mirror of
https://github.com/bitwarden/server.git
synced 2024-11-21 12:05:42 +01:00
ebd88393c8
* Add the ability to get multi projects access * Add access policy helper + tests * Add new data/request models * Add access policy operations to repo * Add authz handler for new operations * Add new controller endpoints * add updating service account revision
102 lines
3.6 KiB
C#
102 lines
3.6 KiB
C#
#nullable enable
|
|
using Bit.Api.SecretsManager.Utilities;
|
|
using Bit.Core.Exceptions;
|
|
using Bit.Core.SecretsManager.Entities;
|
|
using Bit.Core.Test.SecretsManager.AutoFixture.ProjectsFixture;
|
|
using Bit.Core.Test.SecretsManager.AutoFixture.SecretsFixture;
|
|
using Bit.Test.Common.AutoFixture.Attributes;
|
|
using Xunit;
|
|
|
|
namespace Bit.Api.Test.SecretsManager.Utilities;
|
|
|
|
[ProjectCustomize]
|
|
[SecretCustomize]
|
|
public class AccessPolicyHelpersTests
|
|
{
|
|
[Theory]
|
|
[BitAutoData]
|
|
public void CheckForDistinctAccessPolicies_DuplicateAccessPolicies_ThrowsBadRequestException(
|
|
UserProjectAccessPolicy userProjectAccessPolicy, UserServiceAccountAccessPolicy userServiceAccountAccessPolicy,
|
|
GroupProjectAccessPolicy groupProjectAccessPolicy,
|
|
GroupServiceAccountAccessPolicy groupServiceAccountAccessPolicy,
|
|
ServiceAccountProjectAccessPolicy serviceAccountProjectAccessPolicy)
|
|
{
|
|
var accessPolicies = new List<BaseAccessPolicy>
|
|
{
|
|
userProjectAccessPolicy,
|
|
userProjectAccessPolicy,
|
|
userServiceAccountAccessPolicy,
|
|
userServiceAccountAccessPolicy,
|
|
groupProjectAccessPolicy,
|
|
groupProjectAccessPolicy,
|
|
groupServiceAccountAccessPolicy,
|
|
groupServiceAccountAccessPolicy,
|
|
serviceAccountProjectAccessPolicy,
|
|
serviceAccountProjectAccessPolicy
|
|
};
|
|
|
|
Assert.Throws<BadRequestException>(() =>
|
|
{
|
|
AccessPolicyHelpers.CheckForDistinctAccessPolicies(accessPolicies);
|
|
});
|
|
}
|
|
|
|
[Fact]
|
|
public void CheckForDistinctAccessPolicies_UnsupportedAccessPolicy_ThrowsArgumentException()
|
|
{
|
|
var accessPolicies = new List<BaseAccessPolicy> { new UnsupportedAccessPolicy() };
|
|
|
|
Assert.Throws<ArgumentException>(() => { AccessPolicyHelpers.CheckForDistinctAccessPolicies(accessPolicies); });
|
|
}
|
|
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public void CheckForDistinctAccessPolicies_DistinctPolicies_Success(UserProjectAccessPolicy userProjectAccessPolicy,
|
|
UserServiceAccountAccessPolicy userServiceAccountAccessPolicy,
|
|
GroupProjectAccessPolicy groupProjectAccessPolicy,
|
|
GroupServiceAccountAccessPolicy groupServiceAccountAccessPolicy,
|
|
ServiceAccountProjectAccessPolicy serviceAccountProjectAccessPolicy)
|
|
{
|
|
var accessPolicies = new List<BaseAccessPolicy>
|
|
{
|
|
userProjectAccessPolicy,
|
|
userServiceAccountAccessPolicy,
|
|
groupProjectAccessPolicy,
|
|
groupServiceAccountAccessPolicy,
|
|
serviceAccountProjectAccessPolicy
|
|
};
|
|
|
|
AccessPolicyHelpers.CheckForDistinctAccessPolicies(accessPolicies);
|
|
}
|
|
|
|
[Fact]
|
|
public void CheckAccessPoliciesHaveReadPermission_ReadPermissionFalse_ThrowsBadRequestException()
|
|
{
|
|
var accessPolicies = new List<BaseAccessPolicy>
|
|
{
|
|
new UserProjectAccessPolicy { Read = false, Write = true },
|
|
new GroupProjectAccessPolicy { Read = true, Write = false }
|
|
};
|
|
|
|
Assert.Throws<BadRequestException>(() =>
|
|
{
|
|
AccessPolicyHelpers.CheckAccessPoliciesHaveReadPermission(accessPolicies);
|
|
});
|
|
}
|
|
|
|
[Fact]
|
|
public void CheckAccessPoliciesHaveReadPermission_AllReadIsTrue_Success()
|
|
{
|
|
var accessPolicies = new List<BaseAccessPolicy>
|
|
{
|
|
new UserProjectAccessPolicy { Read = true, Write = true },
|
|
new GroupProjectAccessPolicy { Read = true, Write = false }
|
|
};
|
|
|
|
AccessPolicyHelpers.CheckAccessPoliciesHaveReadPermission(accessPolicies);
|
|
}
|
|
|
|
private class UnsupportedAccessPolicy : BaseAccessPolicy;
|
|
}
|