using SharepointToolbox.Core.Helpers; namespace SharepointToolbox.Tests.Services; /// /// Tests for PERM-03: external user detection and permission-level filtering. /// Pure static logic — runs immediately without stubs. /// public class PermissionEntryClassificationTests { // ── IsExternalUser ───────────────────────────────────────────────────────── [Fact] public void IsExternalUser_WithExtHashInLoginName_ReturnsTrue() { // B2B guest login names contain the literal "#EXT#" fragment Assert.True(PermissionEntryHelper.IsExternalUser("ext_user_domain.com#EXT#@contoso.onmicrosoft.com")); } [Fact] public void IsExternalUser_WithNormalLoginName_ReturnsFalse() { Assert.False(PermissionEntryHelper.IsExternalUser("i:0#.f|membership|alice@contoso.com")); } // ── FilterPermissionLevels ───────────────────────────────────────────────── [Fact] public void PermissionEntry_FiltersOutLimitedAccess_WhenOnlyPermissionIsLimitedAccess() { // A principal whose sole permission level is "Limited Access" should produce // an empty list after filtering — used to decide whether to include the entry. var result = PermissionEntryHelper.FilterPermissionLevels(new[] { "Limited Access" }); Assert.Empty(result); } [Fact] public void FilterPermissionLevels_RetainsOtherLevels_WhenMixedWithLimitedAccess() { var result = PermissionEntryHelper.FilterPermissionLevels(new[] { "Limited Access", "Contribute" }); Assert.Equal(new[] { "Contribute" }, result); } // ── IsSharingLinksGroup ──────────────────────────────────────────────────── [Fact] public void IsSharingLinksGroup_WithSharingLinksPrefix_ReturnsTrue() { Assert.True(PermissionEntryHelper.IsSharingLinksGroup("SharingLinks.abc123.Edit")); } [Fact] public void IsSharingLinksGroup_WithLimitedAccessSystemGroup_ReturnsTrue() { Assert.True(PermissionEntryHelper.IsSharingLinksGroup("Limited Access System Group")); } [Fact] public void IsSharingLinksGroup_WithNormalGroup_ReturnsFalse() { Assert.False(PermissionEntryHelper.IsSharingLinksGroup("Owners")); } }