Inheritance: System.Web.Http.Filters.ActionFilterAttribute
        public void ShouldSuccessfullyGetUserIdInUserObject()
        {
            _controller.ControllerContext.RequestContext.Principal =
                new GenericPrincipal(new GenericIdentity("foo", "bar"), new[] { "user" });
            _userResource.Setup(a => a.GetByUserName(It.IsAny<string>())).Returns(new User { Id = 1 });
            _httpActionContext.ActionArguments.Add("dummy", new User { Id = 1 });

            var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object };

            Assert.DoesNotThrow(() => attribute.OnActionExecuting(_httpActionContext));
        }
        public void ShouldThrowWhenFailedToFetchUser()
        {
            _httpActionContext.ActionArguments.Add("dummy", new DummyObject { User = new User { Id = 1 } });
            _controller.ControllerContext.RequestContext.Principal =
                new GenericPrincipal(new GenericIdentity("foo", "bar"), new[] { "user" });
            _userResource.Setup(a => a.GetByUserName(It.IsAny<string>())).Returns((User)null);

            var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object };
            var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext));

            Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode);
        }
        public void ShouldThrowWhenIdInUserPropertyIsZeroInParameter()
        {
            _httpActionContext.ActionArguments.Add("dummy", new DummyObject { User = new User { Id = 0 } });

            var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object };
            var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext));

            Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode);
        }
        public void ShouldThrowWhenNameIsEmptyInPrincipal()
        {
            _httpActionContext.ActionArguments.Add("dummy", new DummyObject { User = new User { Id = 1 } });
            _controller.ControllerContext.RequestContext.Principal = 
                new GenericPrincipal(new GenericIdentity("", ""), null);

            var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object };
            var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext));

            Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode);
        }
        public void ShouldThrowWhenNoParameterIsUsed()
        {
            var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object };
            var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext));

            Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode);
        }