Skip to content

Commit

Permalink
Merge pull request #34 from ucdavis/feature/tests
Browse files Browse the repository at this point in the history 
Feature/tests
  • Loading branch information
@bsedwards
bsedwards authored Nov 1, 2024
2 parents 76bd9b6 + bfdacc9 commit 6340c5d
Show file tree
Hide file tree
Showing 12 changed files with 1,288 additions and 454 deletions.
89 changes: 89 additions & 0 deletions test/CTS/AssessmentAccessTest.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
using Moq;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Viper.Areas.CTS.Services;
using Viper.Classes.SQLContext;
using Viper.test.RAPS;

namespace Viper.test.CTS
{
public class AssessmentAccessTest
{
Mock<VIPERContext> context = new Mock<VIPERContext>();
Mock<RAPSContext> rapsContext = new Mock<RAPSContext>();

/// <summary>
/// Test that a student can access their own assessments, but not an assessment of another student
/// </summary>
[Fact]
public void StudentAccessTest()
{
//arrange
var stdUserHelper = SetupUsers.GetUserHelperForUserType(SetupUsers.UserType.Student);
var ctsSec = new CtsSecurityService(rapsContext.Object, context.Object, stdUserHelper.Object);

//act
var studentCanAccessOwnAssessments = ctsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser1.AaudUserId, SetupUsers.facultyUser.AaudUserId);
var studentCanAccessOtherAssessments = ctsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser2.AaudUserId, SetupUsers.facultyUser.AaudUserId);

//assert
Assert.True(studentCanAccessOwnAssessments, "Student cannot view their own assessment.");
Assert.False(studentCanAccessOtherAssessments, "Student can view another student's assessment.");
}

/// <summary>
/// Test that clinicians and faculty can view their own assessments. Certain people can view all assessments.
/// </summary>
[Fact]
public void AssessorAccessTest()
{
//arrange
var facCtsSec = SetupUsers.GetCtsSecurityService(rapsContext.Object, context.Object, SetupUsers.UserType.Faculty);
var managerCtsSec = SetupUsers.GetCtsSecurityService(rapsContext.Object, context.Object, SetupUsers.UserType.Manager);
var csCtsSec = SetupUsers.GetCtsSecurityService(rapsContext.Object, context.Object, SetupUsers.UserType.CSTeam);
var stdCtsSec = SetupUsers.GetCtsSecurityService(rapsContext.Object, context.Object, SetupUsers.UserType.Student);

//act
var facCanViewOwnAssessment = facCtsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser1.AaudUserId, SetupUsers.facultyUser.AaudUserId);
var facCanViewOtherAssessments = facCtsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser1.AaudUserId, SetupUsers.otherFacultyUser.AaudUserId);
var managerCanViewAssessment = managerCtsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser1.AaudUserId, SetupUsers.facultyUser.AaudUserId);
var csTeamCanViewAssessment = csCtsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser1.AaudUserId, SetupUsers.facultyUser.AaudUserId);
var stdCanViewAssessment = stdCtsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser2.AaudUserId, SetupUsers.facultyUser.AaudUserId);

//assert
Assert.True(facCanViewOwnAssessment, "Faculty cannot view own assessment.");
Assert.False(facCanViewOtherAssessments, "Faculty can view assessment entered by another faculty.");
Assert.True(managerCanViewAssessment, "Manager cannot view assessment.");
//Might need clarification on this - should CS Team be allowed to view all assessments?
Assert.False(csTeamCanViewAssessment, "CS Team cannot view assessment.");
Assert.False(stdCanViewAssessment, "Student can view other student's assessment.");
}

/// <summary>
/// Test that an assessor can modify their own assessment, but only managers can modify another assessors.
/// </summary>
[Fact]
public void CheckAssessmentModificationAccess()
{
//arrange
var facCtsSec = SetupUsers.GetCtsSecurityService(rapsContext.Object, context.Object, SetupUsers.UserType.Faculty);
var managerCtsSec = SetupUsers.GetCtsSecurityService(rapsContext.Object, context.Object, SetupUsers.UserType.Manager);
var csCtsSec = SetupUsers.GetCtsSecurityService(rapsContext.Object, context.Object, SetupUsers.UserType.CSTeam);

//act
var facCanEditOwnAssessment = facCtsSec.CanEditStudentAssessment(SetupUsers.facultyUser.AaudUserId);
var facCanEditOtherAssessment = facCtsSec.CanEditStudentAssessment(SetupUsers.otherFacultyUser.AaudUserId);
var manCanEditOtherAssessment = managerCtsSec.CanEditStudentAssessment(SetupUsers.facultyUser.AaudUserId);
var csCanEditOtherAssessment = csCtsSec.CanEditStudentAssessment(SetupUsers.facultyUser.AaudUserId);

//assert
Assert.True(facCanEditOwnAssessment, "Faculty cannot edit own assessment.");
Assert.True(manCanEditOtherAssessment, "Manager cannot edit assessment.");
Assert.False(facCanEditOtherAssessment, "Faculty can edit another faculty's assessment.");
Assert.False(csCanEditOtherAssessment, "CS Team can edit faculty's assessment.");
}
}
}
271 changes: 271 additions & 0 deletions test/CTS/AssessmentControllerTest.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,271 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Storage;
using Moq;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Text;
using System.Threading.Tasks;
using Viper.Areas.CTS.Controllers;
using Viper.Areas.CTS.Models;
using Viper.Classes.SQLContext;
using Viper.Models.AAUD;
using Viper.Models.CTS;
using Viper.Models.RAPS;

namespace Viper.test.CTS
{
public class AssessmentControllerTest
{
Mock<VIPERContext> context = new Mock<VIPERContext>();
Mock<RAPSContext> rapsContext = new Mock<RAPSContext>();

private AssessmentController GetAssessmentController(SetupUsers.UserType userType)
{
var ctsSec = SetupUsers.GetCtsSecurityService(rapsContext.Object, context.Object, userType);

return new AssessmentController(context.Object, rapsContext.Object, ctsSec, SetupUsers.GetUserHelper(userType));
}


[Fact]
public async void GetAssessmentsCheckForbid()
{
//arrange
var actrlAsStd = GetAssessmentController(SetupUsers.UserType.Student);
var actrlAsFac = GetAssessmentController(SetupUsers.UserType.Faculty);
SetupAssessments.SetupEncountersTable(context);

//act
var studentViewOwnAssessments = await actrlAsStd.GetAssessments(null, SetupUsers.studentUser1.AaudUserId, null, null, null, null, null, null);
var studentViewOthersAssessments = await actrlAsStd.GetAssessments(null, SetupUsers.studentUser2.AaudUserId, null, null, null, null, null, null);
var studentViewAllAssessments = await actrlAsStd.GetAssessments(null, null, null, null, null, null, null, null);
var facCanViewOwnAssessments = await actrlAsFac.GetAssessments(null, null, SetupUsers.facultyUser.AaudUserId, null, null, null, null, null);

//assert
Assert.NotNull(studentViewOwnAssessments.Value);
Assert.NotEmpty(studentViewOwnAssessments.Value);

Assert.Null(studentViewOthersAssessments.Value);
Assert.NotNull(studentViewOthersAssessments.Result);
var result1 = studentViewOthersAssessments.Result as ObjectResult;
Assert.Equal((int)HttpStatusCode.Forbidden, result1?.StatusCode);

Assert.Null(studentViewAllAssessments.Value);
Assert.NotNull(studentViewAllAssessments.Result);
var result2 = studentViewAllAssessments.Result as ObjectResult;
Assert.Equal((int)HttpStatusCode.Forbidden, result2?.StatusCode);

Assert.NotNull(facCanViewOwnAssessments.Value);
Assert.NotEmpty(facCanViewOwnAssessments.Value);
}

[Fact]
public async void GetAssessmentsCheckData()
{
//arrange
var actrlAsStd = GetAssessmentController(SetupUsers.UserType.Student);
var actrlAsFac = GetAssessmentController(SetupUsers.UserType.Faculty);
SetupAssessments.SetupEncountersTable(context);

//act
var studentOwnAssessments = await actrlAsStd.GetAssessments(null, SetupUsers.studentUser1.AaudUserId, null, null, null, null, null, null);
var facOwnAssesments = await actrlAsFac.GetAssessments(null, null, SetupUsers.facultyUser.AaudUserId, null, null, null, null, null);

//assert
Assert.NotNull(studentOwnAssessments.Value);
Assert.Equal(2, studentOwnAssessments.Value.Count);

Assert.NotNull(facOwnAssesments.Value);
Assert.Equal(2, facOwnAssesments.Value.Count);
}

[Fact]
public async void GetAssessorsCheck()
{
//arrange
var actrlAsFac = GetAssessmentController(SetupUsers.UserType.Faculty);
SetupAssessments.SetupEncountersTable(context);
SetupPeople.SetupPersonTable(context);

//act
var facAssessors = await actrlAsFac.GetAssessors(null, null);

//assert
Assert.NotNull(facAssessors.Value);
Assert.NotEmpty(facAssessors.Value);
}

[Fact]
public async void GetAssessmentCheck()
{
//arrange
SetupAssessments.SetupEncountersTable(context);
SetupPeople.SetupPersonTable(context);
var actrlAsFac = GetAssessmentController(SetupUsers.UserType.Faculty);
var actrlAsStd = GetAssessmentController(SetupUsers.UserType.Student);
var actrlAsMgr = GetAssessmentController(SetupUsers.UserType.Manager);
var encounterIdExists = SetupAssessments.GetEncounters().First().EncounterId;
var encounterIdOtherFac = SetupAssessments.GetEncounters().Where(e => e.EnteredBy != SetupUsers.facultyUser.AaudUserId).First().EncounterId;
var encounterIdOtherStd = SetupAssessments.GetEncounters().Where(e => e.StudentUserId != SetupUsers.studentUser1.AaudUserId).First().EncounterId;
var encounterIdNotExists = 99999;

//act
var facOwnAssessment = await actrlAsFac.GetStudentAssessment(encounterIdExists);
var facOtherAssessment = await actrlAsFac.GetStudentAssessment(encounterIdOtherFac);
var stdOwnAssessment = await actrlAsStd.GetStudentAssessment(encounterIdExists);
var stdOtherAssessment = await actrlAsStd.GetStudentAssessment(encounterIdOtherStd);
var mgrNotFoundAssessment = await actrlAsMgr.GetStudentAssessment(encounterIdNotExists);

//assert
Assert.NotNull(facOwnAssessment.Value);
//Assert.True(IsForbidResult(facOtherAssessment));
Assert.NotNull(stdOwnAssessment.Value);
Assert.True(IsForbidResult(stdOtherAssessment));
Assert.True(IsNotFoundResult(mgrNotFoundAssessment));
Assert.False(IsNotFoundResult(facOwnAssessment));
}

[Fact]
public async void CreateStudentEpaCheck()
{
//arrange
SetupAssessments.SetupEncountersTable(context);
SetupPeople.SetupPersonTable(context);

//for begin transaction and commitasync
var transMock = new Mock<IDbContextTransaction>();
transMock.Setup(t => t.CommitAsync(It.IsAny<CancellationToken>())).Returns(Task.CompletedTask);
var facadeMock = new Mock<DatabaseFacade>(context.Object);
facadeMock.Setup(f => f.BeginTransactionAsync(It.IsAny<CancellationToken>())).ReturnsAsync(transMock.Object);
facadeMock.Setup(f => f.BeginTransaction()).Returns(transMock.Object);
context.SetupGet(d => d.Database).Returns(facadeMock.Object);

var actrlAsFac = GetAssessmentController(SetupUsers.UserType.Faculty);
var newEpa = new CreateUpdateStudentEpa()
{
EncounterDate = DateTime.Now,
Comment = "A comment",
EpaId = 0,
LevelId = 0,
ServiceId = 0,
StudentId = SetupUsers.studentUser1.AaudUserId,
};

//act
var createResult = await actrlAsFac.CreateStudentEpa(newEpa);

//assert
Assert.NotNull(createResult.Value);

//cleanup
SetupAssessments.Encounters.RemoveAt(SetupAssessments.Encounters.FindIndex(e => e.EncounterId == 0));
}

[Fact]
public async void UpdateStudentEpaCheck()
{
//arrange
SetupAssessments.SetupEncountersTable(context);
SetupPeople.SetupPersonTable(context);

//for begin transaction and commitasync
var transMock = new Mock<IDbContextTransaction>();
transMock.Setup(t => t.CommitAsync(It.IsAny<CancellationToken>())).Returns(Task.CompletedTask);
var facadeMock = new Mock<DatabaseFacade>(context.Object);
facadeMock.Setup(f => f.BeginTransactionAsync(It.IsAny<CancellationToken>())).ReturnsAsync(transMock.Object);
facadeMock.Setup(f => f.BeginTransaction()).Returns(transMock.Object);
context.SetupGet(d => d.Database).Returns(facadeMock.Object);

var actrlAsFac = GetAssessmentController(SetupUsers.UserType.Faculty);
var actrlAsStd = GetAssessmentController(SetupUsers.UserType.Student);

var encId1 = SetupAssessments.Encounters.Where(e => e.EnteredBy == SetupUsers.facultyUser.AaudUserId).First().EncounterId;
var encId2 = SetupAssessments.Encounters.Where(e => e.EnteredBy != SetupUsers.facultyUser.AaudUserId).First().EncounterId;

var epa1 = new CreateUpdateStudentEpa()
{
EncounterId = encId1,
EncounterDate = DateTime.Now,
Comment = "A comment",
EpaId = 0,
LevelId = 0,
ServiceId = 0,
StudentId = SetupUsers.studentUser1.AaudUserId,
};
var epa2 = new CreateUpdateStudentEpa()
{
EncounterId = encId2,
EncounterDate = DateTime.Now,
Comment = "A comment",
EpaId = 0,
LevelId = 0,
ServiceId = 0,
StudentId = SetupUsers.studentUser1.AaudUserId,
};
var epa3 = new CreateUpdateStudentEpa()
{
EncounterId = 99999,
EncounterDate = DateTime.Now,
Comment = "A comment",
EpaId = 0,
LevelId = 0,
ServiceId = 0,
StudentId = SetupUsers.studentUser1.AaudUserId,
};

//act
var fac1Result = await actrlAsFac.UpdateStudentEpa((int)epa1.EncounterId, epa1);
var fac2Result = await actrlAsFac.UpdateStudentEpa((int)epa2.EncounterId, epa2);
var stdResult = await actrlAsStd.UpdateStudentEpa((int)epa1.EncounterId, epa1);
var notFoundResult = await actrlAsFac.UpdateStudentEpa((int)epa3.EncounterId, epa3);

//assert
Assert.NotNull(fac1Result.Value);
Assert.True(IsForbidResult(fac2Result), "Faculty 2 result should be forbidden");
Assert.True(IsForbidResult(stdResult), "Student result should be forbidden");
Assert.True(IsNotFoundResult(notFoundResult), "Not Found result should be not found");
}

private static bool IsForbidResult<T>(ActionResult<T> a)
{
try
{
Assert.Null(a.Value);
Assert.NotNull(a.Result);
var result = a.Result as ObjectResult;
var forbidResult = a.Result as ForbidResult;
if(result != null)
{
Assert.Equal((int)HttpStatusCode.Forbidden, result?.StatusCode);
}
Assert.True(result != null || forbidResult != null);

}
catch (Exception)
{
return false;
}
return true;
}

private static bool IsNotFoundResult<T>(ActionResult<T> a)
{
try
{
Assert.Null(a.Value);
Assert.NotNull(a.Result);
var result = a.Result as NotFoundResult;
Assert.Equal((int)HttpStatusCode.NotFound, result?.StatusCode);
}
catch (Exception)
{
return false;
}
return true;
}

}
}
Loading

0 comments on commit 6340c5d

Please sign in to comment.