[AC-1139] Unit tests refactors and added tests

2025-07-01 08:02:49 -05:00 · 2023-11-01 16:03:08 +00:00
parent db19d143ed
commit 52ae10fd50
4 changed files with 733 additions and 87 deletions
--- a/test/Api.Test/Vault/AuthorizationHandlers/CollectionAuthorizationHandlerTests.cs
+++ b/test/Api.Test/Vault/AuthorizationHandlers/CollectionAuthorizationHandlerTests.cs
@ -18,32 +18,14 @@ namespace Bit.Api.Test.Vault.AuthorizationHandlers;
 public class CollectionAuthorizationHandlerTests
 {
    [Theory]
-    [BitAutoData(OrganizationUserType.Admin, false, false, false, false, false, true)]
-    [BitAutoData(OrganizationUserType.Owner, false, false, false, false, false, true)]
-    [BitAutoData(OrganizationUserType.User, false, false, false, false, false, false)]
-    [BitAutoData(OrganizationUserType.Custom, true, false, false, false, false, true)]
-    [BitAutoData(OrganizationUserType.Custom, false, true, false, false, false, true)]
-    [BitAutoData(OrganizationUserType.Custom, false, false, true, false, false, true)]
-    [BitAutoData(OrganizationUserType.Custom, false, false, false, true, false, true)]
-    [BitAutoData(OrganizationUserType.Custom, false, false, false, false, true, true)]
-    [BitAutoData(OrganizationUserType.Custom, false, false, false, false, false, false)]
-    public async Task CanReadAllAccessAsync_ReturnsExpectedResult(
-        OrganizationUserType userType, bool editAnyCollection, bool deleteAnyCollection,
-        bool manageGroups, bool manageUsers, bool accessImportExport, bool expectedSuccess,
+    [BitAutoData(OrganizationUserType.Admin)]
+    [BitAutoData(OrganizationUserType.Owner)]
+    public async Task CanReadAllAsync_WhenAdminOrOwner_Success(
+        OrganizationUserType userType,
        Guid userId, SutProvider<CollectionAuthorizationHandler> sutProvider,
        CurrentContextOrganization organization)
    {
-        var permissions = new Permissions
-        {
-            EditAnyCollection = editAnyCollection,
-            DeleteAnyCollection = deleteAnyCollection,
-            ManageGroups = manageGroups,
-            ManageUsers = manageUsers,
-            AccessImportExport = accessImportExport
-        };
-
        organization.Type = userType;
-        organization.Permissions = permissions;

        var context = new AuthorizationHandlerContext(
            new[] { CollectionOperations.ReadAll(organization.Id) },
@ -55,14 +37,16 @@ public class CollectionAuthorizationHandlerTests

        await sutProvider.Sut.HandleAsync(context);

-        Assert.Equal(expectedSuccess, context.HasSucceeded);
+        Assert.True(context.HasSucceeded);
    }

    [Theory, BitAutoData]
-    public async Task CanReadAllAccessAsync_WithProviderUser_Success(
+    public async Task CanReadAllAsync_WhenProviderUser_Success(
        Guid userId,
        SutProvider<CollectionAuthorizationHandler> sutProvider, CurrentContextOrganization organization)
    {
+        organization.Type = OrganizationUserType.User;
+
        var context = new AuthorizationHandlerContext(
            new[] { CollectionOperations.ReadAll(organization.Id) },
            new ClaimsPrincipal(),
@ -80,6 +64,167 @@ public class CollectionAuthorizationHandlerTests
        Assert.True(context.HasSucceeded);
    }

+    [Theory]
+    [BitAutoData(true, false, false)]
+    [BitAutoData(false, true, false)]
+    [BitAutoData(false, false, true)]
+    public async Task CanReadAllAsync_WhenCustomUserWithRequiredPermissions_Success(
+        bool editAnyCollection, bool deleteAnyCollection, bool accessImportExport,
+        SutProvider<CollectionAuthorizationHandler> sutProvider,
+        CurrentContextOrganization organization)
+    {
+        var actingUserId = Guid.NewGuid();
+
+        organization.Type = OrganizationUserType.Custom;
+        organization.Permissions.EditAnyCollection = editAnyCollection;
+        organization.Permissions.DeleteAnyCollection = deleteAnyCollection;
+        organization.Permissions.AccessImportExport = accessImportExport;
+
+        var context = new AuthorizationHandlerContext(
+            new[] { CollectionOperations.ReadAll(organization.Id) },
+            new ClaimsPrincipal(),
+            null);
+
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
+        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData(OrganizationUserType.User)]
+    [BitAutoData(OrganizationUserType.Custom)]
+    public async Task CanReadAllAsync_WhenMissingAccess_Failure(
+        OrganizationUserType userType,
+        SutProvider<CollectionAuthorizationHandler> sutProvider,
+        CurrentContextOrganization organization)
+    {
+        var actingUserId = Guid.NewGuid();
+
+        organization.Type = userType;
+        organization.Permissions.EditAnyCollection = false;
+        organization.Permissions.DeleteAnyCollection = false;
+        organization.Permissions.AccessImportExport = false;
+
+        var context = new AuthorizationHandlerContext(
+            new[] { CollectionOperations.ReadAll(organization.Id) },
+            new ClaimsPrincipal(),
+            null);
+
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
+        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData(OrganizationUserType.Admin)]
+    [BitAutoData(OrganizationUserType.Owner)]
+    public async Task CanReadAllWithAccessAsync_WhenAdminOrOwner_Success(
+        OrganizationUserType userType,
+        Guid userId, SutProvider<CollectionAuthorizationHandler> sutProvider,
+        CurrentContextOrganization organization)
+    {
+        organization.Type = userType;
+
+        var context = new AuthorizationHandlerContext(
+            new[] { CollectionOperations.ReadAllWithAccess(organization.Id) },
+            new ClaimsPrincipal(),
+            null);
+
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
+        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Theory, BitAutoData]
+    public async Task CanReadAllWithAccessAsync_WhenProviderUser_Success(
+        Guid userId,
+        SutProvider<CollectionAuthorizationHandler> sutProvider, CurrentContextOrganization organization)
+    {
+        organization.Type = OrganizationUserType.User;
+
+        var context = new AuthorizationHandlerContext(
+            new[] { CollectionOperations.ReadAllWithAccess(organization.Id) },
+            new ClaimsPrincipal(),
+            null);
+
+        sutProvider.GetDependency<ICurrentContext>()
+            .UserId
+            .Returns(userId);
+        sutProvider.GetDependency<ICurrentContext>()
+            .ProviderUserForOrgAsync(organization.Id)
+            .Returns(true);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData(true, false, false)]
+    [BitAutoData(false, true, false)]
+    [BitAutoData(false, false, true)]
+    public async Task CanReadAllWithAccessAsync_WhenCustomUserWithRequiredPermissions_Success(
+        bool editAnyCollection, bool deleteAnyCollection, bool accessImportExport,
+        SutProvider<CollectionAuthorizationHandler> sutProvider,
+        CurrentContextOrganization organization)
+    {
+        var actingUserId = Guid.NewGuid();
+
+        organization.Type = OrganizationUserType.Custom;
+        organization.Permissions.EditAnyCollection = editAnyCollection;
+        organization.Permissions.DeleteAnyCollection = deleteAnyCollection;
+        organization.Permissions.AccessImportExport = accessImportExport;
+
+        var context = new AuthorizationHandlerContext(
+            new[] { CollectionOperations.ReadAllWithAccess(organization.Id) },
+            new ClaimsPrincipal(),
+            null);
+
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
+        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData(OrganizationUserType.User)]
+    [BitAutoData(OrganizationUserType.Custom)]
+    public async Task CanReadAllWithAccessAsync_WhenMissingAccess_Failure(
+        OrganizationUserType userType,
+        SutProvider<CollectionAuthorizationHandler> sutProvider,
+        CurrentContextOrganization organization)
+    {
+        var actingUserId = Guid.NewGuid();
+
+        organization.Type = userType;
+        organization.Permissions.EditAnyCollection = false;
+        organization.Permissions.DeleteAnyCollection = false;
+        organization.Permissions.AccessImportExport = false;
+
+        var context = new AuthorizationHandlerContext(
+            new[] { CollectionOperations.ReadAllWithAccess(organization.Id) },
+            new ClaimsPrincipal(),
+            null);
+
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
+        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
    [Theory, BitAutoData]
    public async Task HandleRequirementAsync_MissingUserId_Failure(
        Guid organizationId,