public void GetOrder()
        {
            unitOfWork.Data = Utils.CreateAdminAndUser();
            //NO user
            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "0");
            var result = controller.GetOrder("o", "c");

            Assert.IsInstanceOfType(result.Result, typeof(UnauthorizedResult));

            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2");
            var permissions = new List <Permission>
            {
                new Permission {
                    id = (int)PermissionId.ViewOrderHistory
                }
            };

            cache.Set($"permissions_2", permissions, null);
            result = controller.GetOrder("o", "c1");
            Assert.IsNotNull(result);
            Assert.IsNotNull(apiClient.Parameters);
            Assert.IsTrue(apiClient.Parameters.ContainsKey("order_no"));
            Assert.IsTrue(apiClient.Parameters.ContainsKey("customer_code"));
            Assert.AreEqual(unitOfWork.Data.Users.FirstOrDefault(u => u.id == 2)?.customer_code, apiClient.Parameters["customer_code"]);

            //Branch admin
            unitOfWork.Data           = Utils.CreateAdminAndUser();
            apiClient.Data.Order      = new Order();
            unitOfWork.Data.Customers = new List <Customer>
            {
                new Customer {
                    code = "c1"
                },
                new Customer {
                    code = "c2", invoice_customer = "c3"
                },
                new Customer {
                    code = "c3"
                }
            };

            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "3");
            cache.Set($"permissions_3", permissions, null);
            unitOfWork.Data.Users.Add(new User {
                id = 3, Roles = new List <Role> {
                    new Role {
                        id = Role.BranchAdmin
                    }
                }, customer_code = "c3"
            });
            var res = controller.GetOrder("o", "c3").Result;

            Assert.IsNotNull(res);
            Assert.AreEqual("c3", apiClient.Parameters["customer_code"]);
            res = controller.GetOrder("o", "c2").Result;
            Assert.IsNotNull(res);
            Assert.AreEqual("c2", apiClient.Parameters["customer_code"]);

            res = controller.GetOrder("o", "c1").Result;
            Assert.IsNotNull(res);
            Assert.AreNotEqual("c1", apiClient.Parameters["customer_code"]);

            //permissions
            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2");
            cache.Remove("permissions_2");
            res = controller.GetOrder("o", "c2").Result;
            Assert.IsNotNull(res);
            Assert.IsInstanceOfType(res, typeof(UnauthorizedResult));
        }
        public void GetPrice()
        {
            var code = "code";

            unitOfWork.Data = Utils.CreateAdminAndUser();
            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2");
            var permissions = new List <Permission>
            {
                new Permission {
                    id = (int)PermissionId.ViewStockSearch
                }
            };

            cache.Set($"permissions_2", permissions, null);
            var customer_code = "c1";
            var result        = controller.getPrice(customer_code, code);

            Assert.IsInstanceOfType(result.Result, typeof(UnauthorizedResult));

            unitOfWork.Data.Users.FirstOrDefault(u => u.id == 2).isInternal = true;
            result = controller.getPrice(customer_code, code);
            Assert.IsNotInstanceOfType(result, typeof(UnauthorizedResult));
            Assert.IsTrue(apiClient.Parameters.ContainsKey("customer"));
            Assert.IsTrue(apiClient.Parameters.ContainsKey("product"));
            Assert.IsInstanceOfType((result.Result as OkNegotiatedContentResult <Task <object> >)?.Content?.Result, typeof(ProductPrices));

            //Branch admin
            unitOfWork.Data           = Utils.CreateAdminAndUser();
            apiClient.Data.Orders     = new List <Order>();
            unitOfWork.Data.Customers = new List <Customer>
            {
                new Customer {
                    code = "c1"
                },
                new Customer {
                    code = "c2", invoice_customer = "c3"
                },
                new Customer {
                    code = "c3"
                }
            };
            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "3");
            cache.Set($"permissions_3", permissions, null);
            unitOfWork.Data.Users.Add(new User {
                id = 3, Roles = new List <Role> {
                    new Role {
                        id = Role.BranchAdmin
                    }
                }, customer_code = "c3"
            });
            var res = controller.getPrice("c3", code).Result;

            Assert.IsNotNull(res);
            Assert.AreEqual("c3", apiClient.Parameters["customer"]);
            res = controller.getPrice("c2", code).Result;
            Assert.IsNotNull(res);
            Assert.IsNotInstanceOfType(res, typeof(UnauthorizedResult));
            Assert.AreEqual("c2", apiClient.Parameters["customer"]);

            res = controller.getPrice("c1", code).Result;
            Assert.IsNotNull(res);
            Assert.IsInstanceOfType(res, typeof(UnauthorizedResult));

            //user permissions
            cache.Remove("permissions_2");
            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2");
            res = controller.getPrice("c2", code).Result;
            Assert.IsNotNull(res);
            Assert.IsInstanceOfType(res, typeof(UnauthorizedResult));
        }