73 lines
2.2 KiB
C#
73 lines
2.2 KiB
C#
using BuildingBlock.Identity.Contracts.Requests;
|
|
using BuildingBlock.Identity.Contracts.Conventions;
|
|
using Thalos.Domain.Contracts;
|
|
using Thalos.Domain.Decisions;
|
|
|
|
namespace Thalos.Domain.UnitTests;
|
|
|
|
public class IdentityPolicyDecisionServiceTests
|
|
{
|
|
[Fact]
|
|
public void Evaluate_WhenPermissionMatchedAndContextSatisfied_ReturnsAllowed()
|
|
{
|
|
var service = new IdentityPolicyDecisionService();
|
|
var request = new EvaluateIdentityPolicyRequest(
|
|
"user-1",
|
|
"tenant-1",
|
|
"identity.token.issue",
|
|
IdentityAuthProvider.InternalJwt);
|
|
var context = new IdentityPolicyContextData(
|
|
request.SubjectId,
|
|
request.PermissionCode,
|
|
request.Provider,
|
|
true,
|
|
["identity.token.issue", "identity.policy.evaluate"]);
|
|
|
|
var response = service.Evaluate(request, context);
|
|
|
|
Assert.True(response.IsAllowed);
|
|
}
|
|
|
|
[Fact]
|
|
public void Evaluate_WhenPermissionMissing_ReturnsDenied()
|
|
{
|
|
var service = new IdentityPolicyDecisionService();
|
|
var request = new EvaluateIdentityPolicyRequest(
|
|
"user-1",
|
|
"tenant-1",
|
|
"identity.token.issue",
|
|
IdentityAuthProvider.InternalJwt);
|
|
var context = new IdentityPolicyContextData(
|
|
request.SubjectId,
|
|
request.PermissionCode,
|
|
request.Provider,
|
|
true,
|
|
["identity.read"]);
|
|
|
|
var response = service.Evaluate(request, context);
|
|
|
|
Assert.False(response.IsAllowed);
|
|
}
|
|
|
|
[Fact]
|
|
public void Evaluate_WhenProviderIsExternalAndPermissionPrefixInvalid_ReturnsDenied()
|
|
{
|
|
var service = new IdentityPolicyDecisionService();
|
|
var request = new EvaluateIdentityPolicyRequest(
|
|
"user-2",
|
|
"tenant-2",
|
|
"catalog.read",
|
|
IdentityAuthProvider.AzureAd);
|
|
var context = new IdentityPolicyContextData(
|
|
request.SubjectId,
|
|
request.PermissionCode,
|
|
request.Provider,
|
|
true,
|
|
["catalog.read"]);
|
|
|
|
var response = service.Evaluate(request, context);
|
|
|
|
Assert.False(response.IsAllowed);
|
|
}
|
|
}
|