StringExtensions/tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiUserGroupTestBase.cs

using System.Linq.Expressions;
using System.Net;
using NUnit.Framework;
using Umbraco.Cms.Api.Management.Controllers;
using Umbraco.Cms.Core;

namespace Umbraco.Cms.Tests.Integration.ManagementApi;

public abstract class ManagementApiUserGroupTestBase<T> : ManagementApiTest<T>
    where T : ManagementApiControllerBase
{
    protected string UserEmail = "test@umbraco.com";
    protected const string UserPassword = "1234567890";

    protected override Expression<Func<T, object>> MethodSelector { get; set; }

    protected virtual UserGroupAssertionModel AdminUserGroupAssertionModel => new()
    {
        ExpectedStatusCode = HttpStatusCode.OK
    };

    protected virtual UserGroupAssertionModel EditorUserGroupAssertionModel => new()
    {
        ExpectedStatusCode = HttpStatusCode.Forbidden
    };

    protected virtual UserGroupAssertionModel SensitiveDataUserGroupAssertionModel => new()
    {
        ExpectedStatusCode = HttpStatusCode.Forbidden
    };

    protected virtual UserGroupAssertionModel TranslatorUserGroupAssertionModel => new()
    {
        ExpectedStatusCode = HttpStatusCode.Forbidden
    };

    protected virtual UserGroupAssertionModel WriterUserGroupAssertionModel => new()
    {
        ExpectedStatusCode = HttpStatusCode.Forbidden
    };

    protected virtual UserGroupAssertionModel UnauthorizedUserGroupAssertionModel => new()
    {
        ExpectedStatusCode = HttpStatusCode.Unauthorized
    };

    // Admin
    [Test]
    public virtual async Task As_Admin_I_Have_Specified_Access()
    {
        var response = await AuthorizedRequest(Constants.Security.AdminGroupKey, "Admin");
        Assert.AreEqual(AdminUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode, await response.Content.ReadAsStringAsync());
    }

    // Editor
    [Test]
    public virtual async Task As_Editor_I_Have_Specified_Access()
    {
        var response = await AuthorizedRequest(Constants.Security.EditorGroupKey, "Editor");
        Assert.AreEqual(EditorUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode,
            await response.Content.ReadAsStringAsync());
    }

    // SensitiveData
    [Test]
    public virtual async Task As_Sensitive_Data_I_Have_Specified_Access()
    {
        var response = await AuthorizedRequest(Constants.Security.SensitiveDataGroupKey, "SensitiveData");
        Assert.AreEqual(SensitiveDataUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode,
            await response.Content.ReadAsStringAsync());
    }

    // Translator
    [Test]
    public virtual async Task As_Translator_I_Have_Specified_Access()
    {
        var response = await AuthorizedRequest(Constants.Security.TranslatorGroupKey, "Translator");
        Assert.AreEqual(TranslatorUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode,
            await response.Content.ReadAsStringAsync());
    }

    // Writer
    [Test]
    public virtual async Task As_Writer_I_Have_Specified_Access()
    {
        var response = await AuthorizedRequest(Constants.Security.WriterGroupKey, "Writer");
        Assert.AreEqual(WriterUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode,
            await response.Content.ReadAsStringAsync());
    }

    // Unauthorized
    [Test]
    public virtual async Task As_Unauthorized_I_Have_Specified_Access()
    {
        var response = await ClientRequest();
        Assert.AreEqual(UnauthorizedUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode,
            await response.Content.ReadAsStringAsync());
    }

    protected virtual async Task<HttpResponseMessage> AuthorizedRequest(Guid userGroupKey, string groupName)
    {
        await AuthenticateUser(userGroupKey, groupName);
        return await ClientRequest();
    }

    protected virtual async Task AuthenticateUser(Guid userGroupKey, string groupName)
    {
        await AuthenticateClientAsync(Client, UserEmail + groupName, UserPassword, userGroupKey);
    }

    protected virtual async Task<HttpResponseMessage> ClientRequest()
    {
        return await Client.GetAsync(Url);
    }

    protected class UserGroupAssertionModel
    {
        public HttpStatusCode ExpectedStatusCode { get; set; }
    }
}
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> 2025-10-14 12:04:10 +02:00			`using System.Linq.Expressions;`
			`using System.Net;`
			`using NUnit.Framework;`
			`using Umbraco.Cms.Api.Management.Controllers;`
			`using Umbraco.Cms.Core;`

			`namespace Umbraco.Cms.Tests.Integration.ManagementApi;`

			`public abstract class ManagementApiUserGroupTestBase<T> : ManagementApiTest<T>`
			`where T : ManagementApiControllerBase`
			`{`
			`protected string UserEmail = "test@umbraco.com";`
			`protected const string UserPassword = "1234567890";`

			`protected override Expression<Func<T, object>> MethodSelector { get; set; }`

			`protected virtual UserGroupAssertionModel AdminUserGroupAssertionModel => new()`
			`{`
			`ExpectedStatusCode = HttpStatusCode.OK`
			`};`

			`protected virtual UserGroupAssertionModel EditorUserGroupAssertionModel => new()`
			`{`
			`ExpectedStatusCode = HttpStatusCode.Forbidden`
			`};`

			`protected virtual UserGroupAssertionModel SensitiveDataUserGroupAssertionModel => new()`
			`{`
			`ExpectedStatusCode = HttpStatusCode.Forbidden`
			`};`

			`protected virtual UserGroupAssertionModel TranslatorUserGroupAssertionModel => new()`
			`{`
			`ExpectedStatusCode = HttpStatusCode.Forbidden`
			`};`

			`protected virtual UserGroupAssertionModel WriterUserGroupAssertionModel => new()`
			`{`
			`ExpectedStatusCode = HttpStatusCode.Forbidden`
			`};`

			`protected virtual UserGroupAssertionModel UnauthorizedUserGroupAssertionModel => new()`
			`{`
			`ExpectedStatusCode = HttpStatusCode.Unauthorized`
			`};`

			`// Admin`
			`[Test]`
			`public virtual async Task As_Admin_I_Have_Specified_Access()`
			`{`
			`var response = await AuthorizedRequest(Constants.Security.AdminGroupKey, "Admin");`
			`Assert.AreEqual(AdminUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode, await response.Content.ReadAsStringAsync());`
			`}`

			`// Editor`
			`[Test]`
			`public virtual async Task As_Editor_I_Have_Specified_Access()`
			`{`
			`var response = await AuthorizedRequest(Constants.Security.EditorGroupKey, "Editor");`
			`Assert.AreEqual(EditorUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode,`
			`await response.Content.ReadAsStringAsync());`
			`}`

			`// SensitiveData`
			`[Test]`
			`public virtual async Task As_Sensitive_Data_I_Have_Specified_Access()`
			`{`
			`var response = await AuthorizedRequest(Constants.Security.SensitiveDataGroupKey, "SensitiveData");`
			`Assert.AreEqual(SensitiveDataUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode,`
			`await response.Content.ReadAsStringAsync());`
			`}`

			`// Translator`
			`[Test]`
			`public virtual async Task As_Translator_I_Have_Specified_Access()`
			`{`
			`var response = await AuthorizedRequest(Constants.Security.TranslatorGroupKey, "Translator");`
			`Assert.AreEqual(TranslatorUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode,`
			`await response.Content.ReadAsStringAsync());`
			`}`

			`// Writer`
			`[Test]`
			`public virtual async Task As_Writer_I_Have_Specified_Access()`
			`{`
			`var response = await AuthorizedRequest(Constants.Security.WriterGroupKey, "Writer");`
			`Assert.AreEqual(WriterUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode,`
			`await response.Content.ReadAsStringAsync());`
			`}`

			`// Unauthorized`
			`[Test]`
			`public virtual async Task As_Unauthorized_I_Have_Specified_Access()`
			`{`
			`var response = await ClientRequest();`
			`Assert.AreEqual(UnauthorizedUserGroupAssertionModel.ExpectedStatusCode, response.StatusCode,`
			`await response.Content.ReadAsStringAsync());`
			`}`

			`protected virtual async Task<HttpResponseMessage> AuthorizedRequest(Guid userGroupKey, string groupName)`
			`{`
			`await AuthenticateUser(userGroupKey, groupName);`
			`return await ClientRequest();`
			`}`

			`protected virtual async Task AuthenticateUser(Guid userGroupKey, string groupName)`
			`{`
			`await AuthenticateClientAsync(Client, UserEmail + groupName, UserPassword, userGroupKey);`
			`}`

			`protected virtual async Task<HttpResponseMessage> ClientRequest()`
			`{`
			`return await Client.GetAsync(Url);`
			`}`

			`protected class UserGroupAssertionModel`
			`{`
			`public HttpStatusCode ExpectedStatusCode { get; set; }`
			`}`
			`}`