From 55078e19fc57f7fabf684fb8be6d3657f1d6eadb Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Thu, 16 May 2019 23:23:19 +0000
Subject: [PATCH]

---
 Widget/WidgetRights.cs | 196 +----------------------------------------
 1 file changed, 2 insertions(+), 194 deletions(-)
diff --git a/Widget/WidgetRights.cs b/Widget/WidgetRights.cs
index d5ff570..6b7ce93 100644
--- a/Widget/WidgetRights.cs
+++ b/Widget/WidgetRights.cs
@@ -58,210 +58,18 @@ namespace raven_integration
 
 
 
-        /// <summary>
-        /// Test owner rights to modify
-        /// </summary>       
-        [Fact]
-        public async void ServerShouldAllowOwnerOnlyRightsUserToPatchOwn()
-        {
-
-            // TECH FULL has owner only rights to widget
-
-            //CREATE
-            dynamic d = new JObject();
-            d.name = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPatchOwn TEST WIDGET");
-            d.notes="blah";
-            d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
-            d.created = DateTime.Now.ToString();
-            d.dollarAmount = 1.11m;
-            d.active = true;
-            d.roles = 0;
-
-            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "TechFull"), d.ToString());
-            Util.ValidateDataReturnResponseOk(a);
-            long Id = a.ObjectResponse["data"]["id"].Value<long>();
-            uint OriginalConcurrencyToken = a.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
-
-            //Now attempt to modify it via patch
-            var newName = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPatchOwn - UPDATED TEST WIDGET");
-            string patchJson = "[{\"value\": \"" + newName + "\",\"path\": \"/name\",\"op\": \"replace\"}]";
-            a = await Util.PatchAsync("Widget/" + Id.ToString() + "/" + OriginalConcurrencyToken.ToString(), await Util.GetTokenAsync( "TechFull"), patchJson);
-            Util.ValidateHTTPStatusCode(a, 200);
-        }
 
 
-        /// <summary>
-        /// Test owner rights fails to modify other creator object
-        /// </summary>       
-        [Fact]
-        public async void ServerShouldDisAllowOwnerOnlyRightsUserToPatchNonOwned()
-        {
-            // TECH FULL has owner only rights to widget
-            //INVENTORY FULL has full rights to widget
-
-            //CREATE
-            dynamic d = new JObject();
-            d.name = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPatchNonOwned TEST WIDGET");
-            d.notes="blah";
-            d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
-            d.created = DateTime.Now.ToString();
-            d.dollarAmount = 1.11m;
-            d.active = true;
-            d.roles = 0;
-
-            //create via inventory full test user
-            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "InventoryFull"), d.ToString());
-            Util.ValidateDataReturnResponseOk(a);
-            long Id = a.ObjectResponse["data"]["id"].Value<long>();
-            uint OriginalConcurrencyToken = a.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
-
-            //Now TechFullAuthToken attempt to modify it via patch
-            var newName = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPatchNonOwned - UPDATED TEST WIDGETB");
-            string patchJson = "[{\"value\": \"" + newName + "\",\"path\": \"/name\",\"op\": \"replace\"}]";
-            a = await Util.PatchAsync("Widget/" + Id.ToString() + "/" + OriginalConcurrencyToken.ToString(), await Util.GetTokenAsync( "TechFull"), patchJson);
-            //2004 unauthorized expected
-            Util.ValidateErrorCodeResponse(a, 2004, 403);
-
-
-        }
+ 
 
 
 
 
 
-        /// <summary>
-        /// Test owner rights to modify
-        /// </summary>       
-        [Fact]
-        public async void ServerShouldAllowOwnerOnlyRightsUserToPutOwn()
-        {
-
-            // TECH FULL has owner only rights to widget
-
-            //CREATE
-            dynamic d = new JObject();
-            d.name = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPutOwn TEST WIDGET");
-            d.notes="blah";
-            d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
-            d.created = DateTime.Now.ToString();
-            d.dollarAmount = 1.11m;
-            d.active = true;
-            d.roles = 0;
-
-            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "TechFull"), d.ToString());
-            Util.ValidateDataReturnResponseOk(a);
-            long Id = a.ObjectResponse["data"]["id"].Value<long>();
-            uint OriginalConcurrencyToken = a.ObjectResponse["data"]["concurrencyToken"].Value<uint>();
-
-            //Now attempt to modify it via patch
-            var newName = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToPutOwn - UPDATED TEST WIDGET");
-            d.OwnerId = 1;
-            d.name = newName;
-            d.concurrencyToken = OriginalConcurrencyToken;
-
-            a = await Util.PutAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"), d.ToString());
-            Util.ValidateHTTPStatusCode(a, 200);
-        }
-
-
-        /// <summary>
-        /// Test owner rights fails to modify other creator object
-        /// </summary>       
-        [Fact]
-        public async void ServerShouldDisAllowOwnerOnlyRightsUserToPutNonOwned()
-        {
-            // TECH FULL has owner only rights to widget
-            //INVENTORY FULL has full rights to widget
-
-            //CREATE
-            dynamic d = new JObject();
-            d.name = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPutNonOwned TEST WIDGET");
-            d.notes="blah";
-            d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
-            d.created = DateTime.Now.ToString();
-            d.dollarAmount = 1.11m;
-            d.active = true;
-            d.roles = 0;
-
-            //create via inventory full test user
-            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "InventoryFull"), d.ToString());
-            Util.ValidateDataReturnResponseOk(a);
-            long Id = a.ObjectResponse["data"]["id"].Value<long>();
-
-            //Now TechFullAuthToken attempt to modify it via patch
-            var newName = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToPutNonOwned - UPDATED TEST WIDGET");
-            d.name = newName;
-            a = await Util.PutAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"), d.ToString());
-            //2004 unauthorized expected
-            Util.ValidateErrorCodeResponse(a, 2004, 403);
-
-
-        }
+       
 
 
 
-        /// <summary>
-        /// Test owner rights to delete
-        /// </summary>       
-        [Fact]
-        public async void ServerShouldAllowOwnerOnlyRightsUserToDelete()
-        {
-
-            // TECH FULL has owner only rights to widget
-
-            //CREATE
-            dynamic d = new JObject();
-            d.name = Util.Uniquify("ServerShouldAllowOwnerOnlyRightsUserToDelete TEST WIDGET");
-            d.notes="blah";
-            d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
-            d.created = DateTime.Now.ToString();
-            d.dollarAmount = 1.11m;
-            d.active = true;
-            d.roles = 0;
-
-            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "TechFull"), d.ToString());
-            Util.ValidateDataReturnResponseOk(a);
-            long Id = a.ObjectResponse["data"]["id"].Value<long>();
-
-            //Now attempt to delete it
-            a = await Util.DeleteAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"));
-            Util.ValidateHTTPStatusCode(a, 204);
-        }
-
-
-
-
-        /// <summary>
-        /// Test owner rights fails to delete other creator object
-        /// </summary>       
-        [Fact]
-        public async void ServerShouldDisAllowOwnerOnlyRightsUserToDeleteNonOwned()
-        {
-            // TECH FULL has owner only rights to widget
-            //INVENTORY FULL has full rights to widget
-
-            //CREATE
-            dynamic d = new JObject();
-            d.name = Util.Uniquify("ServerShouldDisAllowOwnerOnlyRightsUserToDeleteNonOwned TEST WIDGET");
-            d.notes="blah";
-            d.customFields = Util.GenerateCustomFieldsJsonString("Meh1");
-            d.created = DateTime.Now.ToString();
-            d.dollarAmount = 1.11m;
-            d.active = true;
-            d.roles = 0;
-
-            //create via inventory full test user
-            ApiResponse a = await Util.PostAsync("Widget", await Util.GetTokenAsync( "InventoryFull"), d.ToString());
-            Util.ValidateDataReturnResponseOk(a);
-            long Id = a.ObjectResponse["data"]["id"].Value<long>();
-
-            //Now attempt delete
-            a = await Util.DeleteAsync("Widget/" + Id.ToString(), await Util.GetTokenAsync( "TechFull"));
-            //2004 unauthorized expected
-            Util.ValidateErrorCodeResponse(a, 2004, 403);
-
-
-        }
 
 
 
