[AC-1139] Renamed existing CollectionAuthorizationHandler to BulkCollectionAuthorizationHandler for collections and created CollectionAuthorizationHandler for single item access. Fixed unit tests and created more

2025-07-02 16:42:50 -05:00 · 2023-10-25 16:19:25 +01:00
parent 20fe2bcc5b
commit e57469859c
6 changed files with 562 additions and 436 deletions
--- a/test/Api.Test/Controllers/CollectionsControllerTests.cs
+++ b/test/Api.Test/Controllers/CollectionsControllerTests.cs
@ -47,101 +47,90 @@ public class CollectionsControllerTests
    }

    [Theory, BitAutoData]
-    public async Task Put_Success(Guid orgId, Guid collectionId, Guid userId, CollectionRequestModel collectionRequest,
+    public async Task Put_Success(Collection collection, CollectionRequestModel collectionRequest,
        SutProvider<CollectionsController> sutProvider)
    {
-        sutProvider.GetDependency<ICurrentContext>()
-            .ViewAssignedCollections(orgId)
-            .Returns(true);
-
-        sutProvider.GetDependency<ICurrentContext>()
-            .EditAssignedCollections(orgId)
-            .Returns(true);
-
-        sutProvider.GetDependency<ICurrentContext>()
-            .UserId
-            .Returns(userId);
+        Collection ExpectedCollection() => Arg.Is<Collection>(c => c.Id == collection.Id &&
+            c.Name == collectionRequest.Name && c.ExternalId == collectionRequest.ExternalId &&
+            c.OrganizationId == collection.OrganizationId);

        sutProvider.GetDependency<ICollectionRepository>()
-            .GetByIdAsync(collectionId, userId)
-            .Returns(new CollectionDetails
-            {
-                OrganizationId = orgId,
-            });
+            .GetByIdAsync(collection.Id)
+            .Returns(collection);

-        _ = await sutProvider.Sut.Put(orgId, collectionId, collectionRequest);
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
+                collection,
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(r => r.Contains(CollectionOperations.Update)))
+            .Returns(AuthorizationResult.Success());
+
+        _ = await sutProvider.Sut.Put(collection.OrganizationId, collection.Id, collectionRequest);
+
+        await sutProvider.GetDependency<ICollectionService>()
+            .Received(1)
+            .SaveAsync(ExpectedCollection(), Arg.Any<IEnumerable<CollectionAccessSelection>>(),
+                Arg.Any<IEnumerable<CollectionAccessSelection>>());
    }

    [Theory, BitAutoData]
-    public async Task Put_CanNotEditAssignedCollection_ThrowsNotFound(Guid orgId, Guid collectionId, Guid userId, CollectionRequestModel collectionRequest,
+    public async Task Put_WithNoCollectionPermission_ThrowsNotFound(Collection collection, CollectionRequestModel collectionRequest,
        SutProvider<CollectionsController> sutProvider)
    {
-        sutProvider.GetDependency<ICurrentContext>()
-            .EditAssignedCollections(orgId)
-            .Returns(true);
-
-        sutProvider.GetDependency<ICurrentContext>()
-            .UserId
-            .Returns(userId);
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
+                collection,
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(r => r.Contains(CollectionOperations.Update)))
+            .Returns(AuthorizationResult.Failed());

        sutProvider.GetDependency<ICollectionRepository>()
-            .GetByIdAsync(collectionId, userId)
-            .Returns(Task.FromResult<CollectionDetails>(null));
+            .GetByIdAsync(collection.Id)
+            .Returns(collection);

-        _ = await Assert.ThrowsAsync<NotFoundException>(async () => await sutProvider.Sut.Put(orgId, collectionId, collectionRequest));
+        _ = await Assert.ThrowsAsync<NotFoundException>(async () => await sutProvider.Sut.Put(collection.OrganizationId, collection.Id, collectionRequest));
    }

    [Theory, BitAutoData]
-    public async Task GetOrganizationCollectionsWithGroups_NoManagerPermissions_ThrowsNotFound(Organization organization, SutProvider<CollectionsController> sutProvider)
+    public async Task GetOrganizationCollectionsWithGroups_WithReadAllPermissions_GetsAllCollections(Organization organization, Guid userId, SutProvider<CollectionsController> sutProvider)
    {
-        sutProvider.GetDependency<ICurrentContext>().ViewAssignedCollections(organization.Id).Returns(false);
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);

-        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetManyWithDetails(organization.Id));
-        await sutProvider.GetDependency<ICollectionRepository>().DidNotReceiveWithAnyArgs().GetManyByOrganizationIdWithAccessAsync(default);
-        await sutProvider.GetDependency<ICollectionRepository>().DidNotReceiveWithAnyArgs().GetManyByUserIdWithAccessAsync(default, default);
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetOrganizationCollectionsWithGroups_AdminPermissions_GetsAllCollections(Organization organization, User user, SutProvider<CollectionsController> sutProvider)
-    {
-        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(user.Id);
-        sutProvider.GetDependency<ICurrentContext>().ViewAllCollections(organization.Id).Returns(true);
-        sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organization.Id).Returns(true);
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(
+                Arg.Any<ClaimsPrincipal>(),
+                Arg.Any<object>(),
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(requirements =>
+                    requirements.Cast<CollectionOperationRequirement>().All(operation =>
+                        operation.Name == nameof(CollectionOperations.ReadAll)
+                        && operation.OrganizationId == organization.Id)))
+            .Returns(AuthorizationResult.Success());

        await sutProvider.Sut.GetManyWithDetails(organization.Id);

-        await sutProvider.GetDependency<ICollectionRepository>().Received().GetManyByOrganizationIdWithAccessAsync(organization.Id);
-        await sutProvider.GetDependency<ICollectionRepository>().Received().GetManyByUserIdWithAccessAsync(user.Id, organization.Id);
+        await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByUserIdWithAccessAsync(userId, organization.Id);
+        await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByOrganizationIdWithAccessAsync(organization.Id);
    }

    [Theory, BitAutoData]
-    public async Task GetOrganizationCollectionsWithGroups_MissingViewAllPermissions_GetsAssignedCollections(Organization organization, User user, SutProvider<CollectionsController> sutProvider)
+    public async Task GetOrganizationCollectionsWithGroups_MissingReadAllPermissions_GetsAssignedCollections(Organization organization, Guid userId, SutProvider<CollectionsController> sutProvider)
    {
-        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(user.Id);
-        sutProvider.GetDependency<ICurrentContext>().ViewAssignedCollections(organization.Id).Returns(true);
-        sutProvider.GetDependency<ICurrentContext>().OrganizationManager(organization.Id).Returns(true);
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
+
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(
+                Arg.Any<ClaimsPrincipal>(),
+                Arg.Any<object>(),
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(requirements =>
+                    requirements.Cast<CollectionOperationRequirement>().All(operation =>
+                        operation.Name == nameof(CollectionOperations.ReadAll)
+                        && operation.OrganizationId == organization.Id)))
+            .Returns(AuthorizationResult.Failed());

        await sutProvider.Sut.GetManyWithDetails(organization.Id);

-        await sutProvider.GetDependency<ICollectionRepository>().DidNotReceiveWithAnyArgs().GetManyByOrganizationIdWithAccessAsync(default);
-        await sutProvider.GetDependency<ICollectionRepository>().Received().GetManyByUserIdWithAccessAsync(user.Id, organization.Id);
+        await sutProvider.GetDependency<ICollectionRepository>().Received(1).GetManyByUserIdWithAccessAsync(userId, organization.Id);
+        await sutProvider.GetDependency<ICollectionRepository>().DidNotReceive().GetManyByOrganizationIdWithAccessAsync(organization.Id);
    }

-    [Theory, BitAutoData]
-    public async Task GetOrganizationCollectionsWithGroups_CustomUserWithManagerPermissions_GetsAssignedCollections(Organization organization, User user, SutProvider<CollectionsController> sutProvider)
-    {
-        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(user.Id);
-        sutProvider.GetDependency<ICurrentContext>().ViewAssignedCollections(organization.Id).Returns(true);
-        sutProvider.GetDependency<ICurrentContext>().EditAssignedCollections(organization.Id).Returns(true);
-
-
-        await sutProvider.Sut.GetManyWithDetails(organization.Id);
-
-        await sutProvider.GetDependency<ICollectionRepository>().DidNotReceiveWithAnyArgs().GetManyByOrganizationIdWithAccessAsync(default);
-        await sutProvider.GetDependency<ICollectionRepository>().Received().GetManyByUserIdWithAccessAsync(user.Id, organization.Id);
-    }
-
-
    [Theory, BitAutoData]
    public async Task DeleteMany_Success(Guid orgId, Collection collection1, Collection collection2, SutProvider<CollectionsController> sutProvider)
    {