public async void IfAUserDoesNotHaveAccessToEitherSchemeOrInternalArea_ASecurityExceptionIsThrown_AndNoDataIsRetrieved()
{
var message = new OrganisationBySchemeId(Guid.NewGuid());
A.CallTo(() => authorization.CheckInternalOrSchemeAccess(message.SchemeId))
.Throws<SecurityException>();
await Assert.ThrowsAsync<SecurityException>(() => Handler().HandleAsync(message));
A.CallTo(() => organisationDataAccess.GetBySchemeId(A<Guid>._))
.MustNotHaveHappened();
}
public async void IfAUserDoesNotHaveAccessToEitherSchemeOrInternalArea_ASecurityExceptionIsThrown_AndNoDataIsRetrieved()
{
var message = new OrganisationBySchemeId(Guid.NewGuid());
A.CallTo(() => authorization.CheckInternalOrSchemeAccess(message.SchemeId))
.Throws <SecurityException>();
await Assert.ThrowsAsync <SecurityException>(() => Handler().HandleAsync(message));
A.CallTo(() => organisationDataAccess.GetBySchemeId(A <Guid> ._))
.MustNotHaveHappened();
}
public async Task OrganisationBySchemeIdHandler_ReturnsFalseForCanEditOrganisation_WhenCurrentUserIsNotInternalAdmin()
{
// Arrange
var weeeAuthorization = new AuthorizationBuilder()
.AllowInternalAreaAccess()
.DenyRole(Roles.InternalAdmin)
.Build();
var handler = new OrganisationBySchemeIdHandler(weeeAuthorization, organisationDataAccess, mapper);
var message = new OrganisationBySchemeId(Guid.NewGuid());
// Act
var result = await handler.HandleAsync(message);
// Assert
Assert.False(result.CanEditOrganisation);
}
public async Task OrganisationBySchemeIdHandler_ReturnsFalseForCanEditOrganisation_WhenCurrentUserIsNotInternalAdmin()
{
// Arrange
var weeeAuthorization = new AuthorizationBuilder()
.AllowInternalAreaAccess()
.DenyRole(Roles.InternalAdmin)
.Build();
var handler = new OrganisationBySchemeIdHandler(weeeAuthorization, organisationDataAccess, mapper);
var message = new OrganisationBySchemeId(Guid.NewGuid());
// Act
var result = await handler.HandleAsync(message);
// Assert
Assert.False(result.CanEditOrganisation);
}
