantid"),
new Claim(ClaimTypes.Role, Roles.SurveyCreator)
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Read, survey);
Assert.False(authzContext.HasSucceeded);
}
public void Handle_Delete_FailsForAdminOfDifferentTenant()
{
var survey = new Survey("test survey")
{
OwnerId = 54321, TenantId = 12345
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "11111"), // Different tenant from survey
new Claim(AzureADClaimTypes.TenantId, "tenantid"),
new Claim(ClaimTypes.Role, Roles.SurveyAdmin)
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Delete, survey);
Assert.False(authzContext.HasSucceeded);
}
public void Handle_Read_PassesForContributor()
{
var survey = new Survey("test survey")
{
Contributors = new List <SurveyContributor> {
new SurveyContributor {
UserId = 54321
}
}
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "54321"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
new Claim(AzureADClaimTypes.TenantId, "tenantid")
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Read, survey);
Assert.True(authzContext.HasSucceeded);
}
public void Handle_Delete_PassesForAdminUserWithOtherRoles()
{
var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
new Claim(ClaimTypes.Role, Roles.SurveyReader),
new Claim(ClaimTypes.Role, Roles.SurveyAdmin),
new Claim(ClaimTypes.Role, Roles.SurveyReader)
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Delete, survey);
Assert.True(authzContext.HasSucceeded);
}
public void Handle_Delete_FailsForAdminOfDifferentTenant()
{
var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "11111"), // Different tenant from survey
new Claim(AzureADClaimTypes.TenantId, "tenantid"),
new Claim(ClaimTypes.Role, Roles.SurveyAdmin)
}));
var authzContext = new AuthorizationContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Delete, survey);
Assert.False(authzContext.HasSucceeded);
}
public void Handle_Create_FailesForUserWithNoCreatorRoleAssignments()
{
var survey = new Survey("test survey") { OwnerId = 54321, TenantId = 12345 };
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(SurveyClaimTypes.SurveyUserIdClaimType, "11111"),
new Claim(SurveyClaimTypes.SurveyTenantIdClaimType, "12345"),
new Claim(AzureADClaimTypes.TenantId, "tenantid"),
new Claim(ClaimTypes.Role, Roles.SurveyReader),
new Claim(ClaimTypes.Role, Roles.SurveyReader)
}));
var authzContext = new AuthorizationHandlerContext(new IAuthorizationRequirement[] { }, principal, survey);
var target = new TestableSurveyAuthorizationHandler();
target.Handle(authzContext, Operations.Create, survey);
Assert.False(authzContext.HasSucceeded);
}