Ejemplo n.º 1
0
        public void GetCustomer()
        {
            var mockData = Utils.CreateAdminAndUser();

            mockData.Customers = new List <Customer>
            {
                new Customer {
                    code = "c1", address6 = ""
                },
                new Customer {
                    code = "c2", invoice_customer = "c3"
                },
                new Customer {
                    code = "c3"
                }
            };
            mockData.Users.Add(new User
            {
                id            = 3,
                customer_code = "c3",
                Roles         = new List <Role>
                {
                    new Role {
                        id = Role.BranchAdmin
                    }
                }
            });
            mockData.Users.Add(new User
            {
                id    = 4,
                Roles = new List <Role>
                {
                    new Role {
                        id = Role.User
                    }
                },
                isInternal = true
            });
            unitOfWork.Data = mockData;

            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "1");

            var customer = controller.GetCustomer("c1  ");

            Assert.IsNotNull(customer);
            customer = controller.GetCustomer("c4");
            Assert.IsNull(customer);

            //User can get only its customer
            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2");
            var regularUser = mockData.Users[1];
            var branchAdmin = mockData.Users[2];

            customer = controller.GetCustomer(
                mockData.Users.FirstOrDefault(u => u.customer_code != regularUser.customer_code)?.customer_code);
            Assert.IsNull(customer);
            customer = controller.GetCustomer(regularUser.customer_code);
            Assert.IsNotNull(customer);

            //Check if admin can reach any customer
            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "1");
            Assert.IsTrue(mockData.Customers.All(c => controller.GetCustomer(c.code) != null));

            //Branch admin should get customer 2 and 3
            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "3");
            Assert.IsNotNull(controller.GetCustomer(branchAdmin.customer_code));
            Assert.IsNotNull(controller.GetCustomer(regularUser.customer_code));
            Assert.IsNull(controller.GetCustomer(mockData.Users[0].customer_code));

            //Internal user can get any customer like admin
            controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "4");
            Assert.IsTrue(mockData.Customers.All(c => controller.GetCustomer(c.code) != null));
        }