public AuthorizationBuilder AllowInternalAreaAccess()
{
A.CallTo(() => fake.EnsureCanAccessInternalArea()).DoesNothing();
A.CallTo(() => fake.EnsureCanAccessInternalArea(A <bool> ._)).DoesNothing();
A.CallTo(() => fake.CheckCanAccessInternalArea()).Returns(true);
A.CallTo(() => fake.CheckCanAccessInternalArea(A <bool> ._)).Returns(true);
return(this);
}
public async Task GetUserDataHandler_NotRequestingCurrentUser_AndUserIsNotAdmin_ThrowsException()
{
var otherUserId = Guid.NewGuid().ToString();
A.CallTo(() => userContext.UserId)
.Returns(Guid.NewGuid());
A.CallTo(() => weeeAuthorization.CheckCanAccessInternalArea())
.Returns(false);
await
Assert.ThrowsAsync <UnauthorizedAccessException>(
async() => await GetUserDataHandler().HandleAsync(new GetUserData(otherUserId)));
}
public async Task <bool> HandleAsync(UpdateSchemeContactDetails message)
{
authorization.EnsureInternalOrOrganisationAccess(message.SchemeData.OrganisationId);
if (authorization.CheckCanAccessInternalArea())
{
authorization.EnsureUserInRole(Roles.InternalAdmin);
}
var scheme = await dataAccess.FetchSchemeAsync(message.SchemeData.OrganisationId);
if (scheme == null)
{
var errorMessage = $"A scheme with organisation id \"{message.SchemeData.OrganisationId}\" could not be found.";
throw new ArgumentException(errorMessage);
}
var contact = new Contact(
message.SchemeData.Contact.FirstName,
message.SchemeData.Contact.LastName,
message.SchemeData.Contact.Position);
var contactChanged = !contact.Equals(scheme.Contact);
scheme.AddOrUpdateMainContactPerson(contact);
var country = await dataAccess.FetchCountryAsync(message.SchemeData.Address.CountryId);
var address = new Address(
message.SchemeData.Address.Address1,
message.SchemeData.Address.Address2,
message.SchemeData.Address.TownOrCity,
message.SchemeData.Address.CountyOrRegion,
message.SchemeData.Address.Postcode,
country,
message.SchemeData.Address.Telephone,
message.SchemeData.Address.Email);
var schemeAddressChanged = !address.Equals(scheme.Address);
scheme.AddOrUpdateAddress(address);
await dataAccess.SaveAsync();
if (message.SendNotificationOnChange &&
(contactChanged || schemeAddressChanged) && scheme.CompetentAuthority != null)
{
await weeeEmailService.SendOrganisationContactDetailsChanged(scheme.CompetentAuthority.Email, scheme.SchemeName, EntityType.Pcs);
}
return(true);
}
public async Task <UserData> HandleAsync(GetUserData query)
{
string userId = userContext.UserId.ToString();
if (query.Id != userId && !weeeAuthorization.CheckCanAccessInternalArea())
{
throw new UnauthorizedAccessException(
string.Format("User {0} is not able to access data relating to another user ({1})", userId, query.Id));
}
return(await context.Users.Select(u => new UserData
{
Email = u.Email,
FirstName = u.FirstName,
Id = u.Id,
Surname = u.Surname,
}).SingleOrDefaultAsync(u => u.Id == query.Id));
}
