public AuthorizationBuilder AllowInternalAreaAccess()
 {
     A.CallTo(() => fake.EnsureCanAccessInternalArea()).DoesNothing();
     A.CallTo(() => fake.EnsureCanAccessInternalArea(A <bool> ._)).DoesNothing();
     A.CallTo(() => fake.CheckCanAccessInternalArea()).Returns(true);
     A.CallTo(() => fake.CheckCanAccessInternalArea(A <bool> ._)).Returns(true);
     return(this);
 }
Exemple #2
0
        public async Task GetUserDataHandler_NotRequestingCurrentUser_AndUserIsNotAdmin_ThrowsException()
        {
            var otherUserId = Guid.NewGuid().ToString();

            A.CallTo(() => userContext.UserId)
            .Returns(Guid.NewGuid());

            A.CallTo(() => weeeAuthorization.CheckCanAccessInternalArea())
            .Returns(false);

            await
            Assert.ThrowsAsync <UnauthorizedAccessException>(
                async() => await GetUserDataHandler().HandleAsync(new GetUserData(otherUserId)));
        }
        public async Task <bool> HandleAsync(UpdateSchemeContactDetails message)
        {
            authorization.EnsureInternalOrOrganisationAccess(message.SchemeData.OrganisationId);
            if (authorization.CheckCanAccessInternalArea())
            {
                authorization.EnsureUserInRole(Roles.InternalAdmin);
            }

            var scheme = await dataAccess.FetchSchemeAsync(message.SchemeData.OrganisationId);

            if (scheme == null)
            {
                var errorMessage = $"A scheme with organisation id \"{message.SchemeData.OrganisationId}\" could not be found.";

                throw new ArgumentException(errorMessage);
            }

            var contact = new Contact(
                message.SchemeData.Contact.FirstName,
                message.SchemeData.Contact.LastName,
                message.SchemeData.Contact.Position);

            var contactChanged = !contact.Equals(scheme.Contact);

            scheme.AddOrUpdateMainContactPerson(contact);

            var country = await dataAccess.FetchCountryAsync(message.SchemeData.Address.CountryId);

            var address = new Address(
                message.SchemeData.Address.Address1,
                message.SchemeData.Address.Address2,
                message.SchemeData.Address.TownOrCity,
                message.SchemeData.Address.CountyOrRegion,
                message.SchemeData.Address.Postcode,
                country,
                message.SchemeData.Address.Telephone,
                message.SchemeData.Address.Email);

            var schemeAddressChanged = !address.Equals(scheme.Address);

            scheme.AddOrUpdateAddress(address);

            await dataAccess.SaveAsync();

            if (message.SendNotificationOnChange &&
                (contactChanged || schemeAddressChanged) && scheme.CompetentAuthority != null)
            {
                await weeeEmailService.SendOrganisationContactDetailsChanged(scheme.CompetentAuthority.Email, scheme.SchemeName, EntityType.Pcs);
            }

            return(true);
        }
Exemple #4
0
        public async Task <UserData> HandleAsync(GetUserData query)
        {
            string userId = userContext.UserId.ToString();

            if (query.Id != userId && !weeeAuthorization.CheckCanAccessInternalArea())
            {
                throw new UnauthorizedAccessException(
                          string.Format("User {0} is not able to access data relating to another user ({1})", userId, query.Id));
            }

            return(await context.Users.Select(u => new UserData
            {
                Email = u.Email,
                FirstName = u.FirstName,
                Id = u.Id,
                Surname = u.Surname,
            }).SingleOrDefaultAsync(u => u.Id == query.Id));
        }