mirror of
https://github.com/bitwarden/server.git
synced 2024-11-28 13:15:12 +01:00
746a35a14a
* chore: remove fc v1 from groups controller, refs PM-10291 * chore: remove fc v1 from organization users controller, refs PM-10291 * chore: remove fc v1 from organizations controller and clean up unsused imports, refs PM-10291 * chore: remove fc v1 from BulkCollectionAuthorizationHandler, refs PM-10291 * chore: remove fc v1 from CiphersCollections, refs PM-10291 * fix: unit tests related to fc v1 flag removal, refs PM-10291 * chore: update AllowAdminAccessToAllCollectionItems to take optional params, increase usage, refs PM-10291 * fix: format files, refs PM-10291 * chore: revert change to helper method, ignore double cache call, refs PM-10291
94 lines
4.6 KiB
C#
94 lines
4.6 KiB
C#
using System.Security.Claims;
|
|
using Bit.Api.AdminConsole.Controllers;
|
|
using Bit.Api.AdminConsole.Models.Request;
|
|
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
|
using Bit.Core.AdminConsole.Entities;
|
|
using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
|
|
using Bit.Core.Context;
|
|
using Bit.Core.Entities;
|
|
using Bit.Core.Exceptions;
|
|
using Bit.Core.Models.Data;
|
|
using Bit.Core.Models.Data.Organizations;
|
|
using Bit.Core.Repositories;
|
|
using Bit.Core.Services;
|
|
using Bit.Test.Common.AutoFixture;
|
|
using Bit.Test.Common.AutoFixture.Attributes;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using NSubstitute;
|
|
using Xunit;
|
|
|
|
namespace Bit.Api.Test.AdminConsole.Controllers;
|
|
|
|
[ControllerCustomize(typeof(GroupsController))]
|
|
[SutProviderCustomize]
|
|
public class GroupsControllerTests
|
|
{
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async Task Post_AuthorizedToGiveAccessToCollections_Success(Organization organization,
|
|
GroupRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
|
|
{
|
|
// Enable FC
|
|
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
|
|
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = false });
|
|
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
|
|
Arg.Any<IEnumerable<Collection>>(),
|
|
Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs => reqs.Contains(BulkCollectionOperations.ModifyGroupAccess)))
|
|
.Returns(AuthorizationResult.Success());
|
|
|
|
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
|
|
sutProvider.GetDependency<ICurrentContext>().ManageGroups(organization.Id).Returns(true);
|
|
|
|
var response = await sutProvider.Sut.Post(organization.Id, groupRequestModel);
|
|
|
|
var requestModelCollectionIds = groupRequestModel.Collections.Select(c => c.Id).ToHashSet();
|
|
|
|
// Assert that it checked permissions
|
|
await sutProvider.GetDependency<ICurrentContext>().Received(1).ManageGroups(organization.Id);
|
|
await sutProvider.GetDependency<IAuthorizationService>()
|
|
.Received(1)
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
|
|
Arg.Is<IEnumerable<Collection>>(collections =>
|
|
collections.All(c => requestModelCollectionIds.Contains(c.Id))),
|
|
Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
|
|
reqs.Single() == BulkCollectionOperations.ModifyGroupAccess));
|
|
|
|
// Assert that it saved the data
|
|
await sutProvider.GetDependency<ICreateGroupCommand>().Received(1).CreateGroupAsync(
|
|
Arg.Is<Group>(g =>
|
|
g.OrganizationId == organization.Id && g.Name == groupRequestModel.Name),
|
|
organization,
|
|
Arg.Is<ICollection<CollectionAccessSelection>>(access =>
|
|
access.All(c => requestModelCollectionIds.Contains(c.Id))),
|
|
Arg.Any<IEnumerable<Guid>>());
|
|
Assert.Equal(groupRequestModel.Name, response.Name);
|
|
Assert.Equal(organization.Id, response.OrganizationId);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async Task Post_NotAuthorizedToGiveAccessToCollections_Throws(Organization organization, GroupRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
|
|
{
|
|
// Enable FC
|
|
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
|
|
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = false });
|
|
|
|
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
|
|
sutProvider.GetDependency<ICurrentContext>().ManageGroups(organization.Id).Returns(true);
|
|
|
|
var requestModelCollectionIds = groupRequestModel.Collections.Select(c => c.Id).ToHashSet();
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
|
|
Arg.Is<IEnumerable<Collection>>(collections => collections.All(c => requestModelCollectionIds.Contains(c.Id))),
|
|
Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs => reqs.Contains(BulkCollectionOperations.ModifyGroupAccess)))
|
|
.Returns(AuthorizationResult.Failed());
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.Post(organization.Id, groupRequestModel));
|
|
|
|
await sutProvider.GetDependency<ICreateGroupCommand>().DidNotReceiveWithAnyArgs()
|
|
.CreateGroupAsync(default, default, default, default);
|
|
}
|
|
}
|