private static IHttpResponse ToPermission(
ExceptionHttpResponseContext configuration,
EntityPermissionApiEvent apiEvent)
{
var userId = configuration.Formatter.Field(apiEvent.UserId);
var resource = configuration.Formatter.Resource(apiEvent.EntityType);
var resourceId = configuration.Formatter.Field(apiEvent.EntityId);
var message = $"The user with identifier '{apiEvent.UserId}', does not have permission to access the {resource} resource with identifier '{resourceId}'";
return(new ResourceAccessPermissionHttpResponse(
message,
configuration.Formatter.Code(apiEvent.Code),
userId,
resource,
resourceId));
}
public async Task PermissionResultShouldReturn403(
SampleServerFactory serverFactory,
Mock <IHttpActionResultFactory> actionResultFactory,
HttpRequestMessage request,
EntityPermissionApiEvent apiEvent)
{
var result = new TestAutoResponseResult(request, apiEvent);
actionResultFactory.Setup(f => f.Create(It.IsAny <HttpRequestMessage>())).Returns(result);
using (var server = serverFactory
.With <IHttpActionResultFactory>(actionResultFactory.Object)
.Create())
{
var response = await server.HttpClient.GetAsync("/api/result");
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
}
