private static IHttpResponse ToPermission(
            ExceptionHttpResponseContext configuration,
            EntityPermissionApiEvent apiEvent)
        {
            var userId     = configuration.Formatter.Field(apiEvent.UserId);
            var resource   = configuration.Formatter.Resource(apiEvent.EntityType);
            var resourceId = configuration.Formatter.Field(apiEvent.EntityId);

            var message = $"The user with identifier '{apiEvent.UserId}', does not have permission to access the {resource} resource with identifier '{resourceId}'";

            return(new ResourceAccessPermissionHttpResponse(
                       message,
                       configuration.Formatter.Code(apiEvent.Code),
                       userId,
                       resource,
                       resourceId));
        }
Example #2
0
        public async Task PermissionResultShouldReturn403(
            SampleServerFactory serverFactory,
            Mock <IHttpActionResultFactory> actionResultFactory,
            HttpRequestMessage request,
            EntityPermissionApiEvent apiEvent)
        {
            var result = new TestAutoResponseResult(request, apiEvent);

            actionResultFactory.Setup(f => f.Create(It.IsAny <HttpRequestMessage>())).Returns(result);

            using (var server = serverFactory
                                .With <IHttpActionResultFactory>(actionResultFactory.Object)
                                .Create())
            {
                var response = await server.HttpClient.GetAsync("/api/result");

                Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
            }
        }