Add unit tests for ResourcePermissionChecker

3 months ago · 75230d9055
2 changed files with 149 additions and 0 deletions
--- a/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/ResourcePermissionChecker_Basic_Tests.cs
+++ b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/ResourcePermissionChecker_Basic_Tests.cs
@ -0,0 +1,28 @@
+using System.Threading.Tasks;
+using Shouldly;
+using Volo.Abp.Authorization.Permissions.Resources;
+using Xunit;
+
+namespace Volo.Abp.PermissionManagement;
+
+public class ResourcePermissionChecker_Basic_Tests : PermissionTestBase
+{
+    private readonly IResourcePermissionChecker _resourcePermissionChecker;
+
+    public ResourcePermissionChecker_Basic_Tests()
+    {
+        _resourcePermissionChecker = GetRequiredService<IResourcePermissionChecker>();
+    }
+
+    [Fact]
+    public async Task Should_Return_Prohibited_If_Permission_Is_Not_Defined()
+    {
+        (await _resourcePermissionChecker.IsGrantedAsync(TestEntityResource.ResourceName, TestEntityResource.ResourceKey1,"UndefinedResourcePermissionName")).ShouldBeFalse();
+    }
+
+    [Fact]
+    public async Task Should_Return_False_As_Default_For_Any_Permission()
+    {
+        (await _resourcePermissionChecker.IsGrantedAsync(TestEntityResource.ResourceName, TestEntityResource.ResourceKey1,"MyPermission1")).ShouldBeFalse();
+    }
+}
--- a/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/ResourcePermissionChecker_User_Tests.cs
+++ b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/ResourcePermissionChecker_User_Tests.cs
@ -0,0 +1,121 @@
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Shouldly;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.Authorization.Permissions.Resources;
+using Volo.Abp.Security.Claims;
+using Xunit;
+
+namespace Volo.Abp.PermissionManagement;
+
+public class ResourcePermissionChecker_User_Tests : PermissionTestBase
+{
+    private readonly IResourcePermissionChecker _resourcePermissionChecker;
+    private readonly ICurrentPrincipalAccessor _currentPrincipalAccessor;
+
+    public ResourcePermissionChecker_User_Tests()
+    {
+        _resourcePermissionChecker = GetRequiredService<IResourcePermissionChecker>();
+        _currentPrincipalAccessor = GetRequiredService<ICurrentPrincipalAccessor>();
+    }
+
+    [Fact]
+    public async Task Should_Return_True_For_Granted_Current_User()
+    {
+        (await _resourcePermissionChecker.IsGrantedAsync(
+            CreatePrincipal(PermissionTestDataBuilder.User1Id),
+            "MyResourcePermission1",
+            TestEntityResource.ResourceName,
+            TestEntityResource.ResourceKey1
+        )).ShouldBeTrue();
+    }
+
+    [Fact]
+    public async Task Should_Return_False_For_Non_Granted_Current_User()
+    {
+        (await _resourcePermissionChecker.IsGrantedAsync(
+            CreatePrincipal(PermissionTestDataBuilder.User2Id),
+            "MyResourcePermission1",
+            TestEntityResource.ResourceName,
+            TestEntityResource.ResourceKey1
+        )).ShouldBeFalse();
+    }
+
+
+    [Fact]
+    public async Task Should_Return_False_For_Granted_Current_User_If_The_Permission_Is_Disabled()
+    {
+        //Disabled permissions always returns false!
+        (await _resourcePermissionChecker.IsGrantedAsync(
+            CreatePrincipal(PermissionTestDataBuilder.User1Id),
+            "MyDisabledPermission1",
+            TestEntityResource.ResourceName,
+            TestEntityResource.ResourceKey1
+        )).ShouldBeFalse();
+    }
+
+    [Fact]
+    public async Task Should_Return_False_For_Current_User_If_Anonymous()
+    {
+        (await _resourcePermissionChecker.IsGrantedAsync(
+            CreatePrincipal(null),
+            "MyResourcePermission1",
+            TestEntityResource.ResourceName,
+            TestEntityResource.ResourceKey1
+        )).ShouldBeFalse();
+    }
+
+    [Fact]
+    public async Task Should_Not_Allow_Host_Permission_To_Tenant_User_Even_Granted_Before()
+    {
+        (await _resourcePermissionChecker.IsGrantedAsync(
+            CreatePrincipal(PermissionTestDataBuilder.User1Id, Guid.NewGuid()),
+            "MyResourcePermission3",
+            TestEntityResource.ResourceName,
+            TestEntityResource.ResourceKey3
+        )).ShouldBeFalse();
+    }
+
+    [Fact]
+    public async Task Should_Return_False_For_Granted_Current_User_If_The_Permission_State_Is_Disabled()
+    {
+        (await _resourcePermissionChecker.IsGrantedAsync(
+            CreatePrincipal(PermissionTestDataBuilder.User1Id, Guid.NewGuid()),
+            "MyResourcePermission5",
+            TestEntityResource.ResourceName,
+            TestEntityResource.ResourceKey5
+        )).ShouldBeFalse();
+    }
+
+    [Fact]
+    public async Task Should_Return_True_For_Granted_Current_User_If_The_Permission_State_Is_Enabled()
+    {
+        using (_currentPrincipalAccessor.Change(new Claim(AbpClaimTypes.Role, "super-admin")))
+        {
+            (await _resourcePermissionChecker.IsGrantedAsync(
+                CreatePrincipal(PermissionTestDataBuilder.User1Id, Guid.NewGuid()),
+                "MyResourcePermission5",
+                TestEntityResource.ResourceName,
+                TestEntityResource.ResourceKey5
+            )).ShouldBeTrue();
+        }
+    }
+
+    private static ClaimsPrincipal CreatePrincipal(Guid? userId, Guid? tenantId = null)
+    {
+        var claimsIdentity = new ClaimsIdentity();
+
+        if (userId != null)
+        {
+            claimsIdentity.AddClaim(new Claim(AbpClaimTypes.UserId, userId.ToString()));
+        }
+
+        if (tenantId != null)
+        {
+            claimsIdentity.AddClaim(new Claim(AbpClaimTypes.TenantId, tenantId.ToString()));
+        }
+
+        return new ClaimsPrincipal(claimsIdentity);
+    }
+}