public Setup()
{
RegularUserId = HttpHostFixture.GetUserId("paul");
ManagerUserId = HttpHostFixture.GetUserId("manager");
AdminUserId = HttpHostFixture.GetUserId("admin");
AuthorizationToken = HttpHostFixture.GetTokenFor("manager", "manager123$");
}
public void User_is_forbidden_to_access_meals_of_others()
{
var userId = HttpHostFixture.GetUserId("paul");
var token = HttpHostFixture.GetTokenFor("saul", "saul123$");
var request = new HttpRequestMessage(HttpMethod.Get, new Uri(HttpHostFixture.UrlBase + $"/users/{userId}/meals"));
HttpHostFixture.AppendAuthentication(request, token);
var result = HttpHostFixture.HttpClient.SendAsync(request).Result;
Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
}
public void Administrator_can_access_meals_of_every_user()
{
var userId = HttpHostFixture.GetUserId("saul");
var token = HttpHostFixture.GetTokenFor("admin", "admin123$");
var request = new HttpRequestMessage(HttpMethod.Get, new Uri(HttpHostFixture.UrlBase + $"/users/{userId}/meals"));
HttpHostFixture.AppendAuthentication(request, token);
var result = HttpHostFixture.HttpClient.SendAsync(request).Result;
Assert.Equal(HttpStatusCode.OK, result.StatusCode);
}
public Setup()
{
RegularUserId = HttpHostFixture.GetUserId("paul");
AuthorizationToken = HttpHostFixture.GetTokenFor("admin", "admin123$");
}