Skip to content

Commit 564eefb

Browse files
committed
Remove unneeded tests that test which permissions certain role have.
1 parent 2c2884b commit 564eefb

3 files changed

Lines changed: 0 additions & 139 deletions

File tree

src/ServiceControl.AcceptanceTests/Security/OpenIdConnect/When_my_routes_are_requested.cs

Lines changed: 0 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -63,48 +63,5 @@ public async Task Should_reject_requests_without_bearer_token()
6363
OpenIdConnectAssertions.AssertUnauthorized(response);
6464
}
6565

66-
[Test]
67-
public async Task Reader_can_view_but_cannot_retry()
68-
{
69-
var routes = await GetRoutes(RolePermissions.Reader);
70-
71-
using (Assert.EnterMultipleScope())
72-
{
73-
Assert.That(routes.Any(r => r.UrlTemplate == "/api/configuration"), Is.True,
74-
"reader holds :view permissions, so view routes are allowed");
75-
Assert.That(routes.Any(r => r.Method == "POST" && r.UrlTemplate.EndsWith("/retry")), Is.False,
76-
"reader has no retry permission, so retry routes are excluded");
77-
}
78-
}
79-
80-
[Test]
81-
public async Task Writer_can_retry()
82-
{
83-
var routes = await GetRoutes(RolePermissions.Writer);
84-
85-
Assert.That(routes.Any(r => r.Method == "POST" && r.UrlTemplate.EndsWith("/retry")), Is.True,
86-
"writer holds the operate permissions, so retry routes are allowed");
87-
}
88-
89-
async Task<List<RouteManifestEntry>> GetRoutes(string role)
90-
{
91-
HttpResponseMessage response = null;
92-
93-
_ = await Define<Context>()
94-
.Done(async ctx =>
95-
{
96-
var token = mockOidcServer.GenerateToken(additionalClaims: [new Claim("roles", role)]);
97-
response = await OpenIdConnectAssertions.SendRequestWithBearerToken(
98-
HttpClient, HttpMethod.Get, "/api/my/routes", token);
99-
return response != null;
100-
})
101-
.Run();
102-
103-
OpenIdConnectAssertions.AssertAuthenticated(response);
104-
105-
var content = await response.Content.ReadAsStringAsync();
106-
return JsonSerializer.Deserialize<List<RouteManifestEntry>>(content, SerializerOptions);
107-
}
108-
10966
class Context : ScenarioContext;
11067
}

src/ServiceControl.Infrastructure.Tests/Auth/EffectivePermissionsTests.cs

Lines changed: 0 additions & 46 deletions
This file was deleted.

src/ServiceControl.Infrastructure.Tests/Auth/RolePermissionsTests.cs

Lines changed: 0 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -19,54 +19,4 @@ public void Every_permission_is_assigned_to_a_role()
1919
Assert.That(unassigned, Is.Empty,
2020
$"Every permission constant must be assigned to a role group in RolePermissions. Unassigned: [{string.Join(", ", unassigned)}]");
2121
}
22-
23-
[Test]
24-
public void Admin_is_a_proper_superset_of_the_other_roles()
25-
{
26-
var reader = RolePermissions.Roles[RolePermissions.Reader];
27-
var writer = RolePermissions.Roles[RolePermissions.Writer];
28-
var admin = RolePermissions.Roles[RolePermissions.Admin];
29-
30-
using (Assert.EnterMultipleScope())
31-
{
32-
Assert.That(reader.IsProperSubsetOf(admin), Is.True, "reader must be a proper subset of admin");
33-
Assert.That(writer.IsProperSubsetOf(admin), Is.True, "writer must be a proper subset of admin");
34-
}
35-
}
36-
37-
[Test]
38-
public void Writer_has_no_access_to_configuration_areas()
39-
{
40-
var writer = RolePermissions.Roles[RolePermissions.Writer];
41-
42-
string[] configurationAreaPermissions =
43-
[
44-
Permissions.ErrorLicensingView,
45-
Permissions.ErrorLicensingManage,
46-
Permissions.ErrorNotificationsView,
47-
Permissions.ErrorNotificationsManage,
48-
Permissions.ErrorNotificationsTest,
49-
Permissions.ErrorRedirectsView,
50-
Permissions.ErrorRedirectsManage,
51-
Permissions.ErrorThroughputView,
52-
Permissions.ErrorThroughputManage,
53-
];
54-
55-
var granted = configurationAreaPermissions.Where(writer.Contains).ToArray();
56-
57-
Assert.That(granted, Is.Empty,
58-
$"Writer must not hold licensing/notifications/redirects/throughput permissions. Granted: [{string.Join(", ", granted)}]");
59-
}
60-
61-
[Test]
62-
public void Role_sets_contain_only_known_permissions()
63-
{
64-
foreach (var (role, granted) in RolePermissions.Roles)
65-
{
66-
var unknown = granted.Except(Permissions.All).Order().ToArray();
67-
68-
Assert.That(unknown, Is.Empty,
69-
$"Role '{role}' grants permissions that are not declared on Permissions: [{string.Join(", ", unknown)}]");
70-
}
71-
}
7222
}

0 commit comments

Comments
 (0)