Red — the decide endpoint does not exist yet. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
115 lines
3.9 KiB
C#
115 lines
3.9 KiB
C#
using System.Net;
|
|
using System.Net.Http.Headers;
|
|
using System.Net.Http.Json;
|
|
using Bff.Api;
|
|
|
|
namespace Bff.Tests;
|
|
|
|
/// <summary>
|
|
/// The behandel werkbak endpoint (S-12c): reached only with a medewerker-realm token that carries the
|
|
/// <c>behandelaar</c> role. A missing token is 401; an authenticated medewerker without the role is
|
|
/// 403; a behandelaar gets the werkbak (staff view, incl. bsn).
|
|
/// </summary>
|
|
public class BehandelEndpointTests
|
|
{
|
|
private static HttpRequestMessage Werkbak(string? bearer)
|
|
{
|
|
var request = new HttpRequestMessage(HttpMethod.Get, "/behandel/werkbak");
|
|
if (bearer is not null)
|
|
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", bearer);
|
|
return request;
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Rejects_the_werkbak_without_a_token()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient().SendAsync(Werkbak(bearer: null));
|
|
|
|
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Rejects_a_medewerker_without_the_behandelaar_role()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient().SendAsync(Werkbak(TestTokens.Medewerker("teamlead")));
|
|
|
|
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Serves_the_werkbak_to_a_behandelaar()
|
|
{
|
|
using var factory = new BffFactory();
|
|
factory.Domain.Werkbak.Add(new WerkbakItem("reg-1", "123456782", "InBehandeling"));
|
|
|
|
var response = await factory.CreateClient().SendAsync(Werkbak(TestTokens.Medewerker("behandelaar")));
|
|
|
|
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
|
|
var items = await response.Content.ReadFromJsonAsync<List<WerkbakItem>>();
|
|
var item = Assert.Single(items!);
|
|
Assert.Equal("reg-1", item.RegistrationId);
|
|
Assert.Equal("123456782", item.Bsn);
|
|
}
|
|
|
|
private static HttpRequestMessage Decide(string? bearer, string id = "reg-1", string besluit = "goedkeuren")
|
|
{
|
|
var request = new HttpRequestMessage(HttpMethod.Post, $"/behandel/registrations/{id}/decide")
|
|
{
|
|
Content = JsonContent.Create(new { besluit }),
|
|
};
|
|
if (bearer is not null)
|
|
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", bearer);
|
|
return request;
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Rejects_a_decision_without_a_token()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient().SendAsync(Decide(bearer: null));
|
|
|
|
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
|
Assert.Null(factory.Domain.Decided);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Rejects_a_decision_from_a_medewerker_without_the_behandelaar_role()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient().SendAsync(Decide(TestTokens.Medewerker("teamlead")));
|
|
|
|
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
|
|
Assert.Null(factory.Domain.Decided);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Forwards_a_behandelaar_decision_to_the_domain()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient()
|
|
.SendAsync(Decide(TestTokens.Medewerker("behandelaar"), id: "reg-42", besluit: "afwijzen"));
|
|
|
|
Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
|
|
Assert.Equal(("reg-42", "afwijzen"), factory.Domain.Decided);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Rejects_an_unknown_besluit_without_calling_the_domain()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient()
|
|
.SendAsync(Decide(TestTokens.Medewerker("behandelaar"), besluit: "misschien"));
|
|
|
|
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
|
|
Assert.Null(factory.Domain.Decided);
|
|
}
|
|
}
|