2018-12-18 16:33:35 +00:00
parent 077ee889eb
commit 27b77c5273
36 changed files with 10640 additions and 0 deletions
--- a/Widget/WidgetCrud.cs
+++ b/Widget/WidgetCrud.cs
@@ -0,0 +1,244 @@
+using System;
+using Xunit;
+using Newtonsoft.Json.Linq;
+using FluentAssertions;
+
+namespace raven_integration
+{
+
+    public class WidgetCrud
+    {
+
+        /// <summary>
+        /// Test all CRUD routes for a widget
+        /// </summary>       
+        [Fact]
+        public async void CRUD()
+        {
+            /*  
+            {
+                "id": 0,
+                "name": "string",
+                "dollarAmount": 0,
+                "active": true,
+                "roles": 0
+            }
+               */
+            //CREATE
+            dynamic w1 = new JObject();
+            w1.name = Util.Uniquify("First Test WIDGET");
+            w1.dollarAmount = 1.11m;
+            w1.active = true;
+            w1.roles = 0;
+            w1.notes = "The quick brown fox jumped over the six lazy dogs!";
+
+            //Tags 
+            dynamic dTagsArray = new JArray();
+            dTagsArray.Add("Red Tag");
+            dTagsArray.Add("ORANGE   IS  THE  NEW      BLACK");
+            dTagsArray.Add("yellow");
+            dTagsArray.Add("green");
+            dTagsArray.Add("blue");
+            dTagsArray.Add("indigo");
+            dTagsArray.Add("VIOLET Tag");
+            w1.tags = dTagsArray;
+
+            ApiResponse r1 = await Util.PostAsync("Widget", await Util.GetTokenAsync("manager", "l3tm3in"), w1.ToString());
+            Util.ValidateDataReturnResponseOk(r1);
+            long w1Id = r1.ObjectResponse["data"]["id"].Value<long>();
+
+            dynamic w2 = new JObject();
+            w2.name = Util.Uniquify("Second Test WIDGET");
+            w2.dollarAmount = 2.22m;
+            w2.active = true;
+            w2.roles = 0;
+            w2.notes = "What is the frequency Kenneth?";
+            w2.tags = dTagsArray;
+
+            ApiResponse r2 = await Util.PostAsync("Widget", await Util.GetTokenAsync("manager", "l3tm3in"), w2.ToString());
+            Util.ValidateDataReturnResponseOk(r2);
+            long w2Id = r2.ObjectResponse["data"]["id"].Value<long>();
+
+            //RETRIEVE
+
+            //Get one
+            ApiResponse r3 = await Util.GetAsync("Widget/" + w2Id.ToString(), await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateDataReturnResponseOk(r3);
+            r3.ObjectResponse["data"]["name"].Value<string>().Should().Be(w2.name.ToString());
+            r3.ObjectResponse["data"]["notes"].Value<string>().Should().Be(w2.notes.ToString());
+            var returnedTags = ((JArray)r3.ObjectResponse["data"]["tags"]);
+            returnedTags.Count.Should().Be(7);
+            returnedTags[0].Value<string>().Should().Be("red-tag");
+            returnedTags[1].Value<string>().Should().Be("orange-is-the-new-black");
+            returnedTags[2].Value<string>().Should().Be("yellow");
+            returnedTags[3].Value<string>().Should().Be("green");
+            returnedTags[4].Value<string>().Should().Be("blue");
+            returnedTags[5].Value<string>().Should().Be("indigo");
+            returnedTags[6].Value<string>().Should().Be("violet-tag");
+
+
+
+            //UPDATE
+            //PUT
+
+            //update w2id 
+            w2.name = Util.Uniquify("UPDATED VIA PUT SECOND TEST WIDGET");
+            w2.OwnerId = 1;
+            w2.concurrencyToken = r2.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
+            ApiResponse PUTTestResponse = await Util.PutAsync("Widget/" + w2Id.ToString(), await Util.GetTokenAsync("manager", "l3tm3in"), w2.ToString());
+            Util.ValidateHTTPStatusCode(PUTTestResponse, 200);
+
+            //check PUT worked
+            ApiResponse checkPUTWorked = await Util.GetAsync("Widget/" + w2Id.ToString(), await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateNoErrorInResponse(checkPUTWorked);
+            checkPUTWorked.ObjectResponse["data"]["name"].Value<string>().Should().Be(w2.name.ToString());
+            uint concurrencyToken = PUTTestResponse.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
+
+            //PATCH
+            var newName = Util.Uniquify("UPDATED VIA PATCH SECOND TEST WIDGET");
+            string patchJson = "[{\"value\": \"" + newName + "\",\"path\": \"/name\",\"op\": \"replace\"}]";
+            ApiResponse PATCHTestResponse = await Util.PatchAsync("Widget/" + w2Id.ToString() + "/" + concurrencyToken.ToString(), await Util.GetTokenAsync("manager", "l3tm3in"), patchJson);
+            Util.ValidateHTTPStatusCode(PATCHTestResponse, 200);
+
+            //check PATCH worked
+            ApiResponse checkPATCHWorked = await Util.GetAsync("Widget/" + w2Id.ToString(), await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateNoErrorInResponse(checkPATCHWorked);
+            checkPATCHWorked.ObjectResponse["data"]["name"].Value<string>().Should().Be(newName);
+
+            //DELETE
+            ApiResponse DELETETestResponse = await Util.DeleteAsync("Widget/" + w2Id.ToString(), await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateHTTPStatusCode(DELETETestResponse, 204);
+        }
+
+
+
+
+
+
+        /// <summary>
+        /// Test not found
+        /// </summary>       
+        [Fact]
+        public async void GetNonExistentItemShouldError()
+        {
+            //Get non existant
+            //Should return status code 404, api error code 2010
+            ApiResponse a = await Util.GetAsync("Widget/999999", await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateResponseNotFound(a);
+        }
+
+        /// <summary>
+        /// Test bad modelstate
+        /// </summary>       
+        [Fact]
+        public async void GetBadModelStateShouldError()
+        {
+            //Get non existant
+            //Should return status code 400, api error code 2200 and a first target in details of "id"
+            ApiResponse a = await Util.GetAsync("Widget/2q2", await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateBadModelStateResponse(a, "id");
+        }
+
+
+        /// <summary>
+        /// Test server exception
+        /// </summary>       
+        [Fact]
+        public async void ServerExceptionShouldErrorPropertly()
+        {
+            //Get non existant
+            //Should return status code 400, api error code 2200 and a first target in details of "id"
+            ApiResponse a = await Util.GetAsync("Widget/exception", await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateServerExceptionResponse(a);
+        }
+
+
+
+        /// <summary>
+        /// Test server alt exception
+        /// </summary>       
+        [Fact]
+        public async void ServerAltExceptionShouldErrorPropertly()
+        {
+            //Get non existant
+            //Should return status code 400, api error code 2200 and a first target in details of "id"
+            ApiResponse a = await Util.GetAsync("Widget/altexception", await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateServerExceptionResponse(a);
+        }
+
+
+
+
+        /// <summary>
+        /// 
+        /// </summary>       
+        [Fact]
+        public async void PutConcurrencyViolationShouldFail()
+        {
+
+            //CREATE
+
+            dynamic w2 = new JObject();
+            w2.name = Util.Uniquify("PutConcurrencyViolationShouldFail");
+            w2.dollarAmount = 2.22m;
+            w2.active = true;
+            w2.roles = 0;
+
+            ApiResponse r2 = await Util.PostAsync("Widget", await Util.GetTokenAsync("manager", "l3tm3in"), w2.ToString());
+            Util.ValidateDataReturnResponseOk(r2);
+            long w2Id = r2.ObjectResponse["data"]["id"].Value<long>();
+            uint OriginalConcurrencyToken = r2.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
+
+
+
+            //UPDATE
+            //PUT
+
+            w2.name = Util.Uniquify("PutConcurrencyViolationShouldFail UPDATE VIA PUT ");
+            w2.OwnerId = 1;
+            w2.concurrencyToken = OriginalConcurrencyToken - 1;//bad token
+            ApiResponse PUTTestResponse = await Util.PutAsync("Widget/" + w2Id.ToString(), await Util.GetTokenAsync("manager", "l3tm3in"), w2.ToString());
+            Util.ValidateConcurrencyError(PUTTestResponse);
+
+
+        }
+
+
+
+
+        /// <summary>
+        /// 
+        /// </summary>       
+        [Fact]
+        public async void PatchConcurrencyViolationShouldFail()
+        {
+
+            //CREATE
+
+            dynamic w2 = new JObject();
+            w2.name = Util.Uniquify("PatchConcurrencyViolationShouldFail");
+            w2.dollarAmount = 2.22m;
+            w2.active = true;
+            w2.roles = 0;
+
+            ApiResponse r2 = await Util.PostAsync("Widget", await Util.GetTokenAsync("manager", "l3tm3in"), w2.ToString());
+            Util.ValidateDataReturnResponseOk(r2);
+            long w2Id = r2.ObjectResponse["data"]["id"].Value<long>();
+            uint OriginalConcurrencyToken = r2.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
+
+
+            //PATCH
+            var newName = Util.Uniquify("PutConcurrencyViolationShouldFail UPDATED VIA PATCH");
+            string patchJson = "[{\"value\": \"" + newName + "\",\"path\": \"/name\",\"op\": \"replace\"}]";
+            ApiResponse PATCHTestResponse = await Util.PatchAsync("Widget/" + w2Id.ToString() + "/" + (OriginalConcurrencyToken - 1).ToString(), await Util.GetTokenAsync("manager", "l3tm3in"), patchJson);
+            Util.ValidateConcurrencyError(PATCHTestResponse);
+        }
+
+
+
+
+
+        //==================================================
+
+    }//eoc
+}//eons
--- a/Widget/WidgetLists.cs
+++ b/Widget/WidgetLists.cs
@@ -0,0 +1,214 @@
+using System;
+using Xunit;
+using Newtonsoft.Json.Linq;
+using FluentAssertions;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using System.Collections.Concurrent;
+
+namespace raven_integration
+{
+
+    public class WidgetLists
+    {
+
+
+
+
+        /// <summary>
+        /// 
+        /// </summary>
+        [Fact]
+        public async void WidgetPickListDefaultSortNoFilterWorks()
+        {
+            var RouteName = "Widget";//##########         
+
+            //NOW FETCH LIST WITH FILTER
+            ApiResponse a = await Util.GetAsync($"{RouteName}/picklist?Offset=0&Limit=999", await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateDataReturnResponseOk(a);
+            Util.ValidateHTTPStatusCode(a, 200);
+
+            //assert contains exactly 3 records
+            var ItemCount = ((JArray)a.ObjectResponse["data"]).Count;
+
+            for (int i = 0; i < ItemCount - 1; i++)
+            {
+                //Note it's necessary to replace the spaces because postgres thinks spaces go last and the string comparison thinks they go first
+                var firstName = a.ObjectResponse["data"][i]["name"].Value<string>().Replace(" ","");
+                var secondName = a.ObjectResponse["data"][i + 1]["name"].Value<string>().Replace(" ","");
+                int comparison = String.Compare(firstName, secondName, comparisonType: StringComparison.OrdinalIgnoreCase);
+                comparison.Should().BeNegative();
+            }
+        }
+
+
+        /// <summary>
+        /// 
+        /// </summary>
+        [Fact]
+        public async void WidgetPickListSortByFieldAscendingWorks()
+        {
+
+            var NameStart = Util.Uniquify("WidgetPickListSortByFieldAscendingWorks");
+            var RouteName = "Widget";
+
+            //CREATE 3 TEST OBJECTS TO TEST ORDER
+            long FirstInOrderId = 0;
+            long SecondInOrderId = 0;
+            long ThirdInOrderId = 0;
+
+            dynamic d = new JObject();
+            d.name = Util.Uniquify(NameStart);
+            d.startDate = DateTime.Now;
+            d.endDate = DateTime.Now.AddHours(1);
+
+            ApiResponse a = await Util.PostAsync(RouteName, await Util.GetTokenAsync("manager", "l3tm3in"), d.ToString());
+            Util.ValidateDataReturnResponseOk(a);
+            FirstInOrderId = a.ObjectResponse["data"]["id"].Value<long>();
+
+            d = new JObject();
+            d.name = Util.Uniquify(NameStart);
+            d.startDate = DateTime.Now.AddHours(1);
+            d.endDate = DateTime.Now.AddHours(2);
+            a = await Util.PostAsync(RouteName, await Util.GetTokenAsync("manager", "l3tm3in"), d.ToString());
+            Util.ValidateDataReturnResponseOk(a);
+            SecondInOrderId = a.ObjectResponse["data"]["id"].Value<long>();
+
+            d = new JObject();
+            d.name = Util.Uniquify(NameStart);
+            d.startDate = DateTime.Now.AddHours(2);
+            d.endDate = DateTime.Now.AddHours(3);
+            a = await Util.PostAsync(RouteName, await Util.GetTokenAsync("manager", "l3tm3in"), d.ToString());
+            Util.ValidateDataReturnResponseOk(a);
+            ThirdInOrderId = a.ObjectResponse["data"]["id"].Value<long>();
+
+
+            //CREATE FILTER
+            d = new JObject();
+            d.name = Util.Uniquify(NameStart);
+            d["public"] = true;
+            d.listKey = "widget";
+
+            //FILTER IN BY NAME FOR TESTING THIS RUN ONLY
+            dynamic dfilter = new JArray();
+            //name starts with filter to constrict to objects that this test block created only
+            dynamic DataFilterNameStart = new JObject();
+            DataFilterNameStart.fld = "name";
+            DataFilterNameStart.op = Util.OpStartsWith;
+            DataFilterNameStart.value = NameStart;
+            dfilter.Add(DataFilterNameStart);
+            d.filter = dfilter.ToString();
+
+            //SORT ORDER ###################
+            dynamic dsortarray = new JArray();
+            dynamic dsort = new JObject();
+            dsort.fld = "startdate";
+            dsort.dir = "+";
+            dsortarray.Add(dsort);
+            d.sort = dsortarray.ToString();
+
+            a = await Util.PostAsync("DataFilter", await Util.GetTokenAsync("manager", "l3tm3in"), d.ToString());
+            Util.ValidateDataReturnResponseOk(a);
+
+            long DataFilterId = a.ObjectResponse["data"]["id"].Value<long>();
+
+            //NOW FETCH LIST WITH FILTER
+            a = await Util.GetAsync($"{RouteName}/picklist?Offset=0&Limit=999&DataFilterId={DataFilterId.ToString()}", await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateDataReturnResponseOk(a);
+            Util.ValidateHTTPStatusCode(a, 200);
+
+            //assert contains exactly 3 records
+            ((JArray)a.ObjectResponse["data"]).Count.Should().Be(3);
+
+            //assert the order returned
+            a.ObjectResponse["data"][0]["id"].Value<long>().Should().Be(FirstInOrderId);
+            a.ObjectResponse["data"][1]["id"].Value<long>().Should().Be(SecondInOrderId);
+            a.ObjectResponse["data"][2]["id"].Value<long>().Should().Be(ThirdInOrderId);
+
+
+            a = await Util.DeleteAsync($"{RouteName}/" + FirstInOrderId.ToString(), await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateHTTPStatusCode(a, 204);
+
+            a = await Util.DeleteAsync($"{RouteName}/" + SecondInOrderId.ToString(), await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateHTTPStatusCode(a, 204);
+
+            a = await Util.DeleteAsync($"{RouteName}/" + ThirdInOrderId.ToString(), await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateHTTPStatusCode(a, 204);
+
+            //DELETE DATAFILTER
+            a = await Util.DeleteAsync("DataFilter/" + DataFilterId.ToString(), await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateHTTPStatusCode(a, 204);
+
+        }
+
+
+        /// <summary>
+        /// Paging test
+        /// </summary>       
+        [Fact]
+        public async void PagingShouldWorkAsExpected()
+        {
+            //Get all
+            ApiResponse a = await Util.GetAsync("Widget/listwidgets?Offset=2&Limit=3", await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateDataReturnResponseOk(a);
+            Util.ValidateHTTPStatusCode(a, 200);
+
+            //assert aAll contains at least two records
+            ((JArray)a.ObjectResponse["data"]).Count.Should().Be(3);
+
+            JObject jp = (JObject)a.ObjectResponse["paging"];
+            jp["count"].Value<long>().Should().BeGreaterThan(5);
+            jp["offset"].Value<int>().Should().Be(2);
+            jp["limit"].Value<int>().Should().Be(3);
+            jp["first"].Value<string>().Should().EndWith("&pageSize=3");
+            jp["previous"].Value<string>().Should().EndWith("&pageSize=3");
+            jp["next"].Value<string>().Should().EndWith("&pageSize=3");
+            jp["last"].Value<string>().Should().EndWith("&pageSize=3");
+        }
+
+
+
+
+        /// <summary>
+        /// 
+        /// </summary>       
+        [Fact]
+        public async void FilterOptionsRouteShouldWorkAsExpected()
+        {
+            //Get options with manager (english user)
+            ApiResponse a = await Util.GetAsync("Widget/FilterOptions", await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateDataReturnResponseOk(a);
+            Util.ValidateHTTPStatusCode(a, 200);
+            a.ObjectResponse["data"]["key"].Value<string>().Should().Be("widget");
+            ((JArray)a.ObjectResponse["data"]["flds"]).Count.Should().Be(10);
+
+            int DollarAmountFieldNumber = 4;
+
+            a.ObjectResponse["data"]["flds"][DollarAmountFieldNumber]["lt"].Value<string>().Should().Be("Price");
+
+            a = await Util.GetAsync("Widget/FilterOptions", await Util.GetTokenAsync("es", "es"));
+            Util.ValidateDataReturnResponseOk(a);
+            Util.ValidateHTTPStatusCode(a, 200);
+            a.ObjectResponse["data"]["flds"][DollarAmountFieldNumber]["lt"].Value<string>().Should().Be("Importe");
+
+            a = await Util.GetAsync("Widget/FilterOptions", await Util.GetTokenAsync("fr", "fr"));
+            Util.ValidateDataReturnResponseOk(a);
+            Util.ValidateHTTPStatusCode(a, 200);
+            a.ObjectResponse["data"]["flds"][DollarAmountFieldNumber]["lt"].Value<string>().Should().Be("Montant");
+
+            a = await Util.GetAsync("Widget/FilterOptions", await Util.GetTokenAsync("de", "de"));
+            Util.ValidateDataReturnResponseOk(a);
+            Util.ValidateHTTPStatusCode(a, 200);
+            a.ObjectResponse["data"]["flds"][DollarAmountFieldNumber]["lt"].Value<string>().Should().Be("Betrag");
+
+        }
+
+
+
+
+
+
+        //==================================================
+
+    }//eoc
+}//eons
--- a/Widget/WidgetRights.cs
+++ b/Widget/WidgetRights.cs
@@ -0,0 +1,261 @@
+using System;
+using Xunit;
+using Newtonsoft.Json.Linq;
+using FluentAssertions;
+using System.Collections.Generic;
+using System.Collections.Concurrent;
+
+namespace raven_integration
+{
+    // [Collection("APICOLLECTION")]
+    public class WidgetRights
+    {
+       
+
+        /// <summary>
+        /// Test not authorized error return
+        /// </summary>       
+        [Fact]
+        public async void ServerShouldNotAllowUnauthenticatedAccess()
+        {
+            ApiResponse a = await Util.GetAsync("Widget/list");
+            Util.ValidateHTTPStatusCode(a, 401);
+        }
+
+        /// <summary>
+        /// Test insufficient read rights error return
+        /// </summary>       
+        [Fact]
+        public async void ServerShouldNotAllowReadUnauthorizedAccess()
+        {
+            ApiResponse a = await Util.GetAsync("Widget/listwidgets", await Util.GetTokenAsync( "OpsAdminFull"));
+            //2004 unauthorized
+            Util.ValidateErrorCodeResponse(a, 2004, 401);
+        }
+
+
+
+        /// <summary>
+        /// Test insufficient create rights error return
+        /// </summary>       
+        [Fact]
+        public async void ServerShouldNotAllowCreateUnauthorizedAccess()
+        {
+            //CREATE
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("ServerShouldNotAllowCreateUnauthorizedAccess TEST WIDGET");
+            d.created = DateTime.Now.ToString();
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            //BizAdminLimited user should not be able to create a widget, only read them
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "BizAdminLimited"), d.ToString());
+
+            //2004 unauthorized
+            Util.ValidateErrorCodeResponse(a, 2004, 401);
+        }
+
+
+
+        /// <summary>
+        /// Test owner rights to modify
+        /// </summary>       
+        [Fact]
+        public async void ServerShouldAllowOwnerOnlyRightsUserToPatchOwn()
+        {
+
+            // TECH FULL has owner only rights to widget
+
+            //CREATE
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPatchOwn TEST WIDGET");
+            d.created = DateTime.Now.ToString();
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "TechFull"), d.ToString());
+            Util.ValidateDataReturnResponseOk(a);
+            long Id = a.ObjectResponse["data"]["id"].Value<long>();
+            uint OriginalConcurrencyToken = a.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
+
+            //Now attempt to modify it via patch
+            var newName = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPatchOwn - UPDATED TEST WIDGET");
+            string patchJson = "[{\"value\": \"" + newName + "\",\"path\": \"/name\",\"op\": \"replace\"}]";
+            a = await Util.PatchAsync("Widget/" + Id.ToString() + "/" + OriginalConcurrencyToken.ToString(), await Util.GetTokenAsync( "TechFull"), patchJson);
+            Util.ValidateHTTPStatusCode(a, 200);
+        }
+
+
+        /// <summary>
+        /// Test owner rights fails to modify other creator object
+        /// </summary>       
+        [Fact]
+        public async void ServerShouldDisAllowOwnerOnlyRightsUserToPatchNonOwned()
+        {
+            // TECH FULL has owner only rights to widget
+            //INVENTORY FULL has full rights to widget
+
+            //CREATE
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPatchNonOwned TEST WIDGET");
+            d.created = DateTime.Now.ToString();
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            //create via inventory full test user
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "InventoryFull"), d.ToString());
+            Util.ValidateDataReturnResponseOk(a);
+            long Id = a.ObjectResponse["data"]["id"].Value<long>();
+            uint OriginalConcurrencyToken = a.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
+
+            //Now TechFullAuthToken attempt to modify it via patch
+            var newName = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPatchNonOwned - UPDATED TEST WIDGETB");
+            string patchJson = "[{\"value\": \"" + newName + "\",\"path\": \"/name\",\"op\": \"replace\"}]";
+            a = await Util.PatchAsync("Widget/" + Id.ToString() + "/" + OriginalConcurrencyToken.ToString(), await Util.GetTokenAsync( "TechFull"), patchJson);
+            //2004 unauthorized expected
+            Util.ValidateErrorCodeResponse(a, 2004, 401);
+
+
+        }
+
+
+
+
+
+        /// <summary>
+        /// Test owner rights to modify
+        /// </summary>       
+        [Fact]
+        public async void ServerShouldAllowOwnerOnlyRightsUserToPutOwn()
+        {
+
+            // TECH FULL has owner only rights to widget
+
+            //CREATE
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPutOwn TEST WIDGET");
+            d.created = DateTime.Now.ToString();
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "TechFull"), d.ToString());
+            Util.ValidateDataReturnResponseOk(a);
+            long Id = a.ObjectResponse["data"]["id"].Value<long>();
+            uint OriginalConcurrencyToken = a.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
+
+            //Now attempt to modify it via patch
+            var newName = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPutOwn - UPDATED TEST WIDGET");
+            d.OwnerId = 1;
+            d.name = newName;
+            d.concurrencyToken = OriginalConcurrencyToken;
+
+            a = await Util.PutAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"), d.ToString());
+            Util.ValidateHTTPStatusCode(a, 200);
+        }
+
+
+        /// <summary>
+        /// Test owner rights fails to modify other creator object
+        /// </summary>       
+        [Fact]
+        public async void ServerShouldDisAllowOwnerOnlyRightsUserToPutNonOwned()
+        {
+            // TECH FULL has owner only rights to widget
+            //INVENTORY FULL has full rights to widget
+
+            //CREATE
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPutNonOwned TEST WIDGET");
+            d.created = DateTime.Now.ToString();
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            //create via inventory full test user
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "InventoryFull"), d.ToString());
+            Util.ValidateDataReturnResponseOk(a);
+            long Id = a.ObjectResponse["data"]["id"].Value<long>();
+
+            //Now TechFullAuthToken attempt to modify it via patch
+            var newName = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPutNonOwned - UPDATED TEST WIDGET");
+            d.name = newName;
+            a = await Util.PutAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"), d.ToString());
+            //2004 unauthorized expected
+            Util.ValidateErrorCodeResponse(a, 2004, 401);
+
+
+        }
+
+
+
+        /// <summary>
+        /// Test owner rights to delete
+        /// </summary>       
+        [Fact]
+        public async void ServerShouldAllowOwnerOnlyRightsUserToDelete()
+        {
+
+            // TECH FULL has owner only rights to widget
+
+            //CREATE
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToDelete TEST WIDGET");
+            d.created = DateTime.Now.ToString();
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "TechFull"), d.ToString());
+            Util.ValidateDataReturnResponseOk(a);
+            long Id = a.ObjectResponse["data"]["id"].Value<long>();
+
+            //Now attempt to delete it
+            a = await Util.DeleteAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"));
+            Util.ValidateHTTPStatusCode(a, 204);
+        }
+
+
+
+
+        /// <summary>
+        /// Test owner rights fails to delete other creator object
+        /// </summary>       
+        [Fact]
+        public async void ServerShouldDisAllowOwnerOnlyRightsUserToDeleteNonOwned()
+        {
+            // TECH FULL has owner only rights to widget
+            //INVENTORY FULL has full rights to widget
+
+            //CREATE
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToDeleteNonOwned TEST WIDGET");
+            d.created = DateTime.Now.ToString();
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            //create via inventory full test user
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "InventoryFull"), d.ToString());
+            Util.ValidateDataReturnResponseOk(a);
+            long Id = a.ObjectResponse["data"]["id"].Value<long>();
+
+            //Now attempt delete
+            a = await Util.DeleteAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"));
+            //2004 unauthorized expected
+            Util.ValidateErrorCodeResponse(a, 2004, 401);
+
+
+        }
+
+
+
+
+
+        //==================================================
+
+    }//eoc
+}//eons
--- a/Widget/WidgetValidationTests.cs
+++ b/Widget/WidgetValidationTests.cs
@@ -0,0 +1,232 @@
+using System;
+using Xunit;
+using Newtonsoft.Json.Linq;
+using FluentAssertions;
+using System.Collections.Generic;
+using System.Collections.Concurrent;
+
+namespace raven_integration
+{
+    public class WidgetValidationTest
+    {
+
+
+        // /// <summary>
+        // /// Test business rule should be active on new
+        // /// </summary>       
+        // [Fact]
+        // public async void BusinessRuleNewShouldBeActiveShouldWork()
+        // {
+        //     //CREATE attempt with broken rules
+        //     dynamic d = new JObject();
+        //     d.name = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToDeleteNonOwned TEST WIDGET");
+        //     d.created = DateTime.Now.ToString();
+        //     d.dollarAmount = 1.11m;
+        //     d.active = false;//<--- BROKEN RULE new widget must be active = true!!
+        //     d.roles = 0;
+
+        //     //create via inventory full test user
+        //     ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync("InventoryFull"), d.ToString());
+
+        //     Util.ValidateErrorCodeResponse(a, 2200, 400);
+        //     Util.ShouldContainValidationError(a, "Active", "InvalidValue");
+
+        // }
+
+
+
+
+        /// <summary>
+        /// Test business rule name should be unique
+        /// </summary>       
+        [Fact]
+        public async void BusinessRuleNameMustBeUnique()
+        {
+            //CREATE attempt with broken rules
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("BusinessRuleNameMustBeUnique TEST WIDGET");
+            d.created = DateTime.Now.ToString();
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            //create via inventory full test user
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync("InventoryFull"), d.ToString());
+            Util.ValidateDataReturnResponseOk(a);
+
+            //Now try to create again with same name
+            a = await Util.PostAsync("Widget", await Util.GetTokenAsync("InventoryFull"), d.ToString());
+
+            //2002 in-valid expected
+            Util.ValidateErrorCodeResponse(a, 2200, 400);
+            Util.ShouldContainValidationError(a, "Name", "NotUnique");
+
+        }
+
+
+
+        /// <summary>
+        /// 
+        /// </summary>       
+        [Fact]
+        public async void BusinessRuleNameRequired()
+        {
+
+            dynamic d = new JObject();
+            d.name = "";
+            d.created = DateTime.Now.ToString();
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            //create via inventory full test user
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync("InventoryFull"), d.ToString());
+
+
+            //2002 in-valid expected
+            Util.ValidateErrorCodeResponse(a, 2200, 400);
+            Util.ShouldContainValidationError(a, "Name", "RequiredPropertyEmpty");
+
+        }
+
+        /// <summary>
+        /// 
+        /// </summary>       
+        [Fact]
+        public async void BusinessRuleNameLengthExceeded()
+        {
+
+            dynamic d = new JObject();
+            d.name = new string('A', 256); ;
+            d.created = DateTime.Now.ToString();
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            //create via inventory full test user
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync("InventoryFull"), d.ToString());
+
+
+            //2002 in-valid expected
+            Util.ValidateErrorCodeResponse(a, 2200, 400);
+            Util.ShouldContainValidationError(a, "Name", "LengthExceeded", "255 max");
+
+        }
+
+
+
+
+        /// <summary>
+        /// 
+        /// </summary>       
+        [Fact]
+        public async void BusinessRuleStartDateWithoutEndDateShouldError()
+        {
+
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("BusinessRuleStartDateWithoutEndDateShouldError TEST");
+            d.created = DateTime.Now.ToString();
+            d.startDate = d.created;
+            //NO END DATE ERRROR
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            //create via inventory full test user
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync("InventoryFull"), d.ToString());
+
+
+            //2002 in-valid expected
+            Util.ValidateErrorCodeResponse(a, 2200, 400);
+            Util.ShouldContainValidationError(a, "EndDate", "RequiredPropertyEmpty");
+
+        }
+
+
+
+        /// <summary>
+        /// 
+        /// </summary>       
+        [Fact]
+        public async void BusinessRuleEndDateWithoutStartDateShouldError()
+        {
+
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("BusinessRuleEndDateWithoutStartDateShouldError TEST");
+            d.created = DateTime.Now.ToString();
+            d.endDate = d.created;
+            //NO START DATE ERRROR
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            //create via inventory full test user
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync("InventoryFull"), d.ToString());
+
+
+            //2002 in-valid expected
+            Util.ValidateErrorCodeResponse(a, 2200, 400);
+            Util.ShouldContainValidationError(a, "StartDate", "RequiredPropertyEmpty");
+
+        }
+
+
+        /// <summary>
+        /// 
+        /// </summary>       
+        [Fact]
+        public async void BusinessRuleEndDateBeforeStartDateShouldError()
+        {
+
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("BusinessRuleEndDateBeforeStartDateShouldError TEST");
+            d.created = DateTime.Now.ToString();
+            d.startDate = DateTime.Now.ToString();
+            d.endDate = DateTime.Now.AddHours(-1).ToString();
+            //NO START DATE ERRROR
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 0;
+
+            //create via inventory full test user
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync("InventoryFull"), d.ToString());
+
+
+            //2002 in-valid expected
+            Util.ValidateErrorCodeResponse(a, 2200, 400);
+            Util.ShouldContainValidationError(a, "StartDate", "StartDateMustComeBeforeEndDate");
+
+        }
+
+
+
+        /// <summary>
+        /// 
+        /// </summary>       
+        [Fact]
+        public async void BusinessRuleEnumInvalidShouldError()
+        {
+
+            dynamic d = new JObject();
+            d.name = Util.Uniquify("BusinessRuleEnumInvalidShouldError TEST");
+            d.created = DateTime.Now.ToString();
+
+            //NO END DATE ERRROR
+            d.dollarAmount = 1.11m;
+            d.active = true;
+            d.roles = 99999;//<---BAD ROLE VALUE
+
+            //create via inventory full test user
+            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync("InventoryFull"), d.ToString());
+
+
+            //2002 in-valid expected
+            Util.ValidateErrorCodeResponse(a, 2200, 400);
+            Util.ShouldContainValidationError(a, "Roles", "InvalidValue");
+
+        }
+
+        //==================================================
+
+    }//eoc
+}//eons