mirror of
https://github.com/bitwarden/server.git
synced 2025-06-30 07:36:14 -05:00
[AC-2655] Remove old permissions logic from CollectionsController (#4185)
* Replace all old methods with vNext methods * Remove remaining Flexible Collections checks and remove helper method * Remove unused private methods * Update tests
This commit is contained in:
Thomas Rittson
@ -2,11 +2,11 @@
|
||||
using Bit.Api.Controllers;
|
||||
using Bit.Api.Models.Request;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||
using Bit.Core.AdminConsole.Entities;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Models.Data.Organizations;
|
||||
using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
@ -23,14 +23,12 @@ namespace Bit.Api.Test.Controllers;
|
||||
public class CollectionsControllerTests
|
||||
{
|
||||
[Theory, BitAutoData]
|
||||
public async Task Post_Success(OrganizationAbility organizationAbility, CollectionRequestModel collectionRequest,
|
||||
public async Task Post_Success(Organization organization, CollectionRequestModel collectionRequest,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
|
||||
Collection ExpectedCollection() => Arg.Is<Collection>(c =>
|
||||
c.Name == collectionRequest.Name && c.ExternalId == collectionRequest.ExternalId &&
|
||||
c.OrganizationId == organizationAbility.Id);
|
||||
c.OrganizationId == organization.Id);
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
|
||||
@ -38,7 +36,7 @@ public class CollectionsControllerTests
|
||||
Arg.Is<IEnumerable<IAuthorizationRequirement>>(r => r.Contains(BulkCollectionOperations.Create)))
|
||||
.Returns(AuthorizationResult.Success());
|
||||
|
||||
_ = await sutProvider.Sut.Post(organizationAbility.Id, collectionRequest);
|
||||
_ = await sutProvider.Sut.Post(organization.Id, collectionRequest);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionService>()
|
||||
.Received(1)
|
||||
@ -48,11 +46,8 @@ public class CollectionsControllerTests
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task Put_Success(Collection collection, CollectionRequestModel collectionRequest,
|
||||
SutProvider<CollectionsController> sutProvider, OrganizationAbility organizationAbility)
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collection.OrganizationId = organizationAbility.Id;
|
||||
|
||||
Collection ExpectedCollection() => Arg.Is<Collection>(c => c.Id == collection.Id &&
|
||||
c.Name == collectionRequest.Name && c.ExternalId == collectionRequest.ExternalId &&
|
||||
c.OrganizationId == collection.OrganizationId);
|
||||
@ -77,11 +72,8 @@ public class CollectionsControllerTests
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task Put_WithNoCollectionPermission_ThrowsNotFound(Collection collection, CollectionRequestModel collectionRequest,
|
||||
SutProvider<CollectionsController> sutProvider, OrganizationAbility organizationAbility)
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collection.OrganizationId = organizationAbility.Id;
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
|
||||
collection,
|
||||
@ -96,11 +88,9 @@ public class CollectionsControllerTests
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollectionsWithGroups_WithReadAllPermissions_GetsAllCollections(OrganizationAbility organizationAbility,
|
||||
public async Task GetOrganizationCollectionsWithGroups_WithReadAllPermissions_GetsAllCollections(Organization organization,
|
||||
Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
@ -110,20 +100,20 @@ public class CollectionsControllerTests
|
||||
Arg.Is<IEnumerable<IAuthorizationRequirement>>(requirements =>
|
||||
requirements.Cast<CollectionOperationRequirement>().All(operation =>
|
||||
operation.Name == nameof(CollectionOperations.ReadAllWithAccess)
|
||||
&& operation.OrganizationId == organizationAbility.Id)))
|
||||
&& operation.OrganizationId == organization.Id)))
|
||||
.Returns(AuthorizationResult.Success());
|
||||
|
||||
await sutProvider.Sut.GetManyWithDetails(organizationAbility.Id);
|
||||
await sutProvider.Sut.GetManyWithDetails(organization.Id);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByOrganizationIdWithPermissionsAsync(organizationAbility.Id, userId, true);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByOrganizationIdWithPermissionsAsync(organization.Id, userId, true);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollectionsWithGroups_MissingReadAllPermissions_GetsAssignedCollections(
|
||||
OrganizationAbility organizationAbility, Guid userId, SutProvider<CollectionsController> sutProvider, List<CollectionAdminDetails> collections)
|
||||
Organization organization, Guid userId, SutProvider<CollectionsController> sutProvider,
|
||||
List<CollectionAdminDetails> collections)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collections.ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
collections.ForEach(c => c.OrganizationId = organization.Id);
|
||||
collections.ForEach(c => c.Manage = false);
|
||||
|
||||
var managedCollection = collections.First();
|
||||
@ -138,7 +128,7 @@ public class CollectionsControllerTests
|
||||
Arg.Is<IEnumerable<IAuthorizationRequirement>>(requirements =>
|
||||
requirements.Cast<CollectionOperationRequirement>().All(operation =>
|
||||
operation.Name == nameof(CollectionOperations.ReadAllWithAccess)
|
||||
&& operation.OrganizationId == organizationAbility.Id)))
|
||||
&& operation.OrganizationId == organization.Id)))
|
||||
.Returns(AuthorizationResult.Failed());
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
@ -151,23 +141,23 @@ public class CollectionsControllerTests
|
||||
.Returns(AuthorizationResult.Success());
|
||||
|
||||
sutProvider.GetDependency<ICollectionRepository>()
|
||||
.GetManyByOrganizationIdWithPermissionsAsync(organizationAbility.Id, userId, true)
|
||||
.GetManyByOrganizationIdWithPermissionsAsync(organization.Id, userId, true)
|
||||
.Returns(collections);
|
||||
|
||||
var response = await sutProvider.Sut.GetManyWithDetails(organizationAbility.Id);
|
||||
var response = await sutProvider.Sut.GetManyWithDetails(organization.Id);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByOrganizationIdWithPermissionsAsync(organizationAbility.Id, userId, true);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByOrganizationIdWithPermissionsAsync(organization.Id, userId, true);
|
||||
Assert.Single(response.Data);
|
||||
Assert.All(response.Data, c => Assert.Equal(organizationAbility.Id, c.OrganizationId));
|
||||
Assert.All(response.Data, c => Assert.Equal(organization.Id, c.OrganizationId));
|
||||
Assert.All(response.Data, c => Assert.Equal(managedCollection.Id, c.Id));
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollections_WithReadAllPermissions_GetsAllCollections(
|
||||
OrganizationAbility organizationAbility, List<Collection> collections, Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
Organization organization, List<Collection> collections, Guid userId,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collections.ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
collections.ForEach(c => c.OrganizationId = organization.Id);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
|
||||
@ -178,26 +168,25 @@ public class CollectionsControllerTests
|
||||
Arg.Is<IEnumerable<IAuthorizationRequirement>>(requirements =>
|
||||
requirements.Cast<CollectionOperationRequirement>().All(operation =>
|
||||
operation.Name == nameof(CollectionOperations.ReadAll)
|
||||
&& operation.OrganizationId == organizationAbility.Id)))
|
||||
&& operation.OrganizationId == organization.Id)))
|
||||
.Returns(AuthorizationResult.Success());
|
||||
|
||||
sutProvider.GetDependency<ICollectionRepository>()
|
||||
.GetManyByOrganizationIdAsync(organizationAbility.Id)
|
||||
.GetManyByOrganizationIdAsync(organization.Id)
|
||||
.Returns(collections);
|
||||
|
||||
var response = await sutProvider.Sut.Get(organizationAbility.Id);
|
||||
var response = await sutProvider.Sut.Get(organization.Id);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByOrganizationIdAsync(organizationAbility.Id);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByOrganizationIdAsync(organization.Id);
|
||||
|
||||
Assert.Equal(collections.Count, response.Data.Count());
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollections_MissingReadAllPermissions_GetsManageableCollections(
|
||||
OrganizationAbility organizationAbility, List<CollectionDetails> collections, Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
Organization organization, List<CollectionDetails> collections, Guid userId, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collections.ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
collections.ForEach(c => c.OrganizationId = organization.Id);
|
||||
collections.ForEach(c => c.Manage = false);
|
||||
|
||||
var managedCollection = collections.First();
|
||||
@ -212,7 +201,7 @@ public class CollectionsControllerTests
|
||||
Arg.Is<IEnumerable<IAuthorizationRequirement>>(requirements =>
|
||||
requirements.Cast<CollectionOperationRequirement>().All(operation =>
|
||||
operation.Name == nameof(CollectionOperations.ReadAll)
|
||||
&& operation.OrganizationId == organizationAbility.Id)))
|
||||
&& operation.OrganizationId == organization.Id)))
|
||||
.Returns(AuthorizationResult.Failed());
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
@ -228,24 +217,22 @@ public class CollectionsControllerTests
|
||||
.GetManyByUserIdAsync(userId, false)
|
||||
.Returns(collections);
|
||||
|
||||
var result = await sutProvider.Sut.Get(organizationAbility.Id);
|
||||
var result = await sutProvider.Sut.Get(organization.Id);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionRepository>().DidNotReceive().GetManyByOrganizationIdAsync(organizationAbility.Id);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().DidNotReceive().GetManyByOrganizationIdAsync(organization.Id);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByUserIdAsync(userId, false);
|
||||
|
||||
Assert.Single(result.Data);
|
||||
Assert.All(result.Data, c => Assert.Equal(organizationAbility.Id, c.OrganizationId));
|
||||
Assert.All(result.Data, c => Assert.Equal(organization.Id, c.OrganizationId));
|
||||
Assert.All(result.Data, c => Assert.Equal(managedCollection.Id, c.Id));
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task DeleteMany_Success(OrganizationAbility organizationAbility, Collection collection1, Collection collection2,
|
||||
public async Task DeleteMany_Success(Organization organization, Collection collection1, Collection collection2,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
// Arrange
|
||||
var orgId = organizationAbility.Id;
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
|
||||
var orgId = organization.Id;
|
||||
var model = new CollectionBulkDeleteRequestModel
|
||||
{
|
||||
Ids = new[] { collection1.Id, collection2.Id }
|
||||
@ -285,13 +272,11 @@ public class CollectionsControllerTests
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task DeleteMany_PermissionDenied_ThrowsNotFound(OrganizationAbility organizationAbility, Collection collection1,
|
||||
public async Task DeleteMany_PermissionDenied_ThrowsNotFound(Organization organization, Collection collection1,
|
||||
Collection collection2, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
// Arrange
|
||||
var orgId = organizationAbility.Id;
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
|
||||
var orgId = organization.Id;
|
||||
var model = new CollectionBulkDeleteRequestModel
|
||||
{
|
||||
Ids = new[] { collection1.Id, collection2.Id }
|
||||
@ -331,12 +316,10 @@ public class CollectionsControllerTests
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task PostBulkCollectionAccess_Success(User actingUser, List<Collection> collections,
|
||||
OrganizationAbility organizationAbility, SutProvider<CollectionsController> sutProvider)
|
||||
Organization organization, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
// Arrange
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collections.ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
|
||||
collections.ForEach(c => c.OrganizationId = organization.Id);
|
||||
var userId = Guid.NewGuid();
|
||||
var groupId = Guid.NewGuid();
|
||||
var model = new BulkCollectionAccessRequestModel
|
||||
@ -365,7 +348,7 @@ public class CollectionsControllerTests
|
||||
IEnumerable<Collection> ExpectedCollectionAccess() => Arg.Is<IEnumerable<Collection>>(cols => cols.SequenceEqual(collections));
|
||||
|
||||
// Act
|
||||
await sutProvider.Sut.PostBulkCollectionAccess(organizationAbility.Id, model);
|
||||
await sutProvider.Sut.PostBulkCollectionAccess(organization.Id, model);
|
||||
|
||||
// Assert
|
||||
await sutProvider.GetDependency<IAuthorizationService>().Received().AuthorizeAsync(
|
||||
@ -384,11 +367,10 @@ public class CollectionsControllerTests
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task PostBulkCollectionAccess_CollectionsNotFound_Throws(User actingUser,
|
||||
OrganizationAbility organizationAbility, List<Collection> collections,
|
||||
Organization organization, List<Collection> collections,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collections.ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
collections.ForEach(c => c.OrganizationId = organization.Id);
|
||||
|
||||
var userId = Guid.NewGuid();
|
||||
var groupId = Guid.NewGuid();
|
||||
@ -407,7 +389,7 @@ public class CollectionsControllerTests
|
||||
.Returns(collections.Skip(1).ToList());
|
||||
|
||||
var exception = await Assert.ThrowsAsync<NotFoundException>(
|
||||
() => sutProvider.Sut.PostBulkCollectionAccess(organizationAbility.Id, model));
|
||||
() => sutProvider.Sut.PostBulkCollectionAccess(organization.Id, model));
|
||||
|
||||
Assert.Equal("One or more collections not found.", exception.Message);
|
||||
await sutProvider.GetDependency<IAuthorizationService>().DidNotReceiveWithAnyArgs().AuthorizeAsync(
|
||||
@ -421,13 +403,11 @@ public class CollectionsControllerTests
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task PostBulkCollectionAccess_CollectionsBelongToDifferentOrganizations_Throws(User actingUser,
|
||||
OrganizationAbility organizationAbility, List<Collection> collections,
|
||||
Organization organization, List<Collection> collections,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
|
||||
// First collection has a different orgId
|
||||
collections.Skip(1).ToList().ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
collections.Skip(1).ToList().ForEach(c => c.OrganizationId = organization.Id);
|
||||
|
||||
var userId = Guid.NewGuid();
|
||||
var groupId = Guid.NewGuid();
|
||||
@ -446,7 +426,7 @@ public class CollectionsControllerTests
|
||||
.Returns(collections);
|
||||
|
||||
var exception = await Assert.ThrowsAsync<NotFoundException>(
|
||||
() => sutProvider.Sut.PostBulkCollectionAccess(organizationAbility.Id, model));
|
||||
() => sutProvider.Sut.PostBulkCollectionAccess(organization.Id, model));
|
||||
|
||||
Assert.Equal("One or more collections not found.", exception.Message);
|
||||
await sutProvider.GetDependency<IAuthorizationService>().DidNotReceiveWithAnyArgs().AuthorizeAsync(
|
||||
@ -458,42 +438,11 @@ public class CollectionsControllerTests
|
||||
.AddAccessAsync(default, default, default);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task PostBulkCollectionAccess_FlexibleCollectionsDisabled_Throws(OrganizationAbility organizationAbility, List<Collection> collections,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
organizationAbility.FlexibleCollections = false;
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
|
||||
.Returns(organizationAbility);
|
||||
|
||||
var userId = Guid.NewGuid();
|
||||
var groupId = Guid.NewGuid();
|
||||
var model = new BulkCollectionAccessRequestModel
|
||||
{
|
||||
CollectionIds = collections.Select(c => c.Id),
|
||||
Users = new[] { new SelectionReadOnlyRequestModel { Id = userId, Manage = true } },
|
||||
Groups = new[] { new SelectionReadOnlyRequestModel { Id = groupId, ReadOnly = true } },
|
||||
};
|
||||
|
||||
var exception = await Assert.ThrowsAsync<NotFoundException>(
|
||||
() => sutProvider.Sut.PostBulkCollectionAccess(organizationAbility.Id, model));
|
||||
|
||||
Assert.Equal("Feature disabled.", exception.Message);
|
||||
await sutProvider.GetDependency<IAuthorizationService>().DidNotReceiveWithAnyArgs().AuthorizeAsync(
|
||||
Arg.Any<ClaimsPrincipal>(),
|
||||
Arg.Any<IEnumerable<Collection>>(),
|
||||
Arg.Any<IEnumerable<IAuthorizationRequirement>>()
|
||||
);
|
||||
await sutProvider.GetDependency<IBulkAddCollectionAccessCommand>().DidNotReceiveWithAnyArgs()
|
||||
.AddAccessAsync(default, default, default);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task PostBulkCollectionAccess_AccessDenied_Throws(User actingUser, List<Collection> collections,
|
||||
OrganizationAbility organizationAbility, SutProvider<CollectionsController> sutProvider)
|
||||
Organization organization, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
ArrangeOrganizationAbility(sutProvider, organizationAbility);
|
||||
collections.ForEach(c => c.OrganizationId = organizationAbility.Id);
|
||||
collections.ForEach(c => c.OrganizationId = organization.Id);
|
||||
|
||||
var userId = Guid.NewGuid();
|
||||
var groupId = Guid.NewGuid();
|
||||
@ -522,7 +471,7 @@ public class CollectionsControllerTests
|
||||
|
||||
IEnumerable<Collection> ExpectedCollectionAccess() => Arg.Is<IEnumerable<Collection>>(cols => cols.SequenceEqual(collections));
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.PostBulkCollectionAccess(organizationAbility.Id, model));
|
||||
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.PostBulkCollectionAccess(organization.Id, model));
|
||||
await sutProvider.GetDependency<IAuthorizationService>().Received().AuthorizeAsync(
|
||||
Arg.Any<ClaimsPrincipal>(),
|
||||
ExpectedCollectionAccess(),
|
||||
@ -534,12 +483,4 @@ public class CollectionsControllerTests
|
||||
await sutProvider.GetDependency<IBulkAddCollectionAccessCommand>().DidNotReceiveWithAnyArgs()
|
||||
.AddAccessAsync(default, default, default);
|
||||
}
|
||||
|
||||
private void ArrangeOrganizationAbility(SutProvider<CollectionsController> sutProvider, OrganizationAbility organizationAbility)
|
||||
{
|
||||
organizationAbility.FlexibleCollections = true;
|
||||
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
|
||||
.Returns(organizationAbility);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,318 +0,0 @@
|
||||
using Bit.Api.Controllers;
|
||||
using Bit.Api.Models.Request;
|
||||
using Bit.Core.AdminConsole.Entities;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Test.Common.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture.Attributes;
|
||||
using NSubstitute;
|
||||
using Xunit;
|
||||
using Collection = Bit.Core.Entities.Collection;
|
||||
using User = Bit.Core.Entities.User;
|
||||
|
||||
namespace Bit.Api.Test.Controllers;
|
||||
|
||||
/// <summary>
|
||||
/// CollectionsController tests that use pre-Flexible Collections logic. To be removed when the feature flag is removed.
|
||||
/// Note the feature flag defaults to OFF so it is not explicitly set in these tests.
|
||||
/// </summary>
|
||||
[ControllerCustomize(typeof(CollectionsController))]
|
||||
[SutProviderCustomize]
|
||||
public class LegacyCollectionsControllerTests
|
||||
{
|
||||
[Theory, BitAutoData]
|
||||
public async Task Post_Manager_AssignsToCollection_Success(Guid orgId, OrganizationUser orgUser, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
orgUser.Type = OrganizationUserType.Manager;
|
||||
orgUser.Status = OrganizationUserStatusType.Confirmed;
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.OrganizationManager(orgId)
|
||||
.Returns(true);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.EditAnyCollection(orgId)
|
||||
.Returns(false);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.EditAssignedCollections(orgId)
|
||||
.Returns(true);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId = orgUser.UserId;
|
||||
|
||||
sutProvider.GetDependency<IOrganizationUserRepository>().GetByOrganizationAsync(orgId, orgUser.UserId.Value)
|
||||
.Returns(orgUser);
|
||||
|
||||
sutProvider.GetDependency<ICollectionRepository>()
|
||||
.GetByIdAsync(Arg.Any<Guid>(), orgUser.UserId.Value, Arg.Any<bool>())
|
||||
.Returns(new CollectionDetails());
|
||||
|
||||
var collectionRequest = new CollectionRequestModel
|
||||
{
|
||||
Name = "encrypted_string",
|
||||
ExternalId = "my_external_id"
|
||||
};
|
||||
|
||||
_ = await sutProvider.Sut.Post(orgId, collectionRequest);
|
||||
|
||||
var test = sutProvider.GetDependency<ICollectionService>().ReceivedCalls();
|
||||
await sutProvider.GetDependency<ICollectionService>()
|
||||
.Received(1)
|
||||
.SaveAsync(Arg.Any<Collection>(), Arg.Any<IEnumerable<CollectionAccessSelection>>(),
|
||||
Arg.Is<IEnumerable<CollectionAccessSelection>>(users => users.Any(u => u.Id == orgUser.Id && !u.ReadOnly && !u.HidePasswords && !u.Manage)));
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task Post_Owner_DoesNotAssignToCollection_Success(Guid orgId, OrganizationUser orgUser, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
orgUser.Type = OrganizationUserType.Owner;
|
||||
orgUser.Status = OrganizationUserStatusType.Confirmed;
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.OrganizationManager(orgId)
|
||||
.Returns(true);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.EditAnyCollection(orgId)
|
||||
.Returns(true);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.EditAssignedCollections(orgId)
|
||||
.Returns(true);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId = orgUser.UserId;
|
||||
|
||||
sutProvider.GetDependency<IOrganizationUserRepository>().GetByOrganizationAsync(orgId, orgUser.UserId.Value)
|
||||
.Returns(orgUser);
|
||||
|
||||
sutProvider.GetDependency<ICollectionRepository>()
|
||||
.GetByIdAsync(Arg.Any<Guid>(), orgUser.UserId.Value, Arg.Any<bool>())
|
||||
.Returns(new CollectionDetails());
|
||||
|
||||
var collectionRequest = new CollectionRequestModel
|
||||
{
|
||||
Name = "encrypted_string",
|
||||
ExternalId = "my_external_id"
|
||||
};
|
||||
|
||||
_ = await sutProvider.Sut.Post(orgId, collectionRequest);
|
||||
|
||||
var test = sutProvider.GetDependency<ICollectionService>().ReceivedCalls();
|
||||
await sutProvider.GetDependency<ICollectionService>()
|
||||
.Received(1)
|
||||
.SaveAsync(Arg.Any<Collection>(), Arg.Any<IEnumerable<CollectionAccessSelection>>(),
|
||||
Arg.Is<IEnumerable<CollectionAccessSelection>>(users => !users.Any()));
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task Put_Success(Guid orgId, Guid collectionId, Guid userId, CollectionRequestModel collectionRequest,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.ViewAssignedCollections(orgId)
|
||||
.Returns(true);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.EditAssignedCollections(orgId)
|
||||
.Returns(true);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.UserId
|
||||
.Returns(userId);
|
||||
|
||||
sutProvider.GetDependency<ICollectionRepository>()
|
||||
.GetByIdAsync(collectionId, userId, Arg.Any<bool>())
|
||||
.Returns(new CollectionDetails
|
||||
{
|
||||
OrganizationId = orgId,
|
||||
});
|
||||
|
||||
_ = await sutProvider.Sut.Put(orgId, collectionId, collectionRequest);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task Put_CanNotEditAssignedCollection_ThrowsNotFound(Guid orgId, Guid collectionId, Guid userId, CollectionRequestModel collectionRequest,
|
||||
SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.EditAssignedCollections(orgId)
|
||||
.Returns(true);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.UserId
|
||||
.Returns(userId);
|
||||
|
||||
sutProvider.GetDependency<ICollectionRepository>()
|
||||
.GetByIdAsync(collectionId, userId, Arg.Any<bool>())
|
||||
.Returns(Task.FromResult<CollectionDetails>(null));
|
||||
|
||||
_ = await Assert.ThrowsAsync<NotFoundException>(async () => await sutProvider.Sut.Put(orgId, collectionId, collectionRequest));
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollectionsWithGroups_NoManagerPermissions_ThrowsNotFound(Organization organization, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().ViewAssignedCollections(organization.Id).Returns(false);
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetManyWithDetails(organization.Id));
|
||||
await sutProvider.GetDependency<ICollectionRepository>().DidNotReceiveWithAnyArgs().GetManyByOrganizationIdWithAccessAsync(default);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().DidNotReceiveWithAnyArgs().GetManyByUserIdWithAccessAsync(default, default, default);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollectionsWithGroups_AdminPermissions_GetsAllCollections(Organization organization, User user, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(user.Id);
|
||||
sutProvider.GetDependency<ICurrentContext>().ViewAllCollections(organization.Id).Returns(true);
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organization.Id).Returns(true);
|
||||
|
||||
await sutProvider.Sut.GetManyWithDetails(organization.Id);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received().GetManyByOrganizationIdWithAccessAsync(organization.Id);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received().GetManyByUserIdWithAccessAsync(user.Id, organization.Id, Arg.Any<bool>());
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollectionsWithGroups_MissingViewAllPermissions_GetsAssignedCollections(Organization organization, User user, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(user.Id);
|
||||
sutProvider.GetDependency<ICurrentContext>().ViewAssignedCollections(organization.Id).Returns(true);
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationManager(organization.Id).Returns(true);
|
||||
|
||||
await sutProvider.Sut.GetManyWithDetails(organization.Id);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionRepository>().DidNotReceiveWithAnyArgs().GetManyByOrganizationIdWithAccessAsync(default);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received().GetManyByUserIdWithAccessAsync(user.Id, organization.Id, Arg.Any<bool>());
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetOrganizationCollectionsWithGroups_CustomUserWithManagerPermissions_GetsAssignedCollections(Organization organization, User user, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(user.Id);
|
||||
sutProvider.GetDependency<ICurrentContext>().ViewAssignedCollections(organization.Id).Returns(true);
|
||||
sutProvider.GetDependency<ICurrentContext>().EditAssignedCollections(organization.Id).Returns(true);
|
||||
|
||||
|
||||
await sutProvider.Sut.GetManyWithDetails(organization.Id);
|
||||
|
||||
await sutProvider.GetDependency<ICollectionRepository>().DidNotReceiveWithAnyArgs().GetManyByOrganizationIdWithAccessAsync(default);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().Received().GetManyByUserIdWithAccessAsync(user.Id, organization.Id, Arg.Any<bool>());
|
||||
}
|
||||
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task DeleteMany_Success(Guid orgId, User user, Collection collection1, Collection collection2, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
// Arrange
|
||||
var model = new CollectionBulkDeleteRequestModel
|
||||
{
|
||||
Ids = new[] { collection1.Id, collection2.Id },
|
||||
};
|
||||
|
||||
var collections = new List<Collection>
|
||||
{
|
||||
new CollectionDetails
|
||||
{
|
||||
Id = collection1.Id,
|
||||
OrganizationId = orgId,
|
||||
},
|
||||
new CollectionDetails
|
||||
{
|
||||
Id = collection2.Id,
|
||||
OrganizationId = orgId,
|
||||
},
|
||||
};
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.DeleteAssignedCollections(orgId)
|
||||
.Returns(true);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.UserId
|
||||
.Returns(user.Id);
|
||||
|
||||
sutProvider.GetDependency<ICollectionService>()
|
||||
.GetOrganizationCollectionsAsync(orgId)
|
||||
.Returns(collections);
|
||||
|
||||
// Act
|
||||
await sutProvider.Sut.DeleteMany(orgId, model);
|
||||
|
||||
// Assert
|
||||
await sutProvider.GetDependency<IDeleteCollectionCommand>()
|
||||
.Received(1)
|
||||
.DeleteManyAsync(Arg.Is<IEnumerable<Collection>>(coll => coll.Select(c => c.Id).SequenceEqual(collections.Select(c => c.Id))));
|
||||
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task DeleteMany_CanNotDeleteAssignedCollection_ThrowsNotFound(Guid orgId, Collection collection1, Collection collection2, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
// Arrange
|
||||
var model = new CollectionBulkDeleteRequestModel
|
||||
{
|
||||
Ids = new[] { collection1.Id, collection2.Id },
|
||||
};
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.DeleteAssignedCollections(orgId)
|
||||
.Returns(false);
|
||||
|
||||
// Assert
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
sutProvider.Sut.DeleteMany(orgId, model));
|
||||
|
||||
await sutProvider.GetDependency<IDeleteCollectionCommand>()
|
||||
.DidNotReceiveWithAnyArgs()
|
||||
.DeleteManyAsync((IEnumerable<Collection>)default);
|
||||
|
||||
}
|
||||
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task DeleteMany_UserCanNotAccessCollections_FiltersOutInvalid(Guid orgId, User user, Collection collection1, Collection collection2, SutProvider<CollectionsController> sutProvider)
|
||||
{
|
||||
// Arrange
|
||||
var model = new CollectionBulkDeleteRequestModel
|
||||
{
|
||||
Ids = new[] { collection1.Id, collection2.Id },
|
||||
};
|
||||
|
||||
var collections = new List<Collection>
|
||||
{
|
||||
new CollectionDetails
|
||||
{
|
||||
Id = collection2.Id,
|
||||
OrganizationId = orgId,
|
||||
},
|
||||
};
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.DeleteAssignedCollections(orgId)
|
||||
.Returns(true);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.UserId
|
||||
.Returns(user.Id);
|
||||
|
||||
sutProvider.GetDependency<ICollectionService>()
|
||||
.GetOrganizationCollectionsAsync(orgId)
|
||||
.Returns(collections);
|
||||
|
||||
// Act
|
||||
await sutProvider.Sut.DeleteMany(orgId, model);
|
||||
|
||||
// Assert
|
||||
await sutProvider.GetDependency<IDeleteCollectionCommand>()
|
||||
.Received(1)
|
||||
.DeleteManyAsync(Arg.Is<IEnumerable<Collection>>(coll => coll.Select(c => c.Id).SequenceEqual(collections.Select(c => c.Id))));
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user