Skip to content

Commit

Permalink
Updating CTS View Assessments permission and updating unit test to re…
Browse files Browse the repository at this point in the history 
…flect desired acces.
  • Loading branch information
@bsedwards
bsedwards committed Nov 1, 2024
1 parent cff5efa commit bfdacc9
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 26 deletions.
7 changes: 5 additions & 2 deletions test/CTS/AssessmentAccessTest.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,14 +48,17 @@ public void AssessorAccessTest()

//act
var facCanViewOwnAssessment = facCtsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser1.AaudUserId, SetupUsers.facultyUser.AaudUserId);
var facCanViewOtherAssessments = facCtsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser1.AaudUserId, SetupUsers.otherFacultyUser.AaudUserId);
var managerCanViewAssessment = managerCtsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser1.AaudUserId, SetupUsers.facultyUser.AaudUserId);
var csTeamCanViewAssessment = csCtsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser1.AaudUserId, SetupUsers.facultyUser.AaudUserId);
var stdCanViewAssessment = stdCtsSec.CheckStudentAssessmentViewAccess(SetupUsers.studentUser2.AaudUserId, SetupUsers.facultyUser.AaudUserId);

//assert
Assert.True(facCanViewOwnAssessment, "Faculty cannot view own assessment.");
Assert.False(facCanViewOtherAssessments, "Faculty can view assessment entered by another faculty.");
Assert.True(managerCanViewAssessment, "Manager cannot view assessment.");
Assert.True(csTeamCanViewAssessment, "CS Team cannot view assessment.");
//Might need clarification on this - should CS Team be allowed to view all assessments?
Assert.False(csTeamCanViewAssessment, "CS Team cannot view assessment.");
Assert.False(stdCanViewAssessment, "Student can view other student's assessment.");
}

Expand All @@ -77,7 +80,7 @@ public void CheckAssessmentModificationAccess()
var csCanEditOtherAssessment = csCtsSec.CanEditStudentAssessment(SetupUsers.facultyUser.AaudUserId);

//assert
Assert.True(facCanEditOwnAssessment, "Faculty cannot editown assessment.");
Assert.True(facCanEditOwnAssessment, "Faculty cannot edit own assessment.");
Assert.True(manCanEditOtherAssessment, "Manager cannot edit assessment.");
Assert.False(facCanEditOtherAssessment, "Faculty can edit another faculty's assessment.");
Assert.False(csCanEditOtherAssessment, "CS Team can edit faculty's assessment.");
Expand Down
4 changes: 3 additions & 1 deletion test/CTS/AssessmentControllerTest.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,6 @@ public async void CreateStudentEpaCheck()
facadeMock.Setup(f => f.BeginTransaction()).Returns(transMock.Object);
context.SetupGet(d => d.Database).Returns(facadeMock.Object);


var actrlAsFac = GetAssessmentController(SetupUsers.UserType.Faculty);
var newEpa = new CreateUpdateStudentEpa()
{
Expand All @@ -160,6 +159,9 @@ public async void CreateStudentEpaCheck()

//assert
Assert.NotNull(createResult.Value);

//cleanup
SetupAssessments.Encounters.RemoveAt(SetupAssessments.Encounters.FindIndex(e => e.EncounterId == 0));
}

[Fact]
Expand Down
17 changes: 0 additions & 17 deletions test/CTS/SetupAssessments.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,23 +84,6 @@ public static void SetupEncountersTable(Mock<VIPERContext> context)
};
Encounters.Add(e);
});
/*
var mockSet = new Mock<DbSet<Encounter>>();
mockSet.As<IEnumerable<Encounter>>()
.Setup(m => m.GetEnumerator())
.Returns(encounters.GetEnumerator());
//mockSet.Setup(m => m.FindAsync(RoleId))
//.ReturnsAsync(roles.Where(r => r.RoleId == RoleId).FirstOrDefault());
mockSet.As<IQueryable<Encounter>>().Setup(m => m.Provider).Returns(encounters.Provider);
mockSet.As<IQueryable<Encounter>>().Setup(m => m.Expression).Returns(encounters.Expression);
mockSet.As<IQueryable<Encounter>>().Setup(m => m.ElementType).Returns(encounters.ElementType);
mockSet.As<IQueryable<Encounter>>().Setup(m => m.GetEnumerator()).Returns(() => encounters.GetEnumerator());
//mockSet.As<IQueryable<Encounter>>().Setup(m => m.ToListAsync()).Returns(Task.FromResult(encounters.ToList()));
context.Setup(c => c.Encounters).Returns(mockSet.Object);
*/

}
}
}
13 changes: 7 additions & 6 deletions web/Areas/CTS/Services/CtsSecurityService.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ public class CtsSecurityService
public IUserHelper userHelper;

private const string ManagerPermission = "SVMSecure.CTS.Manage";
private const string AssessmentsViewPermission = "SVMSecure.CTS.StudentAssessments";
private const string AssessmentsViewPermission = "SVMSecure.CTS.ViewAllStudentAssessments";
private const string AssessClinicalPermission = "SVMSecure.CTS.AssessClinical";


Expand All @@ -31,17 +31,18 @@ public CtsSecurityService(RAPSContext rapsContext, VIPERContext viperContext, IU
/// <returns></returns>
public bool CheckStudentAssessmentViewAccess(int? studentId = null, int? enteredBy = null)
{
if(userHelper.HasPermission(rapsContext, userHelper.GetCurrentUser(), ManagerPermission) ||
userHelper.HasPermission(rapsContext, userHelper.GetCurrentUser(), AssessmentsViewPermission))
var currentUser = userHelper.GetCurrentUser();
if (userHelper.HasPermission(rapsContext, currentUser, ManagerPermission) ||
userHelper.HasPermission(rapsContext, currentUser, AssessmentsViewPermission))
{
return true;
}
if (userHelper.HasPermission(rapsContext, userHelper.GetCurrentUser(), AssessClinicalPermission)
&& enteredBy != null && enteredBy == userHelper.GetCurrentUser()?.AaudUserId)
if (userHelper.HasPermission(rapsContext, currentUser, AssessClinicalPermission)
&& enteredBy != null && enteredBy == currentUser?.AaudUserId)
{
return true;
}
if(studentId == userHelper.GetCurrentUser()?.AaudUserId)
if (studentId == currentUser?.AaudUserId)
{
return true;
}
Expand Down

0 comments on commit bfdacc9

Please sign in to comment.