mirror of
https://github.com/bitwarden/server.git
synced 2025-07-01 08:02:49 -05:00
[AC-2027] Update Flexible Collections logic to use organization property (#3644)
* Update optionality to use org.FlexibleCollections Also break old feature flag key to ensure it's never enabled * Add logic to set defaults for collection management setting * Update optionality logic to use org property * Add comments * Add helper method for getting individual orgAbility * Fix validate user update permissions interface * Fix tests * dotnet format * Fix more tests * Simplify self-hosted update logic * Fix mapping * Use new getOrganizationAbility method * Refactor invite and save orgUser methods Pass in whole organization object instead of using OrganizationAbility * fix CipherService tests * dotnet format * Remove manager check to simplify this set of changes * Misc cleanup before review * Fix undefined variable * Refactor bulk-access endpoint to avoid early repo call * Restore manager check * Add tests for UpdateOrganizationLicenseCommand * Add nullable regions * Delete unused dependency * dotnet format * Fix test
This commit is contained in:
Thomas Rittson
@ -2,16 +2,14 @@
|
||||
using Bit.Api.Controllers;
|
||||
using Bit.Api.Models.Request;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||
using Bit.Core;
|
||||
using Bit.Core.AdminConsole.Entities;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Models.Data.Organizations;
|
||||
using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Test.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture.Attributes;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
@ -22,16 +20,17 @@ namespace Bit.Api.Test.Controllers;
|
||||
|
||||
[ControllerCustomize(typeof(CollectionsController))]
|
||||
[SutProviderCustomize]
|
||||
[FeatureServiceCustomize(FeatureFlagKeys.FlexibleCollections)]
|
||||
public class CollectionsControllerTests
|
||||
{
|
||||
[Theory, BitAutoData]
|
||||
public async Task Post_Success(Guid orgId, CollectionRequestModel collectionRequest,
|
||||
public async Task Post_Success(OrganizationAbility organizationAbility, CollectionRequestModel collectionRequest,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
|
||||
Collection ExpectedCollection() => Arg.Is<Collection>(c =>
|
||||
c.Name == collectionRequest.Name && c.ExternalId == collectionRequest.ExternalId &&
|
||||
c.OrganizationId == orgId);
|
||||
c.OrganizationId == organizationAbility.Id);
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
|
||||
@ -39,7 +38,7 @@ public class CollectionsControllerTests
|
||||
Arg.Is<IEnumerable<IAuthorizationRequirement>>(r => r.Contains(BulkCollectionOperations.Create)))
|
||||
.Returns(AuthorizationResult.Success());
|
||||
|
||||
_ = await sutProvider.Sut.Post(orgId, collectionRequest);
|
||||
_ = await sutProvider.Sut.Post(organizationAbility.Id, collectionRequest);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionService>()
|
||||
.Received(1)
|
||||
@ -49,8 +48,11 @@ public class CollectionsControllerTests
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task Put_Success(Collection collection, CollectionRequestModel collectionRequest,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
SutProvider<CollectionsController> sutProvider, OrganizationAbility organizationAbility)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collection.OrganizationId = organizationAbility.Id;
|
||||
|
||||
Collection ExpectedCollection() => Arg.Is<Collection>(c => c.Id == collection.Id &&
|
||||
c.Name == collectionRequest.Name && c.ExternalId == collectionRequest.ExternalId &&
|
||||
c.OrganizationId == collection.OrganizationId);
|
||||
@ -75,8 +77,11 @@ public class CollectionsControllerTests
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task Put_WithNoCollectionPermission_ThrowsNotFound(Collection collection, CollectionRequestModel collectionRequest,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
SutProvider<CollectionsController> sutProvider, OrganizationAbility organizationAbility)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collection.OrganizationId = organizationAbility.Id;
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
|
||||
collection,
|
||||
@ -91,8 +96,11 @@ public class CollectionsControllerTests
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollectionsWithGroups_WithReadAllPermissions_GetsAllCollections(Organization organization, Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
public async Task GetOrganizationCollectionsWithGroups_WithReadAllPermissions_GetsAllCollections(OrganizationAbility organizationAbility,
|
||||
Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
@ -102,18 +110,20 @@ public class CollectionsControllerTests
|
||||
Arg.Is<IEnumerable<IAuthorizationRequirement>>(requirements =>
|
||||
requirements.Cast<CollectionOperationRequirement>().All(operation =>
|
||||
operation.Name == nameof(CollectionOperations.ReadAllWithAccess)
|
||||
&& operation.OrganizationId == organization.Id)))
|
||||
&& operation.OrganizationId == organizationAbility.Id)))
|
||||
.Returns(AuthorizationResult.Success());
|
||||
|
||||
await sutProvider.Sut.GetManyWithDetails(organization.Id);
|
||||
await sutProvider.Sut.GetManyWithDetails(organizationAbility.Id);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByUserIdWithAccessAsync(userId, organization.Id, Arg.Any<bool>());
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByOrganizationIdWithAccessAsync(organization.Id);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByUserIdWithAccessAsync(userId, organizationAbility.Id, Arg.Any<bool>());
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByOrganizationIdWithAccessAsync(organizationAbility.Id);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollectionsWithGroups_MissingReadAllPermissions_GetsAssignedCollections(Organization organization, Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
public async Task GetOrganizationCollectionsWithGroups_MissingReadAllPermissions_GetsAssignedCollections(
|
||||
OrganizationAbility organizationAbility, Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
@ -123,7 +133,7 @@ public class CollectionsControllerTests
|
||||
Arg.Is<IEnumerable<IAuthorizationRequirement>>(requirements =>
|
||||
requirements.Cast<CollectionOperationRequirement>().All(operation =>
|
||||
operation.Name == nameof(CollectionOperations.ReadAllWithAccess)
|
||||
&& operation.OrganizationId == organization.Id)))
|
||||
&& operation.OrganizationId == organizationAbility.Id)))
|
||||
.Returns(AuthorizationResult.Failed());
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
@ -135,15 +145,19 @@ public class CollectionsControllerTests
|
||||
operation.Name == nameof(BulkCollectionOperations.ReadWithAccess))))
|
||||
.Returns(AuthorizationResult.Success());
|
||||
|
||||
await sutProvider.Sut.GetManyWithDetails(organization.Id);
|
||||
await sutProvider.Sut.GetManyWithDetails(organizationAbility.Id);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByUserIdWithAccessAsync(userId, organization.Id, Arg.Any<bool>());
|
||||
await sutProvider.GetDependency<ICollectionRepository>().DidNotReceive().GetManyByOrganizationIdWithAccessAsync(organization.Id);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByUserIdWithAccessAsync(userId, organizationAbility.Id, Arg.Any<bool>());
|
||||
await sutProvider.GetDependency<ICollectionRepository>().DidNotReceive().GetManyByOrganizationIdWithAccessAsync(organizationAbility.Id);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollections_WithReadAllPermissions_GetsAllCollections(Organization organization, ICollection<Collection> collections, Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
public async Task GetOrganizationCollections_WithReadAllPermissions_GetsAllCollections(
|
||||
OrganizationAbility organizationAbility, List<Collection> collections, Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collections.ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
@ -153,26 +167,30 @@ public class CollectionsControllerTests
|
||||
Arg.Is<IEnumerable<IAuthorizationRequirement>>(requirements =>
|
||||
requirements.Cast<CollectionOperationRequirement>().All(operation =>
|
||||
operation.Name == nameof(CollectionOperations.ReadAll)
|
||||
&& operation.OrganizationId == organization.Id)))
|
||||
&& operation.OrganizationId == organizationAbility.Id)))
|
||||
.Returns(AuthorizationResult.Success());
|
||||
|
||||
sutProvider.GetDependency<ICollectionRepository>()
|
||||
.GetManyByOrganizationIdAsync(organization.Id)
|
||||
.GetManyByOrganizationIdAsync(organizationAbility.Id)
|
||||
.Returns(collections);
|
||||
|
||||
var response = await sutProvider.Sut.Get(organization.Id);
|
||||
var response = await sutProvider.Sut.Get(organizationAbility.Id);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByOrganizationIdAsync(organization.Id);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByOrganizationIdAsync(organizationAbility.Id);
|
||||
|
||||
Assert.Equal(collections.Count, response.Data.Count());
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollections_MissingReadAllPermissions_GetsManageableCollections(Organization organization, ICollection<CollectionDetails> collections, Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
public async Task GetOrganizationCollections_MissingReadAllPermissions_GetsManageableCollections(
|
||||
OrganizationAbility organizationAbility, List<CollectionDetails> collections, Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
collections.First().OrganizationId = organization.Id;
|
||||
collections.First().Manage = true;
|
||||
collections.Skip(1).First().OrganizationId = organization.Id;
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collections.ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
collections.ForEach(c => c.Manage = false);
|
||||
|
||||
var managedCollection = collections.First();
|
||||
managedCollection.Manage = true;
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
|
||||
@ -183,7 +201,7 @@ public class CollectionsControllerTests
|
||||
Arg.Is<IEnumerable<IAuthorizationRequirement>>(requirements =>
|
||||
requirements.Cast<CollectionOperationRequirement>().All(operation =>
|
||||
operation.Name == nameof(CollectionOperations.ReadAll)
|
||||
&& operation.OrganizationId == organization.Id)))
|
||||
&& operation.OrganizationId == organizationAbility.Id)))
|
||||
.Returns(AuthorizationResult.Failed());
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
@ -196,22 +214,27 @@ public class CollectionsControllerTests
|
||||
.Returns(AuthorizationResult.Success());
|
||||
|
||||
sutProvider.GetDependency<ICollectionRepository>()
|
||||
.GetManyByUserIdAsync(userId, true)
|
||||
.GetManyByUserIdAsync(userId, false)
|
||||
.Returns(collections);
|
||||
|
||||
var result = await sutProvider.Sut.Get(organization.Id);
|
||||
var result = await sutProvider.Sut.Get(organizationAbility.Id);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionRepository>().DidNotReceive().GetManyByOrganizationIdAsync(organization.Id);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByUserIdAsync(userId, true);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().DidNotReceive().GetManyByOrganizationIdAsync(organizationAbility.Id);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByUserIdAsync(userId, false);
|
||||
|
||||
Assert.Single(result.Data);
|
||||
Assert.All(result.Data, c => Assert.Equal(organization.Id, c.OrganizationId));
|
||||
Assert.All(result.Data, c => Assert.Equal(organizationAbility.Id, c.OrganizationId));
|
||||
Assert.All(result.Data, c => Assert.Equal(managedCollection.Id, c.Id));
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task DeleteMany_Success(Guid orgId, Collection collection1, Collection collection2, SutProvider<CollectionsController> sutProvider)
|
||||
public async Task DeleteMany_Success(OrganizationAbility organizationAbility, Collection collection1, Collection collection2,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
// Arrange
|
||||
var orgId = organizationAbility.Id;
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
|
||||
var model = new CollectionBulkDeleteRequestModel
|
||||
{
|
||||
Ids = new[] { collection1.Id, collection2.Id }
|
||||
@ -251,9 +274,13 @@ public class CollectionsControllerTests
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task DeleteMany_PermissionDenied_ThrowsNotFound(Guid orgId, Collection collection1, Collection collection2, SutProvider<CollectionsController> sutProvider)
|
||||
public async Task DeleteMany_PermissionDenied_ThrowsNotFound(OrganizationAbility organizationAbility, Collection collection1,
|
||||
Collection collection2, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
// Arrange
|
||||
var orgId = organizationAbility.Id;
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
|
||||
var model = new CollectionBulkDeleteRequestModel
|
||||
{
|
||||
Ids = new[] { collection1.Id, collection2.Id }
|
||||
@ -292,9 +319,13 @@ public class CollectionsControllerTests
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task PostBulkCollectionAccess_Success(User actingUser, ICollection<Collection> collections, SutProvider<CollectionsController> sutProvider)
|
||||
public async Task PostBulkCollectionAccess_Success(User actingUser, List<Collection> collections,
|
||||
OrganizationAbility organizationAbility, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
// Arrange
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collections.ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
|
||||
var userId = Guid.NewGuid();
|
||||
var groupId = Guid.NewGuid();
|
||||
var model = new BulkCollectionAccessRequestModel
|
||||
@ -321,7 +352,7 @@ public class CollectionsControllerTests
|
||||
IEnumerable<Collection> ExpectedCollectionAccess() => Arg.Is<IEnumerable<Collection>>(cols => cols.SequenceEqual(collections));
|
||||
|
||||
// Act
|
||||
await sutProvider.Sut.PostBulkCollectionAccess(model);
|
||||
await sutProvider.Sut.PostBulkCollectionAccess(organizationAbility.Id, model);
|
||||
|
||||
// Assert
|
||||
await sutProvider.GetDependency<IAuthorizationService>().Received().AuthorizeAsync(
|
||||
@ -338,8 +369,13 @@ public class CollectionsControllerTests
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task PostBulkCollectionAccess_CollectionsNotFound_Throws(User actingUser, ICollection<Collection> collections, SutProvider<CollectionsController> sutProvider)
|
||||
public async Task PostBulkCollectionAccess_CollectionsNotFound_Throws(User actingUser,
|
||||
OrganizationAbility organizationAbility, List<Collection> collections,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collections.ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
|
||||
var userId = Guid.NewGuid();
|
||||
var groupId = Guid.NewGuid();
|
||||
var model = new BulkCollectionAccessRequestModel
|
||||
@ -356,7 +392,8 @@ public class CollectionsControllerTests
|
||||
.GetManyByManyIdsAsync(model.CollectionIds)
|
||||
.Returns(collections.Skip(1).ToList());
|
||||
|
||||
var exception = await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.PostBulkCollectionAccess(model));
|
||||
var exception = await Assert.ThrowsAsync<NotFoundException>(
|
||||
() => sutProvider.Sut.PostBulkCollectionAccess(organizationAbility.Id, model));
|
||||
|
||||
Assert.Equal("One or more collections not found.", exception.Message);
|
||||
await sutProvider.GetDependency<IAuthorizationService>().DidNotReceiveWithAnyArgs().AuthorizeAsync(
|
||||
@ -369,8 +406,81 @@ public class CollectionsControllerTests
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task PostBulkCollectionAccess_AccessDenied_Throws(User actingUser, ICollection<Collection> collections, SutProvider<CollectionsController> sutProvider)
|
||||
public async Task PostBulkCollectionAccess_CollectionsBelongToDifferentOrganizations_Throws(User actingUser,
|
||||
OrganizationAbility organizationAbility, List<Collection> collections,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
|
||||
// First collection has a different orgId
|
||||
collections.Skip(1).ToList().ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
|
||||
var userId = Guid.NewGuid();
|
||||
var groupId = Guid.NewGuid();
|
||||
var model = new BulkCollectionAccessRequestModel
|
||||
{
|
||||
CollectionIds = collections.Select(c => c.Id),
|
||||
Users = new[] { new SelectionReadOnlyRequestModel { Id = userId, Manage = true } },
|
||||
Groups = new[] { new SelectionReadOnlyRequestModel { Id = groupId, ReadOnly = true } },
|
||||
};
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.UserId.Returns(actingUser.Id);
|
||||
|
||||
sutProvider.GetDependency<ICollectionRepository>()
|
||||
.GetManyByManyIdsAsync(model.CollectionIds)
|
||||
.Returns(collections);
|
||||
|
||||
var exception = await Assert.ThrowsAsync<NotFoundException>(
|
||||
() => sutProvider.Sut.PostBulkCollectionAccess(organizationAbility.Id, model));
|
||||
|
||||
Assert.Equal("One or more collections not found.", exception.Message);
|
||||
await sutProvider.GetDependency<IAuthorizationService>().DidNotReceiveWithAnyArgs().AuthorizeAsync(
|
||||
Arg.Any<ClaimsPrincipal>(),
|
||||
Arg.Any<IEnumerable<Collection>>(),
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()
|
||||
);
|
||||
await sutProvider.GetDependency<IBulkAddCollectionAccessCommand>().DidNotReceiveWithAnyArgs()
|
||||
.AddAccessAsync(default, default, default);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task PostBulkCollectionAccess_FlexibleCollectionsDisabled_Throws(OrganizationAbility organizationAbility, List<Collection> collections,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
organizationAbility.FlexibleCollections = false;
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
|
||||
.Returns(organizationAbility);
|
||||
|
||||
var userId = Guid.NewGuid();
|
||||
var groupId = Guid.NewGuid();
|
||||
var model = new BulkCollectionAccessRequestModel
|
||||
{
|
||||
CollectionIds = collections.Select(c => c.Id),
|
||||
Users = new[] { new SelectionReadOnlyRequestModel { Id = userId, Manage = true } },
|
||||
Groups = new[] { new SelectionReadOnlyRequestModel { Id = groupId, ReadOnly = true } },
|
||||
};
|
||||
|
||||
var exception = await Assert.ThrowsAsync<NotFoundException>(
|
||||
() => sutProvider.Sut.PostBulkCollectionAccess(organizationAbility.Id, model));
|
||||
|
||||
Assert.Equal("Feature disabled.", exception.Message);
|
||||
await sutProvider.GetDependency<IAuthorizationService>().DidNotReceiveWithAnyArgs().AuthorizeAsync(
|
||||
Arg.Any<ClaimsPrincipal>(),
|
||||
Arg.Any<IEnumerable<Collection>>(),
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()
|
||||
);
|
||||
await sutProvider.GetDependency<IBulkAddCollectionAccessCommand>().DidNotReceiveWithAnyArgs()
|
||||
.AddAccessAsync(default, default, default);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task PostBulkCollectionAccess_AccessDenied_Throws(User actingUser, List<Collection> collections,
|
||||
OrganizationAbility organizationAbility, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collections.ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
|
||||
var userId = Guid.NewGuid();
|
||||
var groupId = Guid.NewGuid();
|
||||
var model = new BulkCollectionAccessRequestModel
|
||||
@ -396,7 +506,7 @@ public class CollectionsControllerTests
|
||||
|
||||
IEnumerable<Collection> ExpectedCollectionAccess() => Arg.Is<IEnumerable<Collection>>(cols => cols.SequenceEqual(collections));
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.PostBulkCollectionAccess(model));
|
||||
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.PostBulkCollectionAccess(organizationAbility.Id, model));
|
||||
await sutProvider.GetDependency<IAuthorizationService>().Received().AuthorizeAsync(
|
||||
Arg.Any<ClaimsPrincipal>(),
|
||||
ExpectedCollectionAccess(),
|
||||
@ -406,4 +516,12 @@ public class CollectionsControllerTests
|
||||
await sutProvider.GetDependency<IBulkAddCollectionAccessCommand>().DidNotReceiveWithAnyArgs()
|
||||
.AddAccessAsync(default, default, default);
|
||||
}
|
||||
|
||||
private void ArrangeOrganizationAbility(SutProvider<CollectionsController> sutProvider, OrganizationAbility organizationAbility)
|
||||
{
|
||||
organizationAbility.FlexibleCollections = true;
|
||||
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
|
||||
.Returns(organizationAbility);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
using System.Security.Claims;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||
using Bit.Core;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
@ -9,7 +8,6 @@ using Bit.Core.Models.Data;
|
||||
using Bit.Core.Models.Data.Organizations;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Test.AutoFixture;
|
||||
using Bit.Core.Test.Vault.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture.Attributes;
|
||||
@ -20,7 +18,6 @@ using Xunit;
|
||||
namespace Bit.Api.Test.Vault.AuthorizationHandlers;
|
||||
|
||||
[SutProviderCustomize]
|
||||
[FeatureServiceCustomize(FeatureFlagKeys.FlexibleCollections)]
|
||||
public class BulkCollectionAuthorizationHandlerTests
|
||||
{
|
||||
[Theory, CollectionCustomization]
|
||||
@ -35,7 +32,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
organization.Type = userType;
|
||||
organization.Permissions = new Permissions();
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { BulkCollectionOperations.Create },
|
||||
@ -44,7 +41,6 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
@ -61,7 +57,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
|
||||
organization.Type = OrganizationUserType.User;
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, false);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, false);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { BulkCollectionOperations.Create },
|
||||
@ -70,7 +66,6 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
@ -97,7 +92,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
ManageUsers = false
|
||||
};
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { BulkCollectionOperations.Create },
|
||||
@ -106,7 +101,6 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
@ -117,10 +111,12 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanCreateAsync_WhenMissingOrgAccess_NoSuccess(
|
||||
Guid userId,
|
||||
ICollection<Collection> collections,
|
||||
CurrentContextOrganization organization,
|
||||
List<Collection> collections,
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider)
|
||||
{
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(collections.First().OrganizationId, true);
|
||||
collections.ForEach(c => c.OrganizationId = organization.Id);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { BulkCollectionOperations.Create },
|
||||
@ -130,7 +126,6 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
@ -747,7 +742,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
organization.Type = userType;
|
||||
organization.Permissions = new Permissions();
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { BulkCollectionOperations.Delete },
|
||||
@ -756,8 +751,6 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
|
||||
.Returns(organizationAbilities);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
@ -778,7 +771,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
DeleteAnyCollection = true
|
||||
};
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { BulkCollectionOperations.Delete },
|
||||
@ -787,8 +780,6 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
|
||||
.Returns(organizationAbilities);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
@ -806,13 +797,11 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
organization.Type = OrganizationUserType.User;
|
||||
organization.Permissions = new Permissions();
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, false);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, false);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId, Arg.Any<bool>()).Returns(collections);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
|
||||
.Returns(organizationAbilities);
|
||||
|
||||
foreach (var c in collections)
|
||||
{
|
||||
@ -849,7 +838,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
ManageUsers = false
|
||||
};
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { BulkCollectionOperations.Delete },
|
||||
@ -858,8 +847,6 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
|
||||
.Returns(organizationAbilities);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
@ -981,17 +968,16 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
}
|
||||
}
|
||||
|
||||
private static Dictionary<Guid, OrganizationAbility> ArrangeOrganizationAbilitiesDictionary(Guid orgId,
|
||||
bool limitCollectionCreationDeletion)
|
||||
private static void ArrangeOrganizationAbility(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
CurrentContextOrganization organization, bool limitCollectionCreationDeletion)
|
||||
{
|
||||
return new Dictionary<Guid, OrganizationAbility>
|
||||
{
|
||||
{ orgId,
|
||||
new OrganizationAbility
|
||||
{
|
||||
LimitCollectionCreationDeletion = limitCollectionCreationDeletion
|
||||
}
|
||||
}
|
||||
};
|
||||
var organizationAbility = new OrganizationAbility();
|
||||
organizationAbility.Id = organization.Id;
|
||||
organizationAbility.FlexibleCollections = true;
|
||||
organizationAbility.LimitCollectionCreationDeletion = limitCollectionCreationDeletion;
|
||||
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
|
||||
.Returns(organizationAbility);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,10 +1,8 @@
|
||||
using System.Security.Claims;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||
using Bit.Core;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Test.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture.Attributes;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
@ -14,7 +12,6 @@ using Xunit;
|
||||
namespace Bit.Api.Test.Vault.AuthorizationHandlers;
|
||||
|
||||
[SutProviderCustomize]
|
||||
[FeatureServiceCustomize(FeatureFlagKeys.FlexibleCollections)]
|
||||
public class CollectionAuthorizationHandlerTests
|
||||
{
|
||||
[Theory]
|
||||
|
||||
@ -1,12 +1,10 @@
|
||||
using System.Security.Claims;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.Groups;
|
||||
using Bit.Core;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Models.Data.Organizations;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Test.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture.Attributes;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
@ -16,7 +14,6 @@ using Xunit;
|
||||
namespace Bit.Api.Test.Vault.AuthorizationHandlers;
|
||||
|
||||
[SutProviderCustomize]
|
||||
[FeatureServiceCustomize(FeatureFlagKeys.FlexibleCollections)]
|
||||
public class GroupAuthorizationHandlerTests
|
||||
{
|
||||
[Theory]
|
||||
@ -30,7 +27,7 @@ public class GroupAuthorizationHandlerTests
|
||||
organization.Type = userType;
|
||||
organization.Permissions = new Permissions();
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { GroupOperations.ReadAll(organization.Id) },
|
||||
@ -39,7 +36,6 @@ public class GroupAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
@ -54,7 +50,7 @@ public class GroupAuthorizationHandlerTests
|
||||
organization.Type = OrganizationUserType.User;
|
||||
organization.Permissions = new Permissions();
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { GroupOperations.ReadAll(organization.Id) },
|
||||
@ -64,7 +60,6 @@ public class GroupAuthorizationHandlerTests
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.UserId
|
||||
.Returns(userId);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.ProviderUserForOrgAsync(organization.Id)
|
||||
.Returns(true);
|
||||
@ -97,7 +92,7 @@ public class GroupAuthorizationHandlerTests
|
||||
ManageUsers = manageUsers
|
||||
};
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, limitCollectionCreationDeletion);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, limitCollectionCreationDeletion);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { GroupOperations.ReadAll(organization.Id) },
|
||||
@ -106,7 +101,6 @@ public class GroupAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
@ -133,7 +127,7 @@ public class GroupAuthorizationHandlerTests
|
||||
AccessImportExport = false
|
||||
};
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { GroupOperations.ReadAll(organization.Id) },
|
||||
@ -142,7 +136,6 @@ public class GroupAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
@ -153,20 +146,19 @@ public class GroupAuthorizationHandlerTests
|
||||
[Theory, BitAutoData]
|
||||
public async Task CanReadAllAsync_WhenMissingOrgAccess_NoSuccess(
|
||||
Guid userId,
|
||||
Guid organizationId,
|
||||
CurrentContextOrganization organization,
|
||||
SutProvider<GroupAuthorizationHandler> sutProvider)
|
||||
{
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organizationId, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { GroupOperations.ReadAll(organizationId) },
|
||||
new[] { GroupOperations.ReadAll(organization.Id) },
|
||||
new ClaimsPrincipal(),
|
||||
null
|
||||
);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
@ -210,17 +202,16 @@ public class GroupAuthorizationHandlerTests
|
||||
Assert.True(context.HasFailed);
|
||||
}
|
||||
|
||||
private static Dictionary<Guid, OrganizationAbility> ArrangeOrganizationAbilitiesDictionary(Guid orgId,
|
||||
bool limitCollectionCreationDeletion)
|
||||
private static void ArrangeOrganizationAbility(
|
||||
SutProvider<GroupAuthorizationHandler> sutProvider,
|
||||
CurrentContextOrganization organization, bool limitCollectionCreationDeletion)
|
||||
{
|
||||
return new Dictionary<Guid, OrganizationAbility>
|
||||
{
|
||||
{ orgId,
|
||||
new OrganizationAbility
|
||||
{
|
||||
LimitCollectionCreationDeletion = limitCollectionCreationDeletion
|
||||
}
|
||||
}
|
||||
};
|
||||
var organizationAbility = new OrganizationAbility();
|
||||
organizationAbility.Id = organization.Id;
|
||||
organizationAbility.FlexibleCollections = true;
|
||||
organizationAbility.LimitCollectionCreationDeletion = limitCollectionCreationDeletion;
|
||||
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
|
||||
.Returns(organizationAbility);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,12 +1,10 @@
|
||||
using System.Security.Claims;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
|
||||
using Bit.Core;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Models.Data.Organizations;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Test.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture.Attributes;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
@ -16,7 +14,6 @@ using Xunit;
|
||||
namespace Bit.Api.Test.Vault.AuthorizationHandlers;
|
||||
|
||||
[SutProviderCustomize]
|
||||
[FeatureServiceCustomize(FeatureFlagKeys.FlexibleCollections)]
|
||||
public class OrganizationUserAuthorizationHandlerTests
|
||||
{
|
||||
[Theory]
|
||||
@ -30,7 +27,7 @@ public class OrganizationUserAuthorizationHandlerTests
|
||||
organization.Type = userType;
|
||||
organization.Permissions = new Permissions();
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { OrganizationUserOperations.ReadAll(organization.Id) },
|
||||
@ -39,7 +36,6 @@ public class OrganizationUserAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
@ -54,7 +50,7 @@ public class OrganizationUserAuthorizationHandlerTests
|
||||
organization.Type = OrganizationUserType.User;
|
||||
organization.Permissions = new Permissions();
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { OrganizationUserOperations.ReadAll(organization.Id) },
|
||||
@ -64,7 +60,6 @@ public class OrganizationUserAuthorizationHandlerTests
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.UserId
|
||||
.Returns(userId);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.ProviderUserForOrgAsync(organization.Id)
|
||||
.Returns(true);
|
||||
@ -97,7 +92,7 @@ public class OrganizationUserAuthorizationHandlerTests
|
||||
ManageUsers = manageUsers
|
||||
};
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, limitCollectionCreationDeletion);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, limitCollectionCreationDeletion);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { OrganizationUserOperations.ReadAll(organization.Id) },
|
||||
@ -106,7 +101,6 @@ public class OrganizationUserAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
@ -132,7 +126,7 @@ public class OrganizationUserAuthorizationHandlerTests
|
||||
ManageUsers = false
|
||||
};
|
||||
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { OrganizationUserOperations.ReadAll(organization.Id) },
|
||||
@ -141,7 +135,6 @@ public class OrganizationUserAuthorizationHandlerTests
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
@ -152,20 +145,19 @@ public class OrganizationUserAuthorizationHandlerTests
|
||||
[Theory, BitAutoData]
|
||||
public async Task HandleRequirementAsync_WhenMissingOrgAccess_NoSuccess(
|
||||
Guid userId,
|
||||
Guid organizationId,
|
||||
CurrentContextOrganization organization,
|
||||
SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
|
||||
{
|
||||
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organizationId, true);
|
||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { OrganizationUserOperations.ReadAll(organizationId) },
|
||||
new[] { OrganizationUserOperations.ReadAll(organization.Id) },
|
||||
new ClaimsPrincipal(),
|
||||
null
|
||||
);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
@ -207,17 +199,16 @@ public class OrganizationUserAuthorizationHandlerTests
|
||||
Assert.True(context.HasFailed);
|
||||
}
|
||||
|
||||
private static Dictionary<Guid, OrganizationAbility> ArrangeOrganizationAbilitiesDictionary(Guid orgId,
|
||||
bool limitCollectionCreationDeletion)
|
||||
private static void ArrangeOrganizationAbility(
|
||||
SutProvider<OrganizationUserAuthorizationHandler> sutProvider,
|
||||
CurrentContextOrganization organization, bool limitCollectionCreationDeletion)
|
||||
{
|
||||
return new Dictionary<Guid, OrganizationAbility>
|
||||
{
|
||||
{ orgId,
|
||||
new OrganizationAbility
|
||||
{
|
||||
LimitCollectionCreationDeletion = limitCollectionCreationDeletion
|
||||
}
|
||||
}
|
||||
};
|
||||
var organizationAbility = new OrganizationAbility();
|
||||
organizationAbility.Id = organization.Id;
|
||||
organizationAbility.FlexibleCollections = true;
|
||||
organizationAbility.LimitCollectionCreationDeletion = limitCollectionCreationDeletion;
|
||||
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
|
||||
.Returns(organizationAbility);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user