Example #1
0
        public void Returns_NotFound_if_service_returns_null()
        {
            // Given
            context.RouteData.Values["learningLogItemId"] = LearningLogItemId;
            A.CallTo(() => actionPlanService.VerifyDelegateCanAccessActionPlanResource(LearningLogItemId, DelegateId))
            .Returns(null);

            // When
            new VerifyDelegateCanAccessActionPlanResource(actionPlanService).OnActionExecuting(context);

            // Then
            context.Result.Should().BeNotFoundResult();
        }
Example #2
0
        public void VerifyDelegateCanAccessActionPlanResource_returns_null_if_signposting_is_deactivated()
        {
            // Given
            A.CallTo(() => config[ConfigurationExtensions.UseSignposting]).Returns("false");

            // When
            var result = actionPlanService.VerifyDelegateCanAccessActionPlanResource(
                GenericLearningLogItemId,
                GenericDelegateId
                );

            // Then
            using (new AssertionScope())
            {
                result.Should().BeNull();
                A.CallTo(() => learningLogItemsDataService.GetLearningLogItem(A <int> ._)).MustNotHaveHappened();
            }
        }
        public void OnActionExecuting(ActionExecutingContext context)
        {
            if (!(context.Controller is Controller controller))
            {
                return;
            }

            // Candidate Id will be non-null as Authorize(User.Only) attribute will always be executed first
            // because https://docs.microsoft.com/en-us/aspnet/core/mvc/controllers/filters?view=aspnetcore-3.1#filter-types-1
            var delegateId        = controller.User.GetCandidateIdKnownNotNull();
            var learningLogItemId = int.Parse(context.RouteData.Values["learningLogItemId"].ToString() !);

            var validationResult =
                actionPlanService.VerifyDelegateCanAccessActionPlanResource(learningLogItemId, delegateId);

            if (!validationResult.HasValue)
            {
                context.Result = new NotFoundResult();
            }
            else if (!validationResult.Value)
            {
                context.Result = new RedirectToActionResult("AccessDenied", "LearningSolutions", new { });
            }
        }