public void UpdateRole() { unitOfWork.Data = Utils.CreateAdminAndUser(); unitOfWork.Data.Roles = new List <Role> { new Role { id = Role.Admin, name = "test" }, new Role { id = 4, name = "test" } }; var role = new Role { id = 4, name = "test", Permissions = new List <Permission> { new Permission { id = 1 }, new Permission { id = 2 } } }; controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2"); var result = controller.UpdateRole(role); Assert.IsInstanceOfType(result, typeof(UnauthorizedResult)); controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "1"); result = controller.UpdateRole(role); Assert.IsNotInstanceOfType(result, typeof(UnauthorizedResult)); CompareObjects(unitOfWork.Data.Roles[1], role, new[] { "id", "name" }); var permProp = result.GetType().GetProperty("permissions"); Assert.IsNotNull(permProp); TestCollection(permProp.GetValue(result), 2); var permData = permProp.GetValue(result) as IEnumerable <object>; Assert.IsNotNull(permData.First().GetType().GetProperty("id")); role.id = Role.Admin; result = controller.UpdateRole(role); //Admin shouldn't be modified Utils.AssertRequestMessageAndStatus(result, HttpStatusCode.BadRequest); }