public ActionResult Note(Guid noteId)
{
try
{
var member = CurrentMember;
var note = _memberJobAdNotesQuery.GetNote(member, noteId);
if (note == null)
{
return(JsonNotFound("note"));
}
return(Json(new JsonNoteModel
{
Note = new NoteModel
{
Id = note.Id,
Text = note.Text,
UpdatedTime = note.UpdatedTime,
CanUpdate = _memberJobAdNotesCommand.CanUpdateNote(member, note),
CanDelete = _memberJobAdNotesCommand.CanDeleteNote(member, note),
}
}));
}
catch (UserException ex)
{
ModelState.AddModelError(ex, new StandardErrorHandler());
}
return(Json(new JsonResponseModel()));
}
public void TestNoteOwner()
{
var employer = CreateEmployer(0);
var jobAd = _jobAdsCommand.PostTestJobAd(employer);
var noteCreator = _membersCommand.CreateTestMember(1);
var noteOtherCreator = _membersCommand.CreateTestMember(2);
// Add a private one.
var note1 = CreateNote(1, noteCreator, jobAd.Id);
// Add another.
NoteCreationDelay();
var note2 = CreateNote(2, noteCreator, jobAd.Id);
AssertNotes(noteCreator, jobAd.Id, new[] { note2, note1 }, new MemberJobAdNote[0]);
AssertHasNotes(noteCreator, jobAd.Id);
// Try to update the first text as the reader.
const string updatedText = "Updated first note";
var note = _memberJobAdNotesQuery.GetNote(noteCreator, note1.Id);
note.Text = updatedText;
try
{
_memberJobAdNotesCommand.UpdateNote(noteOtherCreator, note);
Assert.Fail();
}
catch (NoteOwnerPermissionsException)
{
}
AssertNotes(noteCreator, jobAd.Id, new[] { note2, note1 }, new MemberJobAdNote[0]);
AssertHasNotes(noteCreator, jobAd.Id);
// Try to update the second text as the reader.
note = _memberJobAdNotesQuery.GetNote(noteCreator, note2.Id);
note.Text = updatedText;
try
{
_memberJobAdNotesCommand.UpdateNote(noteOtherCreator, note);
Assert.Fail();
}
catch (NoteOwnerPermissionsException)
{
}
AssertNotes(noteCreator, jobAd.Id, new[] { note2, note1 }, new MemberJobAdNote[0]);
AssertHasNotes(noteCreator, jobAd.Id);
// Try to delete the first one.
try
{
_memberJobAdNotesCommand.DeleteNote(noteOtherCreator, note1.Id);
Assert.Fail();
}
catch (NoteOwnerPermissionsException)
{
}
AssertNotes(noteCreator, jobAd.Id, new[] { note2, note1 }, new MemberJobAdNote[0]);
AssertHasNotes(noteCreator, jobAd.Id);
// Try to delete the second one.
try
{
_memberJobAdNotesCommand.DeleteNote(noteOtherCreator, note2.Id);
Assert.Fail();
}
catch (NoteOwnerPermissionsException)
{
}
AssertNotes(noteCreator, jobAd.Id, new[] { note2, note1 }, new MemberJobAdNote[0]);
AssertHasNotes(noteCreator, jobAd.Id);
}
