public async Task MembershipExistsQuery_ShouldReturnFalse_WhenMembeshipDoesNotExist()
{
// Arrange
MembershipExistsQuery request = new MembershipExistsQuery {
GroupMembershipId = 411
};
_unitOfWorkMock
.Setup(m => m.GroupMemberships.Exists(request.GroupMembershipId, It.IsAny <CancellationToken>()))
.ReturnsAsync(false);
MembershipExistsQuery.Handler handler = new MembershipExistsQuery.Handler(_unitOfWorkMock.Object);
// Act
bool exists = await handler.Handle(request);
// Assert
Assert.False(exists);
}
public async Task <ActionResult> DeleteMembership([FromRoute] int membershipId, CancellationToken cancellationToken = default)
{
// Check if the membership exists
MembershipExistsQuery existsQuery = new MembershipExistsQuery {
GroupMembershipId = membershipId
};
bool exists = await _mediator.Send(existsQuery, cancellationToken);
if (!exists)
{
return(NotFound(new ErrorResource
{
StatusCode = StatusCodes.Status404NotFound,
Message = $"Membership with ID '{membershipId}' does not exist"
}));
}
// Check if the user is permitted to delete
CanDeleteMembershipQuery canDeleteQuery = new CanDeleteMembershipQuery {
GroupMembershipIdToDelete = membershipId
};
bool canDelete = await _mediator.Send(canDeleteQuery, cancellationToken);
if (!canDelete)
{
return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource
{
StatusCode = StatusCodes.Status403Forbidden,
Message = "You are not permitted to delete users from this group. This privilege is only granted to administrators of the group"
}));
}
// Delete the membership
DeleteMembershipCommand deleteCommand = new DeleteMembershipCommand {
GroupMembershipId = membershipId
};
await _mediator.Send(deleteCommand, cancellationToken);
return(NoContent());
}
public async Task <ActionResult> UpdateMembership([FromRoute] int membershipId, [FromBody] UpdateMembershipBody body, CancellationToken cancellationToken = default)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
// Check if membership exists
MembershipExistsQuery existsQuery = new MembershipExistsQuery {
GroupMembershipId = membershipId
};
bool exists = await _mediator.Send(existsQuery, cancellationToken);
if (!exists)
{
return(NotFound(new ErrorResource
{
StatusCode = StatusCodes.Status404NotFound,
Message = $"Membership with ID '{membershipId}' does not exist"
}));
}
// Check if the user wants to update himself
IsOwnMembershipQuery isOwnMembershipQuery = new IsOwnMembershipQuery {
GroupMembershipId = membershipId
};
bool isOwnMembership = await _mediator.Send(isOwnMembershipQuery, cancellationToken);
if (isOwnMembership)
{
return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource
{
StatusCode = StatusCodes.Status403Forbidden,
Message = "Cannot update your own membership"
}));
}
// Check if the current user is allowed to update the membership
CanUpdateMembershipQuery canUpdateQuery = new CanUpdateMembershipQuery {
GroupMembershipIdToUpdate = membershipId
};
bool canUpdate = await _mediator.Send(canUpdateQuery, cancellationToken);
if (!canUpdate)
{
return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource
{
StatusCode = StatusCodes.Status403Forbidden,
Message = "You are not permitted to mutate users in this group. This privilege is only granted to administrators of the group"
}));
}
// Update membership
UpdateMembershipCommand updateCommand = new UpdateMembershipCommand
{
GroupMembershipId = membershipId,
IsAdmin = body.IsAdmin != null && (bool)body.IsAdmin
};
await _mediator.Send(updateCommand, cancellationToken);
return(NoContent());
}
