From 47072cb65f5163aa31b2f7bff29197d961f68660 Mon Sep 17 00:00:00 2001
From: Scott Bommarito <scottbom@microsoft.com>
Date: Mon, 11 Dec 2017 17:05:47 -0800
Subject: [PATCH] Permissions tests for API Key list and create actions (#5153)

---
 .../Controllers/UsersControllerFacts.cs       | 126 +++++++++++++++++-
 .../Framework/MemberDataHelper.cs             |  13 ++
 .../NuGetGallery.Facts.csproj                 |   1 +
 3 files changed, 136 insertions(+), 4 deletions(-)
 create mode 100644 tests/NuGetGallery.Facts/Framework/MemberDataHelper.cs

diff --git a/tests/NuGetGallery.Facts/Controllers/UsersControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/UsersControllerFacts.cs
index 2bcfd80225..79c7652c89 100644
--- a/tests/NuGetGallery.Facts/Controllers/UsersControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/UsersControllerFacts.cs
@@ -623,6 +623,95 @@ public async Task DoesntSendAccountChangedEmailsIfConfirmationTokenDoesntMatch()
             }
         }
 
+        public class TheApiKeysAction
+            : TestContainer
+        {
+            public static IEnumerable<object[]> CurrentUserIsInPackageOwnersWithPushNew_Data
+            {
+                get
+                {
+                    foreach (var currentUser in 
+                        new[] 
+                        {
+                            TestUtility.FakeUser,
+                            TestUtility.FakeAdminUser,
+                            TestUtility.FakeOrganizationAdmin,
+                            TestUtility.FakeOrganizationCollaborator
+                        })
+                    {
+                        yield return MemberDataHelper.AsData(currentUser);
+                    }
+                }
+            }
+
+            [Theory]
+            [MemberData(nameof(CurrentUserIsInPackageOwnersWithPushNew_Data))]
+            public void CurrentUserIsFirstInPackageOwnersWithPushNew(User currentUser)
+            {
+                var model = GetModelForApiKeys(currentUser);
+
+                var firstPackageOwner = model.PackageOwners.First();
+                Assert.True(firstPackageOwner.Owner == currentUser.Username);
+                Assert.True(firstPackageOwner.CanPushNew);
+            }
+            
+            [Theory]
+            [InlineData(true)]
+            [InlineData(false)]
+            public void OrganizationIsInPackageOwnersIfMember(bool isAdmin)
+            {
+                var currentUser = isAdmin ? TestUtility.FakeOrganizationAdmin : TestUtility.FakeOrganizationCollaborator;
+                var organization = TestUtility.FakeOrganization;
+
+                var model = GetModelForApiKeys(currentUser);
+                
+                Assert.Equal(1, model.PackageOwners.Count(o => o.Owner == organization.Username && o.CanPushNew == isAdmin));
+            }
+
+            public static IEnumerable<object[]> OrganizationIsNotInPackageOwnersIfNotMember_Data
+            {
+                get
+                {
+                    foreach (var currentUser in
+                        new[]
+                        {
+                            TestUtility.FakeUser,
+                            TestUtility.FakeAdminUser
+                        })
+                    {
+                        yield return MemberDataHelper.AsData(currentUser);
+                    }
+                }
+            }
+
+            [Theory]
+            [MemberData(nameof(OrganizationIsNotInPackageOwnersIfNotMember_Data))]
+            public void OrganizationIsNotInPackageOwnersIfNotMember(User currentUser)
+            {
+                var organization = TestUtility.FakeOrganization;
+
+                var model = GetModelForApiKeys(currentUser);
+
+                Assert.Equal(0, model.PackageOwners.Count(o => o.Owner == organization.Username));
+            }
+
+            private ApiKeyListViewModel GetModelForApiKeys(User currentUser)
+            {
+                var controller = GetController<UsersController>();
+                controller.SetCurrentUser(currentUser);
+
+                // Act
+                var result = controller.ApiKeys();
+
+                // Assert
+                Assert.IsType<ViewResult>(result);
+                var viewResult = result as ViewResult;
+
+                Assert.IsType<ApiKeyListViewModel>(viewResult.Model);
+                return viewResult.Model as ApiKeyListViewModel;
+            }
+        }
+
         public class TheGenerateApiKeyAction : TestContainer
         {
             [InlineData(null)]
@@ -647,13 +736,42 @@ public async Task WhenEmptyDescriptionProvidedRedirectsToAccountPageWithError(st
                 Assert.True(string.Compare((string)result.Data, Strings.ApiKeyDescriptionRequired) == 0);
             }
 
-            [Fact]
-            public async Task WhenScopeOwnerDoesNotMatch_ReturnsBadRequest()
+            public static IEnumerable<object[]> WhenScopeOwnerDoesNotMatch_ReturnsBadRequest_Data
+            {
+                get
+                {
+                    foreach (var getCurrentUser in 
+                        new Func<Fakes, User>[] 
+                        {
+                            (fakes) => fakes.User,
+                            (fakes) => fakes.Admin
+                        })
+                    {
+                        yield return new object[]
+                        {
+                            getCurrentUser
+                        };
+                    }
+                }
+            }
+
+            [Theory]
+            [MemberData(nameof(WhenScopeOwnerDoesNotMatch_ReturnsBadRequest_Data))]
+            public Task WhenScopeOwnerDoesNotMatch_ReturnsBadRequest(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange 
                 var fakes = new Fakes();
-                var user = fakes.User;
-                var otherUser = fakes.ShaUser;
+                var currentUser = getCurrentUser(fakes);
+                var userInOwnerScope = fakes.ShaUser;
+
+                return WhenScopeOwnerDoesNotMatch_ReturnsBadRequest(currentUser, userInOwnerScope);
+            }
+
+            private async Task WhenScopeOwnerDoesNotMatch_ReturnsBadRequest(User currentUser, User userInOwnerScope)
+            {
+                // Arrange 
+                var user = currentUser;
+                var otherUser = userInOwnerScope;
                 GetMock<IUserService>()
                     .Setup(u => u.FindByUsername(otherUser.Username))
                     .Returns(otherUser);
diff --git a/tests/NuGetGallery.Facts/Framework/MemberDataHelper.cs b/tests/NuGetGallery.Facts/Framework/MemberDataHelper.cs
new file mode 100644
index 0000000000..1d8576ce4b
--- /dev/null
+++ b/tests/NuGetGallery.Facts/Framework/MemberDataHelper.cs
@@ -0,0 +1,13 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery.Framework
+{
+    public static class MemberDataHelper
+    {
+        public static object[] AsData(params object[] data)
+        {
+            return data;
+        }
+    }
+}
diff --git a/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj b/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj
index aebfd57fc8..cfe65b2105 100644
--- a/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj
+++ b/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj
@@ -396,6 +396,7 @@
     <Compile Include="Authentication\AuthenticationServiceFacts.cs" />
     <Compile Include="Authentication\TestCredentialHelper.cs" />
     <Compile Include="Controllers\SupportControllerFacts.cs" />
+    <Compile Include="Framework\MemberDataHelper.cs" />
     <Compile Include="Infrastructure\Authentication\ApiKeyV4Facts.cs" />
     <Compile Include="Infrastructure\Authentication\V3HasherTests.cs" />
     <Compile Include="AutocompleteServicePackageIdsQueryFacts.cs" />