[PM-14378] Add tests for SecurityTaskOrganizationAuthorizationHandler

shane-melton · shane-melton · commit ca15550db160 · 2024-12-11T16:42:42.000-08:00
diff --git a/src/Core/Vault/Authorization/SecurityTasks/SecurityTaskOrganizationAuthorizationHandler.cs b/src/Core/Vault/Authorization/SecurityTasks/SecurityTaskOrganizationAuthorizationHandler.cs
@@ -42,6 +42,6 @@ private static bool CanListAllTasksForOrganization(CurrentContextOrganization or
     {
         return org is
         { Type: OrganizationUserType.Admin or OrganizationUserType.Owner } or
-        { Permissions.AccessReports: true };
+        { Type: OrganizationUserType.Custom, Permissions.AccessReports: true };
     }
 }
diff --git a/test/Core.Test/Vault/Authorization/SecurityTaskOrganizationAuthorizationHandlerTests.cs b/test/Core.Test/Vault/Authorization/SecurityTaskOrganizationAuthorizationHandlerTests.cs
@@ -0,0 +1,105 @@
+﻿using System.Security.Claims;
+using Bit.Core.Context;
+using Bit.Core.Enums;
+using Bit.Core.Test.AdminConsole.AutoFixture;
+using Bit.Core.Vault.Authorization.SecurityTasks;
+using Bit.Core.Vault.Entities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Microsoft.AspNetCore.Authorization;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.Vault.Authorization;
+
+[SutProviderCustomize]
+public class SecurityTaskOrganizationAuthorizationHandlerTests
+{
+    [Theory, CurrentContextOrganizationCustomize, BitAutoData]
+    public async Task MissingOrg_Failure(
+        CurrentContextOrganization organization,
+        SutProvider<SecurityTaskOrganizationAuthorizationHandler> sutProvider)
+    {
+        var userId = Guid.NewGuid();
+
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
+        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns((CurrentContextOrganization)null);
+
+        var context = new AuthorizationHandlerContext(
+            new[] { SecurityTaskOperations.ListAllForOrganization },
+            new ClaimsPrincipal(),
+            organization);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory, CurrentContextOrganizationCustomize, BitAutoData]
+    public async Task MissingUserId_Failure(
+        CurrentContextOrganization organization,
+        SutProvider<SecurityTaskOrganizationAuthorizationHandler> sutProvider)
+    {
+        var userId = Guid.NewGuid();
+
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(null as Guid?);
+
+        var context = new AuthorizationHandlerContext(
+            new[] { SecurityTaskOperations.ListAllForOrganization },
+            new ClaimsPrincipal(),
+            organization);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory, CurrentContextOrganizationCustomize]
+    [BitAutoData(OrganizationUserType.Owner)]
+    [BitAutoData(OrganizationUserType.Admin)]
+    [BitAutoData(OrganizationUserType.Custom)]
+    public async Task ListAllForOrganization_Admin_Success(
+        OrganizationUserType userType,
+        CurrentContextOrganization organization,
+        SutProvider<SecurityTaskOrganizationAuthorizationHandler> sutProvider)
+    {
+        var userId = Guid.NewGuid();
+        organization.Type = userType;
+        if (organization.Type == OrganizationUserType.Custom)
+        {
+            organization.Permissions.AccessReports = true;
+        }
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
+        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
+
+        var context = new AuthorizationHandlerContext(
+            new[] { SecurityTaskOperations.ListAllForOrganization },
+            new ClaimsPrincipal(),
+            organization);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Theory, CurrentContextOrganizationCustomize(Type = OrganizationUserType.User), BitAutoData]
+    public async Task ListAllForOrganization_User_Failure(
+        CurrentContextOrganization organization,
+        SutProvider<SecurityTaskOrganizationAuthorizationHandler> sutProvider)
+    {
+        var userId = Guid.NewGuid();
+
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
+        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
+
+        var context = new AuthorizationHandlerContext(
+            new[] { SecurityTaskOperations.ListAllForOrganization },
+            new ClaimsPrincipal(),
+            organization);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+}

Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,6 @@ private static bool CanListAllTasksForOrganization(CurrentContextOrganization or`
`42`	`42`	`{`
`43`	`43`	`return org is`
`44`	`44`	`{ Type: OrganizationUserType.Admin or OrganizationUserType.Owner } or`
`45`		`- { Permissions.AccessReports: true };`
	`45`	`+ { Type: OrganizationUserType.Custom, Permissions.AccessReports: true };`
`46`	`46`	`}`
`47`	`47`	`}`