public void GetOrder()
{
unitOfWork.Data = Utils.CreateAdminAndUser();
//NO user
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "0");
var result = controller.GetOrder("o", "c");
Assert.IsInstanceOfType(result.Result, typeof(UnauthorizedResult));
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2");
var permissions = new List <Permission>
{
new Permission {
id = (int)PermissionId.ViewOrderHistory
}
};
cache.Set($"permissions_2", permissions, null);
result = controller.GetOrder("o", "c1");
Assert.IsNotNull(result);
Assert.IsNotNull(apiClient.Parameters);
Assert.IsTrue(apiClient.Parameters.ContainsKey("order_no"));
Assert.IsTrue(apiClient.Parameters.ContainsKey("customer_code"));
Assert.AreEqual(unitOfWork.Data.Users.FirstOrDefault(u => u.id == 2)?.customer_code, apiClient.Parameters["customer_code"]);
//Branch admin
unitOfWork.Data = Utils.CreateAdminAndUser();
apiClient.Data.Order = new Order();
unitOfWork.Data.Customers = new List <Customer>
{
new Customer {
code = "c1"
},
new Customer {
code = "c2", invoice_customer = "c3"
},
new Customer {
code = "c3"
}
};
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "3");
cache.Set($"permissions_3", permissions, null);
unitOfWork.Data.Users.Add(new User {
id = 3, Roles = new List <Role> {
new Role {
id = Role.BranchAdmin
}
}, customer_code = "c3"
});
var res = controller.GetOrder("o", "c3").Result;
Assert.IsNotNull(res);
Assert.AreEqual("c3", apiClient.Parameters["customer_code"]);
res = controller.GetOrder("o", "c2").Result;
Assert.IsNotNull(res);
Assert.AreEqual("c2", apiClient.Parameters["customer_code"]);
res = controller.GetOrder("o", "c1").Result;
Assert.IsNotNull(res);
Assert.AreNotEqual("c1", apiClient.Parameters["customer_code"]);
//permissions
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2");
cache.Remove("permissions_2");
res = controller.GetOrder("o", "c2").Result;
Assert.IsNotNull(res);
Assert.IsInstanceOfType(res, typeof(UnauthorizedResult));
}
public void GetPrice()
{
var code = "code";
unitOfWork.Data = Utils.CreateAdminAndUser();
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2");
var permissions = new List <Permission>
{
new Permission {
id = (int)PermissionId.ViewStockSearch
}
};
cache.Set($"permissions_2", permissions, null);
var customer_code = "c1";
var result = controller.getPrice(customer_code, code);
Assert.IsInstanceOfType(result.Result, typeof(UnauthorizedResult));
unitOfWork.Data.Users.FirstOrDefault(u => u.id == 2).isInternal = true;
result = controller.getPrice(customer_code, code);
Assert.IsNotInstanceOfType(result, typeof(UnauthorizedResult));
Assert.IsTrue(apiClient.Parameters.ContainsKey("customer"));
Assert.IsTrue(apiClient.Parameters.ContainsKey("product"));
Assert.IsInstanceOfType((result.Result as OkNegotiatedContentResult <Task <object> >)?.Content?.Result, typeof(ProductPrices));
//Branch admin
unitOfWork.Data = Utils.CreateAdminAndUser();
apiClient.Data.Orders = new List <Order>();
unitOfWork.Data.Customers = new List <Customer>
{
new Customer {
code = "c1"
},
new Customer {
code = "c2", invoice_customer = "c3"
},
new Customer {
code = "c3"
}
};
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "3");
cache.Set($"permissions_3", permissions, null);
unitOfWork.Data.Users.Add(new User {
id = 3, Roles = new List <Role> {
new Role {
id = Role.BranchAdmin
}
}, customer_code = "c3"
});
var res = controller.getPrice("c3", code).Result;
Assert.IsNotNull(res);
Assert.AreEqual("c3", apiClient.Parameters["customer"]);
res = controller.getPrice("c2", code).Result;
Assert.IsNotNull(res);
Assert.IsNotInstanceOfType(res, typeof(UnauthorizedResult));
Assert.AreEqual("c2", apiClient.Parameters["customer"]);
res = controller.getPrice("c1", code).Result;
Assert.IsNotNull(res);
Assert.IsInstanceOfType(res, typeof(UnauthorizedResult));
//user permissions
cache.Remove("permissions_2");
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2");
res = controller.getPrice("c2", code).Result;
Assert.IsNotNull(res);
Assert.IsInstanceOfType(res, typeof(UnauthorizedResult));
}
