public void CreateUser() { unitOfWork.Data = new MockData { Users = new List <User> { new User { id = 1, email = "user", customer_code = "c1", Roles = new List <Role> { new Role { id = Role.Admin } } }, new User { id = 2, username = "******", Roles = new List <Role> { new Role { id = Role.User } } }, new User { id = 3, username = "******", customer_code = "c0", Roles = new List <Role> { new Role { id = Role.BranchAdmin } } }, new User { id = 4, username = "******", customer_code = "c2", Roles = new List <Role> { new Role { id = Role.BranchAdmin } } } }, Customers = new List <Customer> { new Customer { code = "c0" }, new Customer { code = "c1", invoice_customer = "c0" }, new Customer { code = "c2" } } }; var user = new User { id = 0, name = "name" }; //Try as regular user controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2"); var result = controller.Create(user); Assert.IsInstanceOfType(result, typeof(HttpResponseMessage)); var message = result as HttpResponseMessage; Assert.AreEqual(HttpStatusCode.Unauthorized, message?.StatusCode); //admin, should get validation error controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "1"); result = controller.Create(user); Assert.IsInstanceOfType(result, typeof(HttpResponseMessage)); message = result as HttpResponseMessage; Assert.IsNotNull(message); Assert.AreEqual(HttpStatusCode.BadRequest, message?.StatusCode); var text = message.Content.ReadAsStringAsync().Result; Assert.IsTrue(text.Contains("Name")); //Duplicate email or username user.lastname = "last"; user.email = "user"; //duplicate user.username = "******"; user.customer_code = "c0"; result = controller.Create(user); Assert.IsInstanceOfType(result, typeof(HttpResponseMessage)); message = result as HttpResponseMessage; Assert.IsNotNull(message); Assert.AreEqual(HttpStatusCode.BadRequest, message?.StatusCode); text = message.Content.ReadAsStringAsync().Result; Assert.IsTrue(text.Contains("already exists")); //Customer doesn't exist user.email = "email"; user.customer_code = "xxx"; result = controller.Create(user); Assert.IsInstanceOfType(result, typeof(HttpResponseMessage)); message = result as HttpResponseMessage; Assert.IsNotNull(message); Assert.AreEqual(HttpStatusCode.BadRequest, message?.StatusCode); text = message.Content.ReadAsStringAsync().Result; Assert.IsTrue(text.Contains("No customer")); //Customer not allowed controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "3"); user.customer_code = "c2"; result = controller.Create(user); Assert.IsInstanceOfType(result, typeof(HttpResponseMessage)); message = result as HttpResponseMessage; Assert.IsNotNull(message); Assert.AreEqual(HttpStatusCode.BadRequest, message?.StatusCode); text = message.Content.ReadAsStringAsync().Result; Assert.IsTrue(text.Contains("You are not allowed to")); //Correct user.customer_code = "c0"; result = controller.Create(user); Assert.IsNotNull(result); Assert.IsNotInstanceOfType(result, typeof(HttpResponseMessage)); Assert.AreEqual(5, unitOfWork.Data.Users.Count); Assert.IsTrue(unitOfWork.Saved); string[] properties = { "id", "name", "address", "password", "email", "customer_code", "token", "isInternal", "lastname", "lastLogin", "phone", "username" }; CompareObjects(user, result, properties); }