public async Task GetMemberUploadDataHandler_NotOrganisationUser_ThrowsSecurityException()
{
var denyingAuthorization = AuthorizationBuilder.CreateUserDeniedFromAccessingOrganisation();
var handler = new GetMemberUploadDataHandler(denyingAuthorization, A.Dummy <WeeeContext>(), A.Dummy <MemberUploadErrorMap>());
var message = new GetMemberUploadData(Guid.NewGuid(), Guid.NewGuid());
await Assert.ThrowsAsync <SecurityException>(async() => await handler.HandleAsync(message));
}
public async Task GetMemberUploadDataHandler_NotOrganisationUser_ThrowsSecurityException()
{
var denyingAuthorization = AuthorizationBuilder.CreateUserDeniedFromAccessingOrganisation();
var handler = new GetMemberUploadDataHandler(denyingAuthorization, A.Dummy<WeeeContext>(), A.Dummy<MemberUploadErrorMap>());
var message = new GetMemberUploadData(Guid.NewGuid(), Guid.NewGuid());
await Assert.ThrowsAsync<SecurityException>(async () => await handler.HandleAsync(message));
}
public async Task <List <ErrorData> > HandleAsync(GetMemberUploadData message)
{
authorization.EnsureInternalOrOrganisationAccess(message.PcsId);
var memberUpload = await context.MemberUploads.FirstOrDefaultAsync(m => m.Id == message.MemberUploadId);
if (memberUpload == null)
{
throw new ArgumentNullException(string.Format("Could not find a MemberUpload with id {0}", message.MemberUploadId));
}
if (memberUpload.OrganisationId != message.PcsId)
{
throw new ArgumentException(string.Format("Member upload {0} is not owned by PCS {1}", message.MemberUploadId, message.PcsId));
}
return(memberUpload.Errors.OrderBy(e => e.LineNumber).Select(e => memberUploadErrorMap.Map(e)).ToList());
}
