public void CheckPermission_should_not_throw_exception_if_content_is_from_current_user()
{
var content = CreateContent(status: Status.Published);
var command = CreateCommand(new DeleteContent());
GuardContent.CheckPermission(content, command, Permissions.AppContentsDelete);
}
public void CheckPermission_should_exception_if_content_is_from_another_user_and_user_has_no_permission()
{
var content = CreateContent(Status.Published);
var commandActor = RefToken.User("456");
var command = CreateCommand(new DeleteContent {
Actor = commandActor
});
Assert.Throws <DomainForbiddenException>(() => GuardContent.CheckPermission(content, command, Permissions.AppContentsDelete));
}
public void CheckPermission_should_not_throw_exception_if_user_is_null()
{
var content = CreateContent(Status.Published);
var commandActor = RefToken.User("456");
var command = CreateCommand(new DeleteContent {
Actor = commandActor
});
command.User = null;
GuardContent.CheckPermission(content, command, Permissions.AppContentsDelete);
}
public void CheckPermission_should_not_throw_exception_if_content_is_from_another_user_but_user_has_permission()
{
var content = CreateContent(Status.Published);
var permission = Permissions.ForApp(Permissions.AppContentsDelete, appId.Name, schemaId.Name).Id;
var commandUser = Mocks.FrontendUser(permission: permission);
var commandActor = RefToken.User("456");
var command = CreateCommand(new DeleteContent {
Actor = commandActor, User = commandUser
});
GuardContent.CheckPermission(content, command, Permissions.AppContentsDelete);
}