admin/raven-test-integration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2019-05-16 23:23:19 +00:00
parent 5d0cc97f32
commit 55078e19fc
1 changed files with 2 additions and 194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

196
Widget/WidgetRights.cs
View File

@@ -58,210 +58,18 @@ namespace raven_integration
/// <summary>
/// Test owner rights to modify
/// </summary>
[Fact]
public async void ServerShouldAllowOwnerOnlyRightsUserToPatchOwn()
{
// TECH FULL has owner only rights to widget
//CREATE
dynamic d = new JObject();
d.name = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPatchOwn TEST WIDGET");
d.notes="blah";
d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
d.created = DateTime.Now.ToString();
d.dollarAmount = 1.11m;
d.active = true;
d.roles = 0;
ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "TechFull"), d.ToString());
Util.ValidateDataReturnResponseOk(a);
long Id = a.ObjectResponse["data"]["id"].Value<long>();
uint OriginalConcurrencyToken = a.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
//Now attempt to modify it via patch
var newName = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPatchOwn - UPDATED TEST WIDGET");
string patchJson = "[{\"value\": \"" + newName + "\",\"path\": \"/name\",\"op\": \"replace\"}]";
a = await Util.PatchAsync("Widget/" + Id.ToString() + "/" + OriginalConcurrencyToken.ToString(), await Util.GetTokenAsync( "TechFull"), patchJson);
Util.ValidateHTTPStatusCode(a, 200);
}
/// <summary>
/// Test owner rights fails to modify other creator object
/// </summary>
[Fact]
public async void ServerShouldDisAllowOwnerOnlyRightsUserToPatchNonOwned()
{
// TECH FULL has owner only rights to widget
//INVENTORY FULL has full rights to widget
//CREATE
dynamic d = new JObject();
d.name = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPatchNonOwned TEST WIDGET");
d.notes="blah";
d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
d.created = DateTime.Now.ToString();
d.dollarAmount = 1.11m;
d.active = true;
d.roles = 0;
//create via inventory full test user
ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "InventoryFull"), d.ToString());
Util.ValidateDataReturnResponseOk(a);
long Id = a.ObjectResponse["data"]["id"].Value<long>();
uint OriginalConcurrencyToken = a.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
//Now TechFullAuthToken attempt to modify it via patch
var newName = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPatchNonOwned - UPDATED TEST WIDGETB");
string patchJson = "[{\"value\": \"" + newName + "\",\"path\": \"/name\",\"op\": \"replace\"}]";
a = await Util.PatchAsync("Widget/" + Id.ToString() + "/" + OriginalConcurrencyToken.ToString(), await Util.GetTokenAsync( "TechFull"), patchJson);
//2004 unauthorized expected
Util.ValidateErrorCodeResponse(a, 2004, 403);
}
/// <summary>
/// Test owner rights to modify
/// </summary>
[Fact]
public async void ServerShouldAllowOwnerOnlyRightsUserToPutOwn()
{
// TECH FULL has owner only rights to widget
//CREATE
dynamic d = new JObject();
d.name = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPutOwn TEST WIDGET");
d.notes="blah";
d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
d.created = DateTime.Now.ToString();
d.dollarAmount = 1.11m;
d.active = true;
d.roles = 0;
ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "TechFull"), d.ToString());
Util.ValidateDataReturnResponseOk(a);
long Id = a.ObjectResponse["data"]["id"].Value<long>();
uint OriginalConcurrencyToken = a.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
//Now attempt to modify it via patch
var newName = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPutOwn - UPDATED TEST WIDGET");
d.OwnerId = 1;
d.name = newName;
d.concurrencyToken = OriginalConcurrencyToken;
a = await Util.PutAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"), d.ToString());
Util.ValidateHTTPStatusCode(a, 200);
}
/// <summary>
/// Test owner rights fails to modify other creator object
/// </summary>
[Fact]
public async void ServerShouldDisAllowOwnerOnlyRightsUserToPutNonOwned()
{
// TECH FULL has owner only rights to widget
//INVENTORY FULL has full rights to widget
//CREATE
dynamic d = new JObject();
d.name = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPutNonOwned TEST WIDGET");
d.notes="blah";
d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
d.created = DateTime.Now.ToString();
d.dollarAmount = 1.11m;
d.active = true;
d.roles = 0;
//create via inventory full test user
ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "InventoryFull"), d.ToString());
Util.ValidateDataReturnResponseOk(a);
long Id = a.ObjectResponse["data"]["id"].Value<long>();
//Now TechFullAuthToken attempt to modify it via patch
var newName = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPutNonOwned - UPDATED TEST WIDGET");
d.name = newName;
a = await Util.PutAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"), d.ToString());
//2004 unauthorized expected
Util.ValidateErrorCodeResponse(a, 2004, 403);
}
/// <summary>
/// Test owner rights to delete
/// </summary>
[Fact]
public async void ServerShouldAllowOwnerOnlyRightsUserToDelete()
{
// TECH FULL has owner only rights to widget
//CREATE
dynamic d = new JObject();
d.name = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToDelete TEST WIDGET");
d.notes="blah";
d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
d.created = DateTime.Now.ToString();
d.dollarAmount = 1.11m;
d.active = true;
d.roles = 0;
ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "TechFull"), d.ToString());
Util.ValidateDataReturnResponseOk(a);
long Id = a.ObjectResponse["data"]["id"].Value<long>();
//Now attempt to delete it
a = await Util.DeleteAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"));
Util.ValidateHTTPStatusCode(a, 204);
}
/// <summary>
/// Test owner rights fails to delete other creator object
/// </summary>
[Fact]
public async void ServerShouldDisAllowOwnerOnlyRightsUserToDeleteNonOwned()
{
// TECH FULL has owner only rights to widget
//INVENTORY FULL has full rights to widget
//CREATE
dynamic d = new JObject();
d.name = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToDeleteNonOwned TEST WIDGET");
d.notes="blah";
d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
d.created = DateTime.Now.ToString();
d.dollarAmount = 1.11m;
d.active = true;
d.roles = 0;
//create via inventory full test user
ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "InventoryFull"), d.ToString());
Util.ValidateDataReturnResponseOk(a);
long Id = a.ObjectResponse["data"]["id"].Value<long>();
//Now attempt delete
a = await Util.DeleteAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"));
//2004 unauthorized expected
Util.ValidateErrorCodeResponse(a, 2004, 403);
}