public async Task <IHttpActionResult> Discount(int id, decimal discount)
{
if (discount < 1 || discount > 100)
{
return(BadRequest(ModelState));
}
Product product = await _store.GetByIdAsync(id);
if (product == null)
{
return(NotFound());
}
var operation = ProductOperations.GiveDiscount(discount);
if (await _authz.AuthorizeAsync((ClaimsPrincipal)User, product, operation))
{
product.Price -= discount;
await _store.UpdateAsync(product);
return(Ok(product));
}
return(StatusCode(HttpStatusCode.Forbidden));
}
public async Task <IActionResult> Discount(ProductDiscountViewModel model)
{
if (!ModelState.IsValid)
{
return(RedirectToAction("Details", new { model.Id }));
}
Product product = await _store.GetByIdAsync(model.Id);
if (product == null)
{
return(NotFound());
}
var operation = ProductOperations.GiveDiscount(model.Discount);
if (await _authz.AuthorizeAsync(User, product, operation))
{
product.Price -= model.Discount;
await _store.UpdateAsync(product);
return(RedirectToAction("Index"));
}
return(new ChallengeResult());
}
public void Not_Senior_Sales_Department_User_Allowed_To_Discount_Standard_Product_If_External_Service_Allows()
{
var requirement = ProductOperations.GiveDiscount(10);
var user = CreateSalesDepartmentPrincipal();
var product = new Product {
Id = 1, ProductType = ProductType.Standard
};
var context = new AuthorizationContext(new[] { requirement }, user, product);
_isDiscountAllowedResult = true;
_handler.Handle(context);
context.HasSucceeded.Should().BeTrue();
}
public void Senior_Sales_Department_User_NOT_Allowed_To_Discount_Special_Product_If_External_Service_NOT_Allows()
{
var requirement = ProductOperations.GiveDiscount(10);
var user = CreateSalesDepartmentPrincipal();
user.Identities.First().AddClaim(new Claim("status", "senior"));
var product = new Product {
Id = 1, ProductType = ProductType.Special
};
var context = new AuthorizationContext(new[] { requirement }, user, product);
_isDiscountAllowedResult = false;
_handler.Handle(context);
context.HasSucceeded.Should().BeFalse();
}