Added authorization to Grade Endpoints and updated tests

aau-giraf · Dec 4, 2024 · eadb78c · eadb78c
1 parent b9f4e03
commit eadb78c
Show file tree

Hide file tree

Showing 3 changed files with 88 additions and 8 deletions.
diff --git a/Giraf.IntegrationTests/Endpoints/GradeEndpointTests.cs b/Giraf.IntegrationTests/Endpoints/GradeEndpointTests.cs
@@ -1,5 +1,6 @@
 using System.Net;
 using System.Net.Http.Json;
+using System.Security.Claims;
 using Giraf.IntegrationTests.Utils;
 using Giraf.IntegrationTests.Utils.DbSeeders;
 using GirafAPI.Data;
@@ -20,6 +21,12 @@ public async Task GetGradeById_ReturnsGrade_WhenGradeExists()
             // Arrange
             var factory = new GirafWebApplicationFactory(_ => new BasicGradeSeeder());
             var client = factory.CreateClient();
+
+            var testOrgId = 1;
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgMember", testOrgId.ToString())
+            };
 
             int gradeId;
             using (var scope = factory.Services.CreateScope())
@@ -48,6 +55,12 @@ public async Task GetGradeById_ReturnsNotFound_WhenGradeDoesNotExist()
             var factory = new GirafWebApplicationFactory(_ => new EmptyDb());
             var client = factory.CreateClient();
             int nonExistentGradeId = 9999;
+
+            var testOrgId = 1;
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgMember", testOrgId.ToString())
+            };
 
             // Act
             var response = await client.GetAsync($"/grades/{nonExistentGradeId}");
@@ -76,6 +89,11 @@ public async Task GetGradesInOrganization_ReturnsGrades_WhenOrganizationExists()
                 Assert.NotNull(organization);
                 organizationId = organization.Id;
             }
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgMember", organizationId.ToString())
+            };
 
             // Act
             var response = await client.GetAsync($"/grades/org/{organizationId}");
@@ -95,6 +113,11 @@ public async Task GetGradesInOrganization_ReturnsNotFound_WhenOrganizationDoesNo
             var factory = new GirafWebApplicationFactory(_ => new EmptyDb());
             var client = factory.CreateClient();
             int nonExistentOrganizationId = 9999;
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgMember", nonExistentOrganizationId.ToString())
+            };
 
             // Act
             var response = await client.GetAsync($"/grades/org/{nonExistentOrganizationId}");
@@ -123,6 +146,11 @@ public async Task CreateGrade_ReturnsCreated_WhenOrganizationExists()
                 Assert.NotNull(organization);
                 organizationId = organization.Id;
             }
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgAdmin", organizationId.ToString())
+            };
 
             var newGradeDto = new CreateGradeDTO
             (
@@ -141,12 +169,17 @@ public async Task CreateGrade_ReturnsCreated_WhenOrganizationExists()
 
         // Test 6: Create a new grade when the organization does not exist.
         [Fact]
-        public async Task CreateGrade_ReturnsNotFound_WhenOrganizationDoesNotExist()
+        public async Task CreateGrade_ReturnsForbidden_WhenOrganizationDoesNotExist()
         {
             // Arrange
             var factory = new GirafWebApplicationFactory(_ => new EmptyDb());
             var client = factory.CreateClient();
             int nonExistentOrganizationId = 9999;
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgMember", nonExistentOrganizationId.ToString())
+            };
 
             var newGradeDto = new CreateGradeDTO
             (
@@ -157,7 +190,7 @@ public async Task CreateGrade_ReturnsNotFound_WhenOrganizationDoesNotExist()
             var response = await client.PostAsJsonAsync($"/grades/?orgId={nonExistentOrganizationId}", newGradeDto);
 
             // Assert
-            Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+            Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
         }
 
         #endregion
@@ -171,6 +204,11 @@ public async Task ChangeGradeName_ReturnsOk_WhenGradeExists()
             // Arrange
             var factory = new GirafWebApplicationFactory(_ => new BasicGradeSeeder());
             var client = factory.CreateClient();
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgAdmin", "1")
+            };
 
             int gradeId;
             using (var scope = factory.Services.CreateScope())
@@ -195,19 +233,24 @@ public async Task ChangeGradeName_ReturnsOk_WhenGradeExists()
 
         // Test 8: Change the name of a grade when the grade does not exist.
         [Fact]
-        public async Task ChangeGradeName_ReturnsNotFound_WhenGradeDoesNotExist()
+        public async Task ChangeGradeName_ReturnsForbidden_WhenGradeDoesNotExist()
         {
             // Arrange
             var factory = new GirafWebApplicationFactory(_ => new EmptyDb());
             var client = factory.CreateClient();
             int nonExistentGradeId = 9999;
             string newName = "Updated Grade Name";
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgMember", "1")
+            };
 
             // Act
             var response = await client.PutAsync($"/grades/{nonExistentGradeId}/change-name?newName={newName}", null);
 
             // Assert
-            Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+            Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
         }
 
         #endregion
@@ -221,6 +264,11 @@ public async Task AddCitizensToGrade_ReturnsOk_WhenGradeAndCitizensExist()
             // Arrange
             var factory = new GirafWebApplicationFactory(_ => new GradeSeederWithCitizen());
             var client = factory.CreateClient();
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgMember", "1")
+            };
 
             int gradeId;
             List<int> citizenIds;
@@ -258,6 +306,11 @@ public async Task AddCitizensToGrade_ReturnsNotFound_WhenGradeDoesNotExist()
             // Arrange
             var factory = new GirafWebApplicationFactory(_ => new BasicCitizenSeeder());
             var client = factory.CreateClient();
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgMember", "1")
+            };
 
             int nonExistentGradeId = 9999;
             List<int> citizenIds;
@@ -291,6 +344,11 @@ public async Task RemoveCitizensFromGrade_ReturnsOk_WhenGradeAndCitizensExist()
             // Arrange
             var factory = new GirafWebApplicationFactory(_ => new GradeSeederWithCitizen());
             var client = factory.CreateClient();
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgMember", "1")
+            };
 
             int gradeId;
             List<int> citizenIds;
@@ -325,6 +383,11 @@ public async Task RemoveCitizensFromGrade_ReturnsNotFound_WhenGradeDoesNotExist(
             // Arrange
             var factory = new GirafWebApplicationFactory(_ => new BasicCitizenSeeder());
             var client = factory.CreateClient();
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgMember", "1")
+            };
 
             int nonExistentGradeId = 9999;
             List<int> citizenIds;
@@ -358,6 +421,11 @@ public async Task DeleteGrade_ReturnsNoContent_WhenGradeExists()
             // Arrange
             var factory = new GirafWebApplicationFactory(_ => new BasicGradeSeeder());
             var client = factory.CreateClient();
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgAdmin", "1")
+            };
 
             int gradeId;
             using (var scope = factory.Services.CreateScope())
@@ -385,18 +453,23 @@ public async Task DeleteGrade_ReturnsNoContent_WhenGradeExists()
 
         // Test 14: Delete a grade when the grade does not exist.
         [Fact]
-        public async Task DeleteGrade_ReturnsNotFound_WhenGradeDoesNotExist()
+        public async Task DeleteGrade_ReturnsForbidden_WhenGradeDoesNotExist()
         {
             // Arrange
             var factory = new GirafWebApplicationFactory(_ => new EmptyDb());
             var client = factory.CreateClient();
             int nonExistentGradeId = 9999;
+
+            TestAuthHandler.TestClaims = new List<Claim>
+            {
+                new Claim("OrgMember", "1")
+            };
 
             // Act
             var response = await client.DeleteAsync($"/grades/{nonExistentGradeId}");
 
             // Assert
-            Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+            Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
         }
 
         #endregion

diff --git a/Giraf.IntegrationTests/Utils/GirafWebApplicationFactory.cs b/Giraf.IntegrationTests/Utils/GirafWebApplicationFactory.cs
@@ -56,12 +56,12 @@ protected override void ConfigureWebHost(IWebHostBuilder builder)
             // Add authorization policies
             services.AddAuthorization(options =>
             {
-                options.AddPolicy("OrganizationMember", policy =>
+                options.AddPolicy("OrgMember", policy =>
                 {
                     policy.RequireClaim("OrgMember");
                 });
 
-                options.AddPolicy("OrganizationAdmin", policy =>
+                options.AddPolicy("OrgAdmin", policy =>
                 {
                     policy.RequireClaim("OrgAdmin");
                 });

diff --git a/GirafAPI/Endpoints/GradeEndpoints.cs b/GirafAPI/Endpoints/GradeEndpoints.cs
@@ -35,6 +35,7 @@ await dbContext.Entry(grade)
         .WithName("GetGradeById")
         .WithTags("Grade")
         .WithDescription("Gets a grade by id.")
+        .RequireAuthorization("OrgMember")
         .Produces(StatusCodes.Status200OK)
         .Produces(StatusCodes.Status404NotFound)
         .Produces(StatusCodes.Status500InternalServerError);
@@ -65,6 +66,7 @@ await dbContext.Entry(grade)
         .WithName("GetGradesInOrganization")
         .WithTags("Grade")
         .WithDescription("Get all grades within organization.")
+        .RequireAuthorization("OrgMember")
         .Produces(StatusCodes.Status200OK)
         .Produces(StatusCodes.Status404NotFound)
         .Produces(StatusCodes.Status500InternalServerError);
@@ -95,6 +97,7 @@ await dbContext.Entry(organization)
         .WithName("CreateGrade")
         .WithTags("Grade")
         .WithDescription("Creates a new grade.")
+        .RequireAuthorization("OrgAdmin")
         .Produces(StatusCodes.Status201Created)
         .Produces(StatusCodes.Status404NotFound)
         .Produces(StatusCodes.Status500InternalServerError);
@@ -122,6 +125,7 @@ await dbContext.Entry(organization)
         .WithName("ChangeGradeName")
         .WithTags("Grade")
         .WithDescription("Change name of grade.")
+        .RequireAuthorization("OrgAdmin")
         .Produces(StatusCodes.Status200OK)
         .Produces(StatusCodes.Status404NotFound)
         .Produces(StatusCodes.Status500InternalServerError);
@@ -179,6 +183,7 @@ await dbContext.Entry(grade)
             .WithName("AddCitizensToGrade")
             .WithTags("Grade")
             .WithDescription("Add one or more citizens to a grade.")
+            .RequireAuthorization("OrgMember")
             .Produces(StatusCodes.Status200OK)
             .Produces(StatusCodes.Status404NotFound)
             .Produces(StatusCodes.Status500InternalServerError);
@@ -235,6 +240,7 @@ await dbContext.Entry(grade)
             .WithName("RemoveCitizenFromGrade")
             .WithTags("Grade")
             .WithDescription("Remove one or more citizens from a grade.")
+            .RequireAuthorization("OrgMember")
             .Produces(StatusCodes.Status200OK)
             .Produces(StatusCodes.Status404NotFound)
             .Produces(StatusCodes.Status500InternalServerError);
@@ -261,6 +267,7 @@ await dbContext.Entry(grade)
             .WithName("DeleteGrade")
             .WithTags("Grade")
             .WithDescription("Delete a grade.")
+            .RequireAuthorization("OrgAdmin")
             .Produces(StatusCodes.Status204NoContent)
             .Produces(StatusCodes.Status404NotFound)
             .Produces(StatusCodes.Status500InternalServerError);