public async Task <IActionResult> UpdateMembership(UpdateMembershipCommand command)
{
Request.Headers.TryGetValue("Authorization", out var token);
string role = await AuthHelper.GetRoleFromTokenAsync(token);
if (role != "admin")
{
return(StatusCode(401, new { Error = "Unauthorized" }));
}
BaseResponse <int> result = (BaseResponse <int>) await Mediator.Send(command);
return(!result.Success ? StatusCode(result.Error.StatusCode, result.Error) : Ok(result));
}
public async Task UpdateMembershipCommandHandler_ShouldUpdateMembership()
{
// Arrange
UpdateMembershipCommand request = new UpdateMembershipCommand
{
GroupMembershipId = 1,
IsAdmin = true
};
IEnumerable <GroupMembership> expectedMemberships = new[]
{
new GroupMembership {
GroupMembershipId = 1, UserId = 1, IsAdmin = false
}
};
IQueryable <GroupMembership> queryableMock = expectedMemberships
.AsQueryable()
.BuildMock()
.Object;
_unitOfWorkMock
.Setup(m => m.GroupMemberships.GetById(request.GroupMembershipId))
.Returns(queryableMock);
GroupMembership passedMembership = null;
_unitOfWorkMock
.Setup(m => m.GroupMemberships.Update(It.IsAny <GroupMembership>()))
.Callback <GroupMembership>(gm => passedMembership = gm);
_unitOfWorkMock
.Setup(m => m.CommitAsync(It.IsAny <CancellationToken>()))
.ReturnsAsync(1);
UpdateMembershipCommand.Handler handler = new UpdateMembershipCommand.Handler(_unitOfWorkMock.Object);
// Act
await handler.Handle(request);
// Assert
Assert.NotNull(passedMembership);
Assert.Equal(request.IsAdmin, passedMembership.IsAdmin);
_unitOfWorkMock.Verify(m => m.GroupMemberships.Update(It.IsAny <GroupMembership>()), Times.AtLeastOnce);
_unitOfWorkMock.Verify(m => m.CommitAsync(It.IsAny <CancellationToken>()), Times.AtLeastOnce);
}
public async Task UpdateMembership_ShouldUpdateMembership()
{
// Arrange
const int membershipId = 1;
UpdateMembershipBody body = new UpdateMembershipBody {
IsAdmin = true
};
Mock <IMediator> mediatorMock = new Mock <IMediator>();
mediatorMock
.Setup(m => m.Send(It.IsAny <MembershipExistsQuery>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(true);
mediatorMock
.Setup(m => m.Send(It.IsAny <CanUpdateMembershipQuery>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(true);
UpdateMembershipCommand passedUpdateCommand = null;
mediatorMock
.Setup(m => m.Send(It.IsAny <UpdateMembershipCommand>(), It.IsAny <CancellationToken>()))
.Callback <IRequest <Unit>, CancellationToken>((c, _) => passedUpdateCommand = (UpdateMembershipCommand)c)
.ReturnsAsync(Unit.Value);
GroupMembershipController controller = new GroupMembershipController(mediatorMock.Object, null);
// Act
ActionResult response = await controller.UpdateMembership(membershipId, body);
// Assert
Assert.IsType <NoContentResult>(response);
mediatorMock.Verify(m => m.Send(It.IsAny <UpdateMembershipCommand>(), It.IsAny <CancellationToken>()), Times.Once);
Assert.NotNull(passedUpdateCommand);
Assert.Equal(membershipId, passedUpdateCommand.GroupMembershipId);
Assert.Equal(body.IsAdmin, passedUpdateCommand.IsAdmin);
}
public async Task <ActionResult> UpdateMembership([FromRoute] int membershipId, [FromBody] UpdateMembershipBody body, CancellationToken cancellationToken = default)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
// Check if membership exists
MembershipExistsQuery existsQuery = new MembershipExistsQuery {
GroupMembershipId = membershipId
};
bool exists = await _mediator.Send(existsQuery, cancellationToken);
if (!exists)
{
return(NotFound(new ErrorResource
{
StatusCode = StatusCodes.Status404NotFound,
Message = $"Membership with ID '{membershipId}' does not exist"
}));
}
// Check if the user wants to update himself
IsOwnMembershipQuery isOwnMembershipQuery = new IsOwnMembershipQuery {
GroupMembershipId = membershipId
};
bool isOwnMembership = await _mediator.Send(isOwnMembershipQuery, cancellationToken);
if (isOwnMembership)
{
return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource
{
StatusCode = StatusCodes.Status403Forbidden,
Message = "Cannot update your own membership"
}));
}
// Check if the current user is allowed to update the membership
CanUpdateMembershipQuery canUpdateQuery = new CanUpdateMembershipQuery {
GroupMembershipIdToUpdate = membershipId
};
bool canUpdate = await _mediator.Send(canUpdateQuery, cancellationToken);
if (!canUpdate)
{
return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource
{
StatusCode = StatusCodes.Status403Forbidden,
Message = "You are not permitted to mutate users in this group. This privilege is only granted to administrators of the group"
}));
}
// Update membership
UpdateMembershipCommand updateCommand = new UpdateMembershipCommand
{
GroupMembershipId = membershipId,
IsAdmin = body.IsAdmin != null && (bool)body.IsAdmin
};
await _mediator.Send(updateCommand, cancellationToken);
return(NoContent());
}
