private async Task <object> ResolveOrdersConnectionAsync(IMediator mediator, IResolveConnectionContext <object> context)
{
var first = context.First;
var skip = Convert.ToInt32(context.After ?? 0.ToString());
var request = new SearchOrderQuery
{
Skip = skip,
Take = first ?? context.PageSize ?? 10,
Filter = context.GetArgument <string>("filter"),
Sort = context.GetArgument <string>("sort"),
CultureName = context.GetArgument <string>(nameof(Currency.CultureName).ToCamelCase()),
CustomerId = context.GetArgumentOrValue <string>("userId")
};
context.CopyArgumentsToUserContext();
var allCurrencies = await _currencyService.GetAllCurrenciesAsync();
//Store all currencies in the user context for future resolve in the schema types
context.SetCurrencies(allCurrencies, request.CultureName);
var authorizationResult = await _authorizationService.AuthorizeAsync(context.GetCurrentPrincipal(), request, new CanAccessOrderAuthorizationRequirement());
if (!authorizationResult.Succeeded)
{
throw new ExecutionError($"Access denied");
}
var response = await mediator.Send(request);
foreach (var customerOrderAggregate in response.Results)
{
context.SetExpandedObjectGraph(customerOrderAggregate);
}
return(new PagedConnection <CustomerOrderAggregate>(response.Results, skip, Convert.ToInt32(context.After ?? 0.ToString()), response.TotalCount));
}
public async Task CanAccessOrderAuthorizationHandler_SearchOrdersWithoutAuth_ShouldFail(SearchOrderQuery query)
{
//Arrange
var requirements = new[] { new CanAccessOrderAuthorizationRequirement() };
var user = new ClaimsPrincipal(new ClaimsIdentity());
var context = new AuthorizationHandlerContext(requirements, user, query);
var subject = new CanAccessOrderAuthorizationHandler();
//Act
await subject.HandleAsync(context);
//Assert
context.HasFailed.Should().BeTrue();
}
public async Task CanAccessOrderAuthorizationHandler_SearchOrdersBelongToUser_ShouldSucceed(SearchOrderQuery query)
{
//Arrange
var requirements = new[] { new CanAccessOrderAuthorizationRequirement() };
var userId = "userId";
var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("name", userId) }));
var context = new AuthorizationHandlerContext(requirements, user, query);
var subject = new CanAccessOrderAuthorizationHandler();
//Act
await subject.HandleAsync(context);
//Assert
context.HasSucceeded.Should().BeTrue();
query.CustomerId.Should().Be("userId");
}