public IActionResult GetReport(int id, int reportId)
{
var buildingId = new BuildingId(id);
var reportRepository = ReportRepository(buildingId);
var report = reportRepository.Get(reportId, buildingId);
if (report == null)
{
return(NotFound());
}
if (!_reportAccessRules.CanAccess(report, _userSession.User.Id))
{
return(Forbid());
}
return(Ok(new ReportDTO
{
CanEdit = report.ReporterId == _userSession.User.Id,
Date = report.Date,
NumberOfWorkers = report.NumberOfWorkers,
Work = report.Work.Select(w => new ReportQuantity
{
EstimationId = w.EstimationId,
Quantity = w.Quantity
})
}));
}
public void GetReport_Forbidden_ReportExistsButUserHasNoAccess()
{
const int reportId = 19;
var report = new Report(reportId, DateTime.Now, 1, new UserId(1), new BuildingId(2));
_reportsRepository.Get(reportId, Arg.Any <BuildingId>()).Returns(report);
_reportAccessRules.CanAccess(report, Arg.Any <UserId>()).Returns(false);
var response = _reportsController.GetReport(12, reportId);
Assert.That(response, Is.TypeOf <ForbidResult>());
}