Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add tighter control on project owner management #3194

Merged
merged 12 commits into from
Oct 7, 2024
Merged

Add tighter control on project owner management #3194

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
7855398
[UserRoleController] Add function for changing project owner
imnasnainaec Jun 28, 2024
1b49fc6
Add owner safeguards to other functions
imnasnainaec Jun 28, 2024
76a54ff
Implement new SetOwner function in frontend
imnasnainaec Jun 28, 2024
ad52219
Merge branch 'master' into owner
imnasnainaec Jun 28, 2024
941166a
Merge branch 'master' into owner
imnasnainaec Jul 1, 2024
5527f14
Update names, tests; Add missing role change
imnasnainaec Jul 1, 2024
08dda8c
Merge branch 'master' into owner
imnasnainaec Jul 1, 2024
167a984
Merge branch 'master' into owner
imnasnainaec Aug 22, 2024
7df9ccc
Merge branch 'master' into owner
imnasnainaec Aug 26, 2024
8725691
Merge branch 'master' into owner
imnasnainaec Sep 24, 2024
24a1e8d
Merge branch 'master' into owner
imnasnainaec Sep 30, 2024
56056e0
Merge branch 'master' into owner
imnasnainaec Oct 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
193 changes: 166 additions & 27 deletions Backend.Tests/Controllers/UserRoleControllerTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,12 @@ public async Task Setup()
_projId = (await _projRepo.Create(new Project { Name = "UserRoleControllerTests" }))!.Id;
}

private UserRole RandomUserRole(Role role = Role.Harvester)
private ProjectRole ProjectRoleInProj(Role role = Role.Harvester)
{
return new ProjectRole { ProjectId = _projId, Role = role };
}

private UserRole UserRoleInProj(Role role = Role.Harvester)
{
return new UserRole { ProjectId = _projId, Role = role };
}
Expand All @@ -59,7 +64,7 @@ public async Task TestGetAllUserRoles()
var roles = new List<Role> { Role.Harvester, Role.Editor, Role.Administrator };
foreach (var role in roles)
{
await _userRoleRepo.Create(RandomUserRole(role));
await _userRoleRepo.Create(UserRoleInProj(role));
}

var getResult = await _userRoleController.GetProjectUserRoles(_projId);
Expand Down Expand Up @@ -97,14 +102,14 @@ public async Task TestHasPermissionNotAuthorized()
[Test]
public async Task TestGetCurrentPermissions()
{
var userRole = await _userRoleRepo.Create(RandomUserRole());
var userRole = await _userRoleRepo.Create(UserRoleInProj());
var user = await _userRepo.Create(new User());
_userRoleController.ControllerContext.HttpContext = PermissionServiceMock.HttpContextWithUserId(user!.Id);
user.ProjectRoles[_projId] = userRole.Id;
await _userRepo.Update(user.Id, user);

await _userRoleRepo.Create(RandomUserRole());
await _userRoleRepo.Create(RandomUserRole());
await _userRoleRepo.Create(UserRoleInProj());
await _userRoleRepo.Create(UserRoleInProj());

var result = await _userRoleController.GetCurrentPermissions(_projId);
Assert.That(result, Is.InstanceOf<ObjectResult>());
Expand Down Expand Up @@ -179,7 +184,7 @@ public async Task TestGetCurrentPermissionsNotAuthorized()
[Test]
public async Task TestCreateUserRole()
{
var userRole = RandomUserRole();
var userRole = UserRoleInProj();
var id = (string)((ObjectResult)await _userRoleController.CreateUserRole(_projId, userRole)).Value!;
userRole.Id = id;
Assert.That(await _userRoleRepo.GetAllUserRoles(_projId), Does.Contain(userRole));
Expand All @@ -188,7 +193,7 @@ public async Task TestCreateUserRole()
[Test]
public async Task TestCreateUserRolesMissingProject()
{
var userRole = RandomUserRole();
var userRole = UserRoleInProj();
var result = await _userRoleController.CreateUserRole(MissingId, userRole);
Assert.That(result, Is.InstanceOf<NotFoundObjectResult>());
}
Expand All @@ -197,20 +202,29 @@ public async Task TestCreateUserRolesMissingProject()
public async Task TestCreateUserRolesNoPermission()
{
_userRoleController.ControllerContext.HttpContext = PermissionServiceMock.UnauthorizedHttpContext();
var userRole = await _userRoleRepo.Create(RandomUserRole());
var userRole = await _userRoleRepo.Create(UserRoleInProj());
var result = await _userRoleController.CreateUserRole(_projId, userRole);
Assert.That(result, Is.InstanceOf<ForbidResult>());
}

[Test]
public async Task TestCreateUserRolesSecondOwner()
{
var firstOwner = await _userRoleController.CreateUserRole(_projId, UserRoleInProj(Role.Owner));
Assert.That(firstOwner, Is.InstanceOf<OkObjectResult>());
var secondOwner = await _userRoleController.CreateUserRole(_projId, UserRoleInProj(Role.Owner));
Assert.That(secondOwner, Is.InstanceOf<ForbidResult>());
}

[Test]
public async Task TestUpdateUserRole()
{
var userRole = RandomUserRole(Role.Harvester);
var userRole = UserRoleInProj(Role.Harvester);
await _userRoleRepo.Create(userRole);
var user = new User { ProjectRoles = { [_projId] = userRole.Id } };
var userId = (await _userRepo.Create(user))!.Id;
_userRoleController.ControllerContext.HttpContext = PermissionServiceMock.HttpContextWithUserId(userId);
var projectRole = new ProjectRole { ProjectId = _projId, Role = Role.Editor };
var projectRole = ProjectRoleInProj(Role.Editor);
await _userRoleController.UpdateUserRole(userId, projectRole);
var result = await _userRoleController.GetCurrentPermissions(_projId);

Expand All @@ -226,21 +240,20 @@ public async Task TestUpdateUserRole()
[Test]
public async Task TestUpdateUserRoleNoChange()
{
var userRole = RandomUserRole(Role.Harvester);
var userRole = UserRoleInProj(Role.Harvester);
await _userRoleRepo.Create(userRole);
var user = new User { ProjectRoles = { [_projId] = userRole.Id } };
var userId = (await _userRepo.Create(user))!.Id;
_userRoleController.ControllerContext.HttpContext = PermissionServiceMock.HttpContextWithUserId(userId);
var projectRole = new ProjectRole { ProjectId = _projId, Role = userRole.Role };
var result = await _userRoleController.UpdateUserRole(userId, projectRole);
var result = await _userRoleController.UpdateUserRole(userId, ProjectRoleInProj(userRole.Role));
Assert.That(((ObjectResult)result).StatusCode, Is.EqualTo(StatusCodes.Status304NotModified));
}

[Test]
public async Task TestCreateNewUpdateUserRole()
{
var userId = (await _userRepo.Create(new User()))!.Id;
var projectRole = new ProjectRole { ProjectId = _projId, Role = Role.Editor };
var projectRole = ProjectRoleInProj(Role.Editor);
var updateResult = await _userRoleController.UpdateUserRole(userId, projectRole);
var newUserRoleId = (string)((OkObjectResult)updateResult).Value!;
_userRoleController.ControllerContext.HttpContext = PermissionServiceMock.HttpContextWithUserId(userId);
Expand All @@ -258,12 +271,11 @@ public async Task TestCreateNewUpdateUserRole()
[Test]
public async Task TestUpdateUserRolesMissingIds()
{
var projectRole = new ProjectRole { ProjectId = _projId, Role = Role.Editor };

var projectRole = ProjectRoleInProj(Role.Editor);
var missingUserIdResult = await _userRoleController.UpdateUserRole(MissingId, projectRole);
Assert.That(missingUserIdResult, Is.InstanceOf<NotFoundObjectResult>());

var userRoleId = (await _userRoleRepo.Create(RandomUserRole(Role.Harvester))).Id;
var userRoleId = (await _userRoleRepo.Create(UserRoleInProj(Role.Harvester))).Id;
projectRole.ProjectId = MissingId;
var missingProjIdResult = await _userRoleController.UpdateUserRole(userRoleId, projectRole);
Assert.That(missingProjIdResult, Is.InstanceOf<NotFoundObjectResult>());
Expand All @@ -273,15 +285,35 @@ public async Task TestUpdateUserRolesMissingIds()
public async Task TestUpdateUserRolesNoPermission()
{
_userRoleController.ControllerContext.HttpContext = PermissionServiceMock.UnauthorizedHttpContext();
var userRoleId = (await _userRoleRepo.Create(RandomUserRole(Role.Harvester))).Id;
var result = await _userRoleController.UpdateUserRole(userRoleId, new ProjectRole());
var userRoleId = (await _userRoleRepo.Create(UserRoleInProj(Role.Harvester))).Id;
var result = await _userRoleController.UpdateUserRole(userRoleId, ProjectRoleInProj());
Assert.That(result, Is.InstanceOf<ForbidResult>());
}

[Test]
public async Task TestUpdateUserRolesToOwner()
{
var userRoleId = (await _userRoleRepo.Create(UserRoleInProj(Role.Administrator))).Id;
var user = new User { ProjectRoles = { [_projId] = userRoleId } };
var userId = (await _userRepo.Create(user))!.Id;
var result = await _userRoleController.UpdateUserRole(userId, ProjectRoleInProj(Role.Owner));
Assert.That(result, Is.InstanceOf<ForbidResult>());
}

[Test]
public async Task TestUpdateUserRolesFromOwner()
{
var userRoleId = (await _userRoleRepo.Create(UserRoleInProj(Role.Owner))).Id;
var user = new User { ProjectRoles = { [_projId] = userRoleId } };
var userId = (await _userRepo.Create(user))!.Id;
var result = await _userRoleController.UpdateUserRole(userId, ProjectRoleInProj(Role.Administrator));
Assert.That(result, Is.InstanceOf<ForbidResult>());
}

[Test]
public async Task TestDeleteUserRole()
{
var userRole = RandomUserRole();
var userRole = UserRoleInProj();
await _userRoleRepo.Create(userRole);
var user = new User { ProjectRoles = { [_projId] = userRole.Id } };
var userId = (await _userRepo.Create(user))!.Id;
Expand All @@ -305,16 +337,30 @@ public async Task TestDeleteUserRole()
public async Task TestDeleteUserRoleNoPermission()
{
_userRoleController.ControllerContext.HttpContext = PermissionServiceMock.UnauthorizedHttpContext();
var userRole = await _userRoleRepo.Create(RandomUserRole());
var result = await _userRoleController.DeleteUserRole(_projId, userRole.Id);
var userRole = await _userRoleRepo.Create(UserRoleInProj());
var user = new User { ProjectRoles = { [_projId] = userRole.Id } };
var userId = (await _userRepo.Create(user))!.Id;
var result = await _userRoleController.DeleteUserRole(_projId, userId);
Assert.That(result, Is.InstanceOf<ForbidResult>());
}

[Test]
public async Task TestDeleteUserRoleOwner()
{
var userRole = await _userRoleRepo.Create(UserRoleInProj(Role.Owner));
var user = new User { ProjectRoles = { [_projId] = userRole.Id } };
var userId = (await _userRepo.Create(user))!.Id;
var result = await _userRoleController.DeleteUserRole(_projId, userId);
Assert.That(result, Is.InstanceOf<ForbidResult>());
}

[Test]
public async Task TestDeleteUserRoleMissingIds()
{
var userRole = await _userRoleRepo.Create(RandomUserRole());
var projectResult = await _userRoleController.DeleteUserRole(MissingId, userRole.Id);
var userRole = await _userRoleRepo.Create(UserRoleInProj());
var user = new User { ProjectRoles = { [_projId] = userRole.Id } };
var userId = (await _userRepo.Create(user))!.Id;
var projectResult = await _userRoleController.DeleteUserRole(MissingId, userId);
Assert.That(projectResult, Is.InstanceOf<NotFoundObjectResult>());

var wordResult = await _userRoleController.DeleteUserRole(_projId, MissingId);
Expand All @@ -324,9 +370,9 @@ public async Task TestDeleteUserRoleMissingIds()
[Test]
public async Task TestDeleteAllUserRoles()
{
await _userRoleRepo.Create(RandomUserRole());
await _userRoleRepo.Create(RandomUserRole());
await _userRoleRepo.Create(RandomUserRole());
await _userRoleRepo.Create(UserRoleInProj());
await _userRoleRepo.Create(UserRoleInProj());
await _userRoleRepo.Create(UserRoleInProj());

Assert.That(await _userRoleRepo.GetAllUserRoles(_projId), Has.Count.EqualTo(3));

Expand All @@ -348,5 +394,98 @@ public async Task TestDeleteAllUserRolesNoPermission()
var result = await _userRoleController.DeleteProjectUserRoles(_projId);
Assert.That(result, Is.InstanceOf<ForbidResult>());
}

[Test]
public async Task TestChangeOwnerNoPermission()
{
_userRoleController.ControllerContext.HttpContext = PermissionServiceMock.UnauthorizedHttpContext();
var oldRole = await _userRoleRepo.Create(UserRoleInProj(Role.Owner));
var oldOwner = new User { ProjectRoles = { [_projId] = oldRole.Id } };
var oldId = (await _userRepo.Create(oldOwner))!.Id;
var newId = (await _userRepo.Create(new()))!.Id;

var result = await _userRoleController.ChangeOwner(_projId, oldId, newId);
Assert.That(result, Is.InstanceOf<ForbidResult>());
}

[Test]
public async Task TestChangeOwnerSameId()
{
var oldRole = await _userRoleRepo.Create(UserRoleInProj(Role.Owner));
var oldOwner = new User { ProjectRoles = { [_projId] = oldRole.Id } };
var oldId = (await _userRepo.Create(oldOwner))!.Id;
var newId = (await _userRepo.Create(new()))!.Id;

var result = await _userRoleController.ChangeOwner(_projId, oldId, oldId);
Assert.That(result, Is.InstanceOf<BadRequestObjectResult>());

result = await _userRoleController.ChangeOwner(_projId, newId, newId);
Assert.That(result, Is.InstanceOf<BadRequestObjectResult>());
}

[Test]
public async Task TestChangeOwnerMissingProjectOrUser()
{
var oldRole = await _userRoleRepo.Create(UserRoleInProj(Role.Owner));
var oldOwner = new User { ProjectRoles = { [_projId] = oldRole.Id } };
var oldId = (await _userRepo.Create(oldOwner))!.Id;
var newId = (await _userRepo.Create(new()))!.Id;

var result = await _userRoleController.ChangeOwner(MissingId, oldId, newId);
Assert.That(result, Is.InstanceOf<NotFoundObjectResult>());

result = await _userRoleController.ChangeOwner(_projId, MissingId, newId);
Assert.That(result, Is.InstanceOf<NotFoundObjectResult>());

result = await _userRoleController.ChangeOwner(_projId, oldId, MissingId);
Assert.That(result, Is.InstanceOf<NotFoundObjectResult>());
}

[Test]
public async Task TestChangeOwnerOldUserNotOwner()
{
var oldRole = await _userRoleRepo.Create(UserRoleInProj(Role.Editor));
var oldEditor = new User { ProjectRoles = { [_projId] = oldRole.Id } };
var oldEditorId = (await _userRepo.Create(oldEditor))!.Id;
var oldOtherId = (await _userRepo.Create(new()))!.Id;
var newId = (await _userRepo.Create(new()))!.Id;

var result = await _userRoleController.ChangeOwner(_projId, oldEditorId, newId);
Assert.That(result, Is.InstanceOf<BadRequestObjectResult>());

result = await _userRoleController.ChangeOwner(_projId, oldOtherId, newId);
Assert.That(result, Is.InstanceOf<BadRequestObjectResult>());
}

[Test]
public async Task TestChangeOwnerNewRole()
{
var oldRole = await _userRoleRepo.Create(UserRoleInProj(Role.Owner));
var oldOwner = new User { ProjectRoles = { [_projId] = oldRole.Id } };
var oldId = (await _userRepo.Create(oldOwner))!.Id;
var newId = (await _userRepo.Create(new()))!.Id;

var result = await _userRoleController.ChangeOwner(_projId, oldId, newId);
Assert.That(result, Is.InstanceOf<OkObjectResult>());
Assert.That((await _userRoleRepo.GetUserRole(_projId, oldRole.Id))?.Role, Is.EqualTo(Role.Administrator));
var newRoleId = (await _userRepo.GetUser(newId))!.ProjectRoles[_projId];
Assert.That((await _userRoleRepo.GetUserRole(_projId, newRoleId))?.Role, Is.EqualTo(Role.Owner));
}

[Test]
public async Task TestChangeOwnerUpdateRole()
{
var oldRole = await _userRoleRepo.Create(UserRoleInProj(Role.Owner));
var oldOwner = new User { ProjectRoles = { [_projId] = oldRole.Id } };
var oldId = (await _userRepo.Create(oldOwner))!.Id;
var newRole = await _userRoleRepo.Create(UserRoleInProj());
var newOwner = new User { ProjectRoles = { [_projId] = newRole.Id } };
var newId = (await _userRepo.Create(newOwner))!.Id;

var result = await _userRoleController.ChangeOwner(_projId, oldId, newId);
Assert.That(result, Is.InstanceOf<OkObjectResult>());
Assert.That((await _userRoleRepo.GetUserRole(_projId, oldRole.Id))?.Role, Is.EqualTo(Role.Administrator));
Assert.That((await _userRoleRepo.GetUserRole(_projId, newRole.Id))?.Role, Is.EqualTo(Role.Owner));
}
}
}
Loading
Loading