67 lines
1.9 KiB
C#
67 lines
1.9 KiB
C#
using ScadaLink.ManagementService;
|
|
|
|
namespace ScadaLink.ManagementService.Tests;
|
|
|
|
/// <summary>
|
|
/// Tests for <see cref="DebugStreamHub"/> per-instance site-scope authorization
|
|
/// (finding ManagementService-003).
|
|
/// </summary>
|
|
public class DebugStreamHubTests
|
|
{
|
|
[Fact]
|
|
public void IsInstanceAccessAllowed_SiteScopedUser_InScopeInstance_Allowed()
|
|
{
|
|
var allowed = DebugStreamHub.IsInstanceAccessAllowed(
|
|
roles: new[] { "Deployment" },
|
|
permittedSiteIds: new[] { "1", "2" },
|
|
instanceSiteId: 2);
|
|
|
|
Assert.True(allowed);
|
|
}
|
|
|
|
[Fact]
|
|
public void IsInstanceAccessAllowed_SiteScopedUser_OutOfScopeInstance_Denied()
|
|
{
|
|
var allowed = DebugStreamHub.IsInstanceAccessAllowed(
|
|
roles: new[] { "Deployment" },
|
|
permittedSiteIds: new[] { "1", "2" },
|
|
instanceSiteId: 99);
|
|
|
|
Assert.False(allowed);
|
|
}
|
|
|
|
[Fact]
|
|
public void IsInstanceAccessAllowed_SystemWideDeployment_AnySiteAllowed()
|
|
{
|
|
// Empty permitted set == system-wide Deployment.
|
|
var allowed = DebugStreamHub.IsInstanceAccessAllowed(
|
|
roles: new[] { "Deployment" },
|
|
permittedSiteIds: Array.Empty<string>(),
|
|
instanceSiteId: 99);
|
|
|
|
Assert.True(allowed);
|
|
}
|
|
|
|
[Fact]
|
|
public void IsInstanceAccessAllowed_AdminRole_BypassesSiteScope()
|
|
{
|
|
var allowed = DebugStreamHub.IsInstanceAccessAllowed(
|
|
roles: new[] { "Admin", "Deployment" },
|
|
permittedSiteIds: new[] { "1" },
|
|
instanceSiteId: 99);
|
|
|
|
Assert.True(allowed);
|
|
}
|
|
|
|
[Fact]
|
|
public void IsInstanceAccessAllowed_AdminRoleCheck_IsCaseInsensitive()
|
|
{
|
|
var allowed = DebugStreamHub.IsInstanceAccessAllowed(
|
|
roles: new[] { "admin" },
|
|
permittedSiteIds: new[] { "1" },
|
|
instanceSiteId: 99);
|
|
|
|
Assert.True(allowed);
|
|
}
|
|
}
|