mirror of
https://github.com/bitwarden/server.git
synced 2025-06-30 15:42:48 -05:00
[SM-707] Refactor authorization for Access Policy Commands (#2905)
* Extract authorization from access policy commands * Use auto mapper to ignore unwanted properties ---------
This commit is contained in:
Thomas Avery
@ -64,79 +64,93 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
|
||||
await LoginAsync(_email);
|
||||
|
||||
var project = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id);
|
||||
|
||||
var request = new AccessPoliciesCreateRequest
|
||||
{
|
||||
ServiceAccountAccessPolicyRequests = new List<AccessPolicyRequest>
|
||||
{
|
||||
new() { GranteeId = serviceAccount.Id, Read = true, Write = true },
|
||||
new() { GranteeId = serviceAccountId, Read = true, Write = true },
|
||||
},
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/projects/{project.Id}/access-policies", request);
|
||||
var response = await _client.PostAsJsonAsync($"/projects/{projectId}/access-policies", request);
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateProjectAccessPolicies_NoPermission()
|
||||
{
|
||||
// Create a new account as a user
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
|
||||
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id);
|
||||
var request = new AccessPoliciesCreateRequest
|
||||
{
|
||||
ServiceAccountAccessPolicyRequests = new List<AccessPolicyRequest>
|
||||
{
|
||||
new() { GranteeId = serviceAccountId, Read = true, Write = true },
|
||||
},
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/projects/{projectId}/access-policies", request);
|
||||
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task CreateProjectAccessPolicies(PermissionType permissionType)
|
||||
public async Task CreateProjectAccessPolicies_MismatchedOrgIds_NotFound(PermissionType permissionType)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
|
||||
var project = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
var accessPolicies = new List<BaseAccessPolicy>
|
||||
{
|
||||
new UserProjectAccessPolicy
|
||||
{
|
||||
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
|
||||
},
|
||||
};
|
||||
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
|
||||
}
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id, true);
|
||||
await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId);
|
||||
|
||||
var request = new AccessPoliciesCreateRequest
|
||||
{
|
||||
ServiceAccountAccessPolicyRequests = new List<AccessPolicyRequest>
|
||||
{
|
||||
new() { GranteeId = serviceAccount.Id, Read = true, Write = true },
|
||||
new() { GranteeId = serviceAccountId, Read = true, Write = true },
|
||||
},
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/projects/{project.Id}/access-policies", request);
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/projects/{projectId}/access-policies", request);
|
||||
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task CreateProjectAccessPolicies_Success(PermissionType permissionType)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
|
||||
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id);
|
||||
await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId);
|
||||
|
||||
var request = new AccessPoliciesCreateRequest
|
||||
{
|
||||
ServiceAccountAccessPolicyRequests = new List<AccessPolicyRequest>
|
||||
{
|
||||
new() { GranteeId = serviceAccountId, Read = true, Write = true },
|
||||
},
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/projects/{projectId}/access-policies", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var result = await response.Content.ReadFromJsonAsync<ProjectAccessPoliciesResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(serviceAccount.Id, result!.ServiceAccountAccessPolicies.First().ServiceAccountId);
|
||||
Assert.Equal(serviceAccountId, result!.ServiceAccountAccessPolicies.First().ServiceAccountId);
|
||||
Assert.True(result.ServiceAccountAccessPolicies.First().Read);
|
||||
Assert.True(result.ServiceAccountAccessPolicies.First().Write);
|
||||
AssertHelper.AssertRecent(result.ServiceAccountAccessPolicies.First().RevisionDate);
|
||||
@ -152,39 +166,6 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
|
||||
AssertHelper.AssertRecent(createdAccessPolicy.RevisionDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateProjectAccessPolicies_NoPermission()
|
||||
{
|
||||
// Create a new account as a user
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
|
||||
var project = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var request = new AccessPoliciesCreateRequest
|
||||
{
|
||||
ServiceAccountAccessPolicyRequests = new List<AccessPolicyRequest>
|
||||
{
|
||||
new() { GranteeId = serviceAccount.Id, Read = true, Write = true },
|
||||
},
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/projects/{project.Id}/access-policies", request);
|
||||
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(false, false)]
|
||||
[InlineData(true, false)]
|
||||
@ -225,7 +206,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task UpdateAccessPolicy(PermissionType permissionType)
|
||||
public async Task UpdateAccessPolicy_Success(PermissionType permissionType)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
@ -298,7 +279,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task DeleteAccessPolicy(PermissionType permissionType)
|
||||
public async Task DeleteAccessPolicy_Success(PermissionType permissionType)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
@ -644,7 +625,30 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task CreateServiceAccountAccessPolicies(PermissionType permissionType)
|
||||
public async Task CreateServiceAccountAccessPolicies_MismatchOrgId_NotFound(PermissionType permissionType)
|
||||
{
|
||||
var (org, orgUser) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
var ownerOrgUserId = orgUser.Id;
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = Guid.NewGuid(),
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
var request =
|
||||
await SetupUserServiceAccountAccessPolicyRequestAsync(permissionType, org.Id, orgUser.Id,
|
||||
serviceAccount.Id);
|
||||
|
||||
var response =
|
||||
await _client.PostAsJsonAsync($"/service-accounts/{serviceAccount.Id}/access-policies", request);
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task CreateServiceAccountAccessPolicies_Success(PermissionType permissionType)
|
||||
{
|
||||
var (org, orgUser) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
@ -655,41 +659,9 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var request = new AccessPoliciesCreateRequest
|
||||
{
|
||||
UserAccessPolicyRequests = new List<AccessPolicyRequest>
|
||||
{
|
||||
new() { GranteeId = orgUser.Id, Read = true, Write = true },
|
||||
},
|
||||
};
|
||||
|
||||
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
var (email, newOrgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
var accessPolicies = new List<BaseAccessPolicy>
|
||||
{
|
||||
new UserServiceAccountAccessPolicy
|
||||
{
|
||||
GrantedServiceAccountId = serviceAccount.Id,
|
||||
OrganizationUserId = newOrgUser.Id,
|
||||
Read = true,
|
||||
Write = true,
|
||||
},
|
||||
};
|
||||
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
|
||||
|
||||
request = new AccessPoliciesCreateRequest
|
||||
{
|
||||
UserAccessPolicyRequests = new List<AccessPolicyRequest>
|
||||
{
|
||||
new() { GranteeId = ownerOrgUserId, Read = true, Write = true },
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
var request =
|
||||
await SetupUserServiceAccountAccessPolicyRequestAsync(permissionType, org.Id, orgUser.Id,
|
||||
serviceAccount.Id);
|
||||
|
||||
var response =
|
||||
await _client.PostAsJsonAsync($"/service-accounts/{serviceAccount.Id}/access-policies", request);
|
||||
@ -860,67 +832,6 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task CreateServiceAccountGrantedPolicies(PermissionType permissionType)
|
||||
{
|
||||
var (org, orgUser) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
var ownerOrgUserId = orgUser.Id;
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var project = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var request =
|
||||
new List<GrantedAccessPolicyRequest> { new() { GrantedId = project.Id, Read = true, Write = true } };
|
||||
|
||||
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
var (email, newOrgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
var accessPolicies = new List<BaseAccessPolicy>
|
||||
{
|
||||
new UserProjectAccessPolicy
|
||||
{
|
||||
GrantedProjectId = project.Id, OrganizationUserId = newOrgUser.Id, Read = true, Write = true,
|
||||
},
|
||||
};
|
||||
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
|
||||
}
|
||||
|
||||
|
||||
var response =
|
||||
await _client.PostAsJsonAsync($"/service-accounts/{serviceAccount.Id}/granted-policies", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var result = await response.Content
|
||||
.ReadFromJsonAsync<ListResponseModel<ServiceAccountProjectAccessPolicyResponseModel>>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.NotEmpty(result!.Data);
|
||||
Assert.Equal(project.Id, result.Data.First().GrantedProjectId);
|
||||
|
||||
var createdAccessPolicy =
|
||||
await _accessPolicyRepository.GetByIdAsync(result.Data.First().Id);
|
||||
Assert.NotNull(createdAccessPolicy);
|
||||
Assert.Equal(result.Data.First().Read, createdAccessPolicy!.Read);
|
||||
Assert.Equal(result.Data.First().Write, createdAccessPolicy.Write);
|
||||
Assert.Equal(result.Data.First().Id, createdAccessPolicy.Id);
|
||||
AssertHelper.AssertRecent(createdAccessPolicy.CreationDate);
|
||||
AssertHelper.AssertRecent(createdAccessPolicy.RevisionDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateServiceAccountGrantedPolicies_NoPermission()
|
||||
{
|
||||
@ -949,6 +860,63 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task CreateServiceAccountGrantedPolicies_MismatchedOrgId_NotFound(PermissionType permissionType)
|
||||
{
|
||||
var (org, orgUser) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
var ownerOrgUserId = orgUser.Id;
|
||||
|
||||
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id, true);
|
||||
await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId);
|
||||
|
||||
var request =
|
||||
new List<GrantedAccessPolicyRequest> { new() { GrantedId = projectId, Read = true, Write = true } };
|
||||
|
||||
var response =
|
||||
await _client.PostAsJsonAsync($"/service-accounts/{serviceAccountId}/granted-policies", request);
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task CreateServiceAccountGrantedPolicies_Success(PermissionType permissionType)
|
||||
{
|
||||
var (org, orgUser) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
var ownerOrgUserId = orgUser.Id;
|
||||
|
||||
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id);
|
||||
await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId);
|
||||
|
||||
var request =
|
||||
new List<GrantedAccessPolicyRequest> { new() { GrantedId = projectId, Read = true, Write = true } };
|
||||
|
||||
var response =
|
||||
await _client.PostAsJsonAsync($"/service-accounts/{serviceAccountId}/granted-policies", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var result = await response.Content
|
||||
.ReadFromJsonAsync<ListResponseModel<ServiceAccountProjectAccessPolicyResponseModel>>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.NotEmpty(result!.Data);
|
||||
Assert.Equal(projectId, result.Data.First().GrantedProjectId);
|
||||
|
||||
var createdAccessPolicy =
|
||||
await _accessPolicyRepository.GetByIdAsync(result.Data.First().Id);
|
||||
Assert.NotNull(createdAccessPolicy);
|
||||
Assert.Equal(result.Data.First().Read, createdAccessPolicy!.Read);
|
||||
Assert.Equal(result.Data.First().Write, createdAccessPolicy.Write);
|
||||
Assert.Equal(result.Data.First().Id, createdAccessPolicy.Id);
|
||||
AssertHelper.AssertRecent(createdAccessPolicy.CreationDate);
|
||||
AssertHelper.AssertRecent(createdAccessPolicy.RevisionDate);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(false, false)]
|
||||
[InlineData(true, false)]
|
||||
@ -1071,6 +1039,78 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
|
||||
};
|
||||
}
|
||||
|
||||
private async Task<(Guid ProjectId, Guid ServiceAccountId)> CreateProjectAndServiceAccountAsync(Guid organizationId,
|
||||
bool misMatchOrganization = false)
|
||||
{
|
||||
var project = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = misMatchOrganization ? Guid.NewGuid() : organizationId,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = organizationId,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
return (project.Id, serviceAccount.Id);
|
||||
}
|
||||
|
||||
private async Task SetupProjectAndServiceAccountPermissionAsync(PermissionType permissionType, Guid projectId,
|
||||
Guid serviceAccountId)
|
||||
{
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
var accessPolicies = new List<BaseAccessPolicy>
|
||||
{
|
||||
new UserProjectAccessPolicy
|
||||
{
|
||||
GrantedProjectId = projectId, OrganizationUserId = orgUser.Id, Read = true, Write = true,
|
||||
},
|
||||
new UserServiceAccountAccessPolicy
|
||||
{
|
||||
GrantedServiceAccountId = serviceAccountId,
|
||||
OrganizationUserId = orgUser.Id,
|
||||
Read = true,
|
||||
Write = true,
|
||||
},
|
||||
};
|
||||
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
|
||||
}
|
||||
}
|
||||
|
||||
private async Task<AccessPoliciesCreateRequest> SetupUserServiceAccountAccessPolicyRequestAsync(
|
||||
PermissionType permissionType, Guid organizationId, Guid userId, Guid serviceAccountId)
|
||||
{
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
var (email, newOrgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
var accessPolicies = new List<BaseAccessPolicy>
|
||||
{
|
||||
new UserServiceAccountAccessPolicy
|
||||
{
|
||||
GrantedServiceAccountId = serviceAccountId,
|
||||
OrganizationUserId = newOrgUser.Id,
|
||||
Read = true,
|
||||
Write = true,
|
||||
},
|
||||
};
|
||||
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
|
||||
}
|
||||
|
||||
return new AccessPoliciesCreateRequest
|
||||
{
|
||||
UserAccessPolicyRequests = new List<AccessPolicyRequest>
|
||||
{
|
||||
new() { GranteeId = userId, Read = true, Write = true },
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
private class RequestSetupData
|
||||
{
|
||||
public Guid ProjectId { get; set; }
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
using Bit.Api.SecretsManager.Controllers;
|
||||
using System.Security.Claims;
|
||||
using Bit.Api.SecretsManager.Controllers;
|
||||
using Bit.Api.SecretsManager.Models.Request;
|
||||
using Bit.Api.Test.SecretsManager.Enums;
|
||||
using Bit.Core.Context;
|
||||
@ -14,6 +15,7 @@ using Bit.Core.Test.SecretsManager.AutoFixture.ProjectsFixture;
|
||||
using Bit.Test.Common.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture.Attributes;
|
||||
using Bit.Test.Common.Helpers;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using NSubstitute;
|
||||
using NSubstitute.ReturnsExtensions;
|
||||
using Xunit;
|
||||
@ -383,9 +385,7 @@ public class AccessPoliciesControllerTests
|
||||
AccessPoliciesCreateRequest request)
|
||||
{
|
||||
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(default).ReturnsForAnyArgs(mockProject);
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
|
||||
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>().CreateManyAsync(default, default, default)
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>().CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
|
||||
request = AddRequestsOverMax(request);
|
||||
@ -394,7 +394,72 @@ public class AccessPoliciesControllerTests
|
||||
sutProvider.Sut.CreateProjectAccessPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>(), Arg.Any<Guid>(), Arg.Any<AccessClientType>());
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void CreateProjectAccessPolicies_ProjectDoesNotExist_Throws(
|
||||
SutProvider<AccessPoliciesController> sutProvider,
|
||||
Guid id,
|
||||
AccessPoliciesCreateRequest request)
|
||||
{
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
sutProvider.Sut.CreateProjectAccessPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void CreateProjectAccessPolicies_DuplicatePolicy_Throws(
|
||||
SutProvider<AccessPoliciesController> sutProvider,
|
||||
Guid id,
|
||||
Project mockProject,
|
||||
UserProjectAccessPolicy data,
|
||||
AccessPoliciesCreateRequest request)
|
||||
{
|
||||
var dup = new AccessPolicyRequest() { GranteeId = Guid.NewGuid(), Read = true, Write = true };
|
||||
request.UserAccessPolicyRequests = new[] { dup, dup };
|
||||
mockProject.Id = id;
|
||||
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(default).ReturnsForAnyArgs(mockProject);
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>().CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
|
||||
await Assert.ThrowsAsync<BadRequestException>(() =>
|
||||
sutProvider.Sut.CreateProjectAccessPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void CreateProjectAccessPolicies_NoAccess_Throws(
|
||||
SutProvider<AccessPoliciesController> sutProvider,
|
||||
Guid id,
|
||||
Project mockProject,
|
||||
UserProjectAccessPolicy data,
|
||||
AccessPoliciesCreateRequest request)
|
||||
{
|
||||
mockProject.Id = id;
|
||||
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(default).ReturnsForAnyArgs(mockProject);
|
||||
var policies = request.ToBaseAccessPoliciesForProject(id, mockProject.OrganizationId);
|
||||
foreach (var policy in policies)
|
||||
{
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), policy,
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Failed());
|
||||
}
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>().CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
sutProvider.Sut.CreateProjectAccessPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
@ -406,16 +471,22 @@ public class AccessPoliciesControllerTests
|
||||
UserProjectAccessPolicy data,
|
||||
AccessPoliciesCreateRequest request)
|
||||
{
|
||||
mockProject.Id = id;
|
||||
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(default).ReturnsForAnyArgs(mockProject);
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
|
||||
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>().CreateManyAsync(default, default, default)
|
||||
var policies = request.ToBaseAccessPoliciesForProject(id, mockProject.OrganizationId);
|
||||
foreach (var policy in policies)
|
||||
{
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), policy,
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
||||
}
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>().CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
|
||||
await sutProvider.Sut.CreateProjectAccessPoliciesAsync(id, request);
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().Received(1)
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>(), Arg.Any<Guid>(), Arg.Any<AccessClientType>());
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
@ -428,10 +499,8 @@ public class AccessPoliciesControllerTests
|
||||
AccessPoliciesCreateRequest request)
|
||||
{
|
||||
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(serviceAccount);
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
|
||||
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>()
|
||||
.CreateManyAsync(default, default, default)
|
||||
.CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
|
||||
request = AddRequestsOverMax(request);
|
||||
@ -440,7 +509,74 @@ public class AccessPoliciesControllerTests
|
||||
sutProvider.Sut.CreateServiceAccountAccessPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>(), Arg.Any<Guid>(), Arg.Any<AccessClientType>());
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void CreateServiceAccountAccessPolicies_ServiceAccountDoesNotExist_Throws(
|
||||
SutProvider<AccessPoliciesController> sutProvider,
|
||||
Guid id,
|
||||
AccessPoliciesCreateRequest request)
|
||||
{
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
sutProvider.Sut.CreateServiceAccountAccessPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void CreateServiceAccountAccessPolicies_DuplicatePolicy_Throws(
|
||||
SutProvider<AccessPoliciesController> sutProvider,
|
||||
Guid id,
|
||||
ServiceAccount serviceAccount,
|
||||
UserServiceAccountAccessPolicy data,
|
||||
AccessPoliciesCreateRequest request)
|
||||
{
|
||||
var dup = new AccessPolicyRequest() { GranteeId = Guid.NewGuid(), Read = true, Write = true };
|
||||
request.UserAccessPolicyRequests = new[] { dup, dup };
|
||||
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(serviceAccount);
|
||||
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>()
|
||||
.CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
|
||||
await Assert.ThrowsAsync<BadRequestException>(() =>
|
||||
sutProvider.Sut.CreateServiceAccountAccessPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void CreateServiceAccountAccessPolicies_NoAccess_Throws(
|
||||
SutProvider<AccessPoliciesController> sutProvider,
|
||||
Guid id,
|
||||
ServiceAccount serviceAccount,
|
||||
UserServiceAccountAccessPolicy data,
|
||||
AccessPoliciesCreateRequest request)
|
||||
{
|
||||
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(serviceAccount);
|
||||
var policies = request.ToBaseAccessPoliciesForServiceAccount(id, serviceAccount.OrganizationId);
|
||||
foreach (var policy in policies)
|
||||
{
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), policy,
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Failed());
|
||||
}
|
||||
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>()
|
||||
.CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
sutProvider.Sut.CreateServiceAccountAccessPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
@ -453,16 +589,22 @@ public class AccessPoliciesControllerTests
|
||||
AccessPoliciesCreateRequest request)
|
||||
{
|
||||
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(serviceAccount);
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
|
||||
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
||||
var policies = request.ToBaseAccessPoliciesForServiceAccount(id, serviceAccount.OrganizationId);
|
||||
foreach (var policy in policies)
|
||||
{
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), policy,
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
||||
}
|
||||
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>()
|
||||
.CreateManyAsync(default, default, default)
|
||||
.CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
|
||||
await sutProvider.Sut.CreateServiceAccountAccessPoliciesAsync(id, request);
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().Received(1)
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>(), Arg.Any<Guid>(), Arg.Any<AccessClientType>());
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
@ -475,10 +617,8 @@ public class AccessPoliciesControllerTests
|
||||
List<GrantedAccessPolicyRequest> request)
|
||||
{
|
||||
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(serviceAccount);
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
|
||||
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>()
|
||||
.CreateManyAsync(default, default, default)
|
||||
.CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
|
||||
request = AddRequestsOverMax(request);
|
||||
@ -487,7 +627,73 @@ public class AccessPoliciesControllerTests
|
||||
sutProvider.Sut.CreateServiceAccountGrantedPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>(), Arg.Any<Guid>(), Arg.Any<AccessClientType>());
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void CreateServiceAccountGrantedPolicies_ServiceAccountDoesNotExist_Throws(
|
||||
SutProvider<AccessPoliciesController> sutProvider,
|
||||
Guid id,
|
||||
List<GrantedAccessPolicyRequest> request)
|
||||
{
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
sutProvider.Sut.CreateServiceAccountGrantedPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void CreateServiceAccountGrantedPolicies_DuplicatePolicy_Throws(
|
||||
SutProvider<AccessPoliciesController> sutProvider,
|
||||
Guid id,
|
||||
ServiceAccount serviceAccount,
|
||||
ServiceAccountProjectAccessPolicy data,
|
||||
List<GrantedAccessPolicyRequest> request)
|
||||
{
|
||||
var dup = new GrantedAccessPolicyRequest() { GrantedId = Guid.NewGuid(), Read = true, Write = true };
|
||||
request.Add(dup);
|
||||
request.Add(dup);
|
||||
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(serviceAccount);
|
||||
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>()
|
||||
.CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
|
||||
await Assert.ThrowsAsync<BadRequestException>(() =>
|
||||
sutProvider.Sut.CreateServiceAccountGrantedPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void CreateServiceAccountGrantedPolicies_NoAccess_Throws(
|
||||
SutProvider<AccessPoliciesController> sutProvider,
|
||||
Guid id,
|
||||
ServiceAccount serviceAccount,
|
||||
ServiceAccountProjectAccessPolicy data,
|
||||
List<GrantedAccessPolicyRequest> request)
|
||||
{
|
||||
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(serviceAccount);
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>()
|
||||
.CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
foreach (var policy in request)
|
||||
{
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), policy,
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Failed());
|
||||
}
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
sutProvider.Sut.CreateServiceAccountGrantedPoliciesAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().DidNotReceiveWithAnyArgs()
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
@ -500,16 +706,42 @@ public class AccessPoliciesControllerTests
|
||||
List<GrantedAccessPolicyRequest> request)
|
||||
{
|
||||
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(serviceAccount);
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
|
||||
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
||||
sutProvider.GetDependency<ICreateAccessPoliciesCommand>()
|
||||
.CreateManyAsync(default, default, default)
|
||||
.CreateManyAsync(default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
|
||||
foreach (var policy in request)
|
||||
{
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), policy,
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
||||
}
|
||||
|
||||
await sutProvider.Sut.CreateServiceAccountGrantedPoliciesAsync(id, request);
|
||||
|
||||
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().Received(1)
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>(), Arg.Any<Guid>(), Arg.Any<AccessClientType>());
|
||||
.CreateManyAsync(Arg.Any<List<BaseAccessPolicy>>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void UpdateAccessPolicies_NoAccess_Throws(
|
||||
SutProvider<AccessPoliciesController> sutProvider,
|
||||
Guid id,
|
||||
UserProjectAccessPolicy data,
|
||||
AccessPolicyUpdateRequest request)
|
||||
{
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data,
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Failed());
|
||||
sutProvider.GetDependency<IAccessPolicyRepository>().GetByIdAsync(id).Returns(data);
|
||||
sutProvider.GetDependency<IUpdateAccessPolicyCommand>().UpdateAsync(default, default, default)
|
||||
.ReturnsForAnyArgs(data);
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
sutProvider.Sut.UpdateAccessPolicyAsync(id, request));
|
||||
|
||||
await sutProvider.GetDependency<IUpdateAccessPolicyCommand>().DidNotReceiveWithAnyArgs()
|
||||
.UpdateAsync(Arg.Any<Guid>(), Arg.Is(request.Read), Arg.Is(request.Write));
|
||||
}
|
||||
|
||||
[Theory]
|
||||
@ -520,27 +752,48 @@ public class AccessPoliciesControllerTests
|
||||
UserProjectAccessPolicy data,
|
||||
AccessPolicyUpdateRequest request)
|
||||
{
|
||||
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
||||
sutProvider.GetDependency<IUpdateAccessPolicyCommand>().UpdateAsync(default, default, default, default)
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data,
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
||||
sutProvider.GetDependency<IAccessPolicyRepository>().GetByIdAsync(id).Returns(data);
|
||||
sutProvider.GetDependency<IUpdateAccessPolicyCommand>().UpdateAsync(default, default, default)
|
||||
.ReturnsForAnyArgs(data);
|
||||
|
||||
await sutProvider.Sut.UpdateAccessPolicyAsync(id, request);
|
||||
|
||||
await sutProvider.GetDependency<IUpdateAccessPolicyCommand>().Received(1)
|
||||
.UpdateAsync(Arg.Any<Guid>(), Arg.Is(request.Read), Arg.Is(request.Write), Arg.Any<Guid>());
|
||||
.UpdateAsync(Arg.Any<Guid>(), Arg.Is(request.Read), Arg.Is(request.Write));
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void DeleteAccessPolicies_NoAccess_Throws(SutProvider<AccessPoliciesController> sutProvider, Guid id)
|
||||
{
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), new UserProjectAccessPolicy(),
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Failed());
|
||||
sutProvider.GetDependency<IDeleteAccessPolicyCommand>().DeleteAsync(default).ReturnsNull();
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
sutProvider.Sut.DeleteAccessPolicyAsync(id));
|
||||
|
||||
await sutProvider.GetDependency<IDeleteAccessPolicyCommand>().DidNotReceiveWithAnyArgs()
|
||||
.DeleteAsync(Arg.Any<Guid>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void DeleteAccessPolicies_Success(SutProvider<AccessPoliciesController> sutProvider, Guid id)
|
||||
{
|
||||
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
||||
sutProvider.GetDependency<IDeleteAccessPolicyCommand>().DeleteAsync(default, default).ReturnsNull();
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), new UserProjectAccessPolicy(),
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
||||
sutProvider.GetDependency<IDeleteAccessPolicyCommand>().DeleteAsync(default).ReturnsNull();
|
||||
|
||||
await sutProvider.Sut.DeleteAccessPolicyAsync(id);
|
||||
|
||||
await sutProvider.GetDependency<IDeleteAccessPolicyCommand>().Received(1)
|
||||
.DeleteAsync(Arg.Any<Guid>(), Arg.Any<Guid>());
|
||||
.DeleteAsync(Arg.Any<Guid>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
|
||||
Reference in New Issue
Block a user