50 lines
1.7 KiB
C#
50 lines
1.7 KiB
C#
using System.Security.Claims;
|
|
using Socialize.Api.Infrastructure.Security;
|
|
using Socialize.Api.Modules.Identity.Contracts;
|
|
|
|
namespace Socialize.Tests.Security;
|
|
|
|
public class AccessScopeServiceTests
|
|
{
|
|
[Fact]
|
|
public void Manager_role_does_not_grant_workspace_access_without_workspace_scope()
|
|
{
|
|
Guid workspaceId = Guid.NewGuid();
|
|
ClaimsPrincipal user = CreateUser(KnownRoles.Manager);
|
|
|
|
Assert.False(AccessScopeService.CanAccessWorkspace(user, workspaceId));
|
|
Assert.False(AccessScopeService.CanManageWorkspace(user, workspaceId));
|
|
}
|
|
|
|
[Fact]
|
|
public void Administrator_role_does_not_grant_workspace_access_without_workspace_scope()
|
|
{
|
|
Guid workspaceId = Guid.NewGuid();
|
|
ClaimsPrincipal user = CreateUser(KnownRoles.Administrator);
|
|
|
|
Assert.False(AccessScopeService.CanAccessWorkspace(user, workspaceId));
|
|
Assert.False(AccessScopeService.CanManageWorkspace(user, workspaceId));
|
|
}
|
|
|
|
[Fact]
|
|
public void Manager_can_manage_only_workspaces_in_scope()
|
|
{
|
|
Guid workspaceId = Guid.NewGuid();
|
|
ClaimsPrincipal user = CreateUser(KnownRoles.Manager, new Claim(KnownClaims.WorkspaceScope, workspaceId.ToString()));
|
|
|
|
Assert.True(AccessScopeService.CanAccessWorkspace(user, workspaceId));
|
|
Assert.True(AccessScopeService.CanManageWorkspace(user, workspaceId));
|
|
}
|
|
|
|
private static ClaimsPrincipal CreateUser(string role, params Claim[] claims)
|
|
{
|
|
Claim[] baseClaims =
|
|
[
|
|
new(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString()),
|
|
new(ClaimTypes.Role, role),
|
|
];
|
|
|
|
return new ClaimsPrincipal(new ClaimsIdentity(baseClaims.Concat(claims), "Test"));
|
|
}
|
|
}
|