public void Edit_NonExistingUser_ThrowsNonExistingUserException() { var user = new User { Id = 1 }; var getUserData = new Mock <IGetUserData>(); getUserData.Setup(x => x.GetDataWithoutArtworks(user.Id)).Returns((User)null); var sut = new PatchUser(getUserData.Object, _sqlBuilder.Object, _sqlQuery.Object); Assert.That(() => sut.Edit(user), Throws.Exception.TypeOf <NonExistingUserException>()); }
public void Edit_NoChangesToUser_ReturnsSameUser() { var user = new User { Id = 1 }; var getUserData = new Mock <IGetUserData>(); getUserData.Setup(x => x.GetDataWithoutArtworks(user.Id)).Returns(user); var sut = new PatchUser(getUserData.Object, _sqlBuilder.Object, _sqlQuery.Object); var result = sut.Edit(user); Assert.That(result, Is.EqualTo(user)); }
public async Task <IHttpActionResult> Patch(string id, PatchUser patchUser) { var userId = User.Identity.GetUserId(); var roles = await _usrMgr.GetRolesAsync(userId); if (!(roles.Contains(Roles.UserManager) || roles.Contains(Roles.Admin))) { // User can only update themselves if (userId != id) { ModelState.AddModelError("userId", "Permission denied"); } // Users cannot change their roles if (patchUser.Roles != null) { patchUser.Roles = new List <string> { "User" }; } } var targetRoles = await _usrMgr.GetRolesAsync(id); if (roles.Contains(Roles.UserManager)) { // User manager cannot change admin // User manager cannot upgrade anybody to admin if (targetRoles.Contains(Roles.Admin) || patchUser.Roles != null && patchUser.Roles.Contains(Roles.Admin)) { ModelState.AddModelError("userId", "Permission denied"); } } IdentityResult result = null; if (ModelState.IsValid) { var usr = await _usrMgr.FindByIdAsync(id); if (!string.IsNullOrEmpty(patchUser.Password)) { result = await _usrMgr.RemovePasswordAsync(id); if (result.Succeeded) { result = await _usrMgr.AddPasswordAsync(id, patchUser.Password); } } if (result == null || result.Succeeded) { if (patchUser.Roles != null) { var currRoles = await _usrMgr.GetRolesAsync(id); result = await _usrMgr.RemoveFromRolesAsync(id, currRoles.ToArray()); if (result.Succeeded) { result = await _usrMgr.AddToRolesAsync(id, patchUser.Roles.ToArray()); } } } if (result == null || result.Succeeded) { return(Ok( new UserWithId { Id = id, UserName = usr.UserName, Roles = _usrMgr.GetRoles(id).ToList() })); } } if (result != null) { foreach (var err in result.Errors) { if (err.IndexOf("password", StringComparison.OrdinalIgnoreCase) >= 0) { ModelState.AddModelError("user.Password", err); } else if (err.IndexOf("username", StringComparison.OrdinalIgnoreCase) >= 0) { ModelState.AddModelError("user.UserName", err); } else { ModelState.AddModelError("user", err); } } } return(BadRequest(ModelState)); }