public async void IfAUserDoesNotHaveAccessToEitherSchemeOrInternalArea_ASecurityExceptionIsThrown_AndNoDataIsRetrieved() { var message = new OrganisationBySchemeId(Guid.NewGuid()); A.CallTo(() => authorization.CheckInternalOrSchemeAccess(message.SchemeId)) .Throws<SecurityException>(); await Assert.ThrowsAsync<SecurityException>(() => Handler().HandleAsync(message)); A.CallTo(() => organisationDataAccess.GetBySchemeId(A<Guid>._)) .MustNotHaveHappened(); }
public async void IfAUserDoesNotHaveAccessToEitherSchemeOrInternalArea_ASecurityExceptionIsThrown_AndNoDataIsRetrieved() { var message = new OrganisationBySchemeId(Guid.NewGuid()); A.CallTo(() => authorization.CheckInternalOrSchemeAccess(message.SchemeId)) .Throws <SecurityException>(); await Assert.ThrowsAsync <SecurityException>(() => Handler().HandleAsync(message)); A.CallTo(() => organisationDataAccess.GetBySchemeId(A <Guid> ._)) .MustNotHaveHappened(); }
public async Task OrganisationBySchemeIdHandler_ReturnsFalseForCanEditOrganisation_WhenCurrentUserIsNotInternalAdmin() { // Arrange var weeeAuthorization = new AuthorizationBuilder() .AllowInternalAreaAccess() .DenyRole(Roles.InternalAdmin) .Build(); var handler = new OrganisationBySchemeIdHandler(weeeAuthorization, organisationDataAccess, mapper); var message = new OrganisationBySchemeId(Guid.NewGuid()); // Act var result = await handler.HandleAsync(message); // Assert Assert.False(result.CanEditOrganisation); }