public ActionResult Note(Guid noteId) { try { var member = CurrentMember; var note = _memberJobAdNotesQuery.GetNote(member, noteId); if (note == null) { return(JsonNotFound("note")); } return(Json(new JsonNoteModel { Note = new NoteModel { Id = note.Id, Text = note.Text, UpdatedTime = note.UpdatedTime, CanUpdate = _memberJobAdNotesCommand.CanUpdateNote(member, note), CanDelete = _memberJobAdNotesCommand.CanDeleteNote(member, note), } })); } catch (UserException ex) { ModelState.AddModelError(ex, new StandardErrorHandler()); } return(Json(new JsonResponseModel())); }
public void TestNoteOwner() { var employer = CreateEmployer(0); var jobAd = _jobAdsCommand.PostTestJobAd(employer); var noteCreator = _membersCommand.CreateTestMember(1); var noteOtherCreator = _membersCommand.CreateTestMember(2); // Add a private one. var note1 = CreateNote(1, noteCreator, jobAd.Id); // Add another. NoteCreationDelay(); var note2 = CreateNote(2, noteCreator, jobAd.Id); AssertNotes(noteCreator, jobAd.Id, new[] { note2, note1 }, new MemberJobAdNote[0]); AssertHasNotes(noteCreator, jobAd.Id); // Try to update the first text as the reader. const string updatedText = "Updated first note"; var note = _memberJobAdNotesQuery.GetNote(noteCreator, note1.Id); note.Text = updatedText; try { _memberJobAdNotesCommand.UpdateNote(noteOtherCreator, note); Assert.Fail(); } catch (NoteOwnerPermissionsException) { } AssertNotes(noteCreator, jobAd.Id, new[] { note2, note1 }, new MemberJobAdNote[0]); AssertHasNotes(noteCreator, jobAd.Id); // Try to update the second text as the reader. note = _memberJobAdNotesQuery.GetNote(noteCreator, note2.Id); note.Text = updatedText; try { _memberJobAdNotesCommand.UpdateNote(noteOtherCreator, note); Assert.Fail(); } catch (NoteOwnerPermissionsException) { } AssertNotes(noteCreator, jobAd.Id, new[] { note2, note1 }, new MemberJobAdNote[0]); AssertHasNotes(noteCreator, jobAd.Id); // Try to delete the first one. try { _memberJobAdNotesCommand.DeleteNote(noteOtherCreator, note1.Id); Assert.Fail(); } catch (NoteOwnerPermissionsException) { } AssertNotes(noteCreator, jobAd.Id, new[] { note2, note1 }, new MemberJobAdNote[0]); AssertHasNotes(noteCreator, jobAd.Id); // Try to delete the second one. try { _memberJobAdNotesCommand.DeleteNote(noteOtherCreator, note2.Id); Assert.Fail(); } catch (NoteOwnerPermissionsException) { } AssertNotes(noteCreator, jobAd.Id, new[] { note2, note1 }, new MemberJobAdNote[0]); AssertHasNotes(noteCreator, jobAd.Id); }