//[Fact]
public async System.Threading.Tasks.Task UserCantAccessAnotherUsersChildBusinesProfileAttachments()
{
// verify (before we log in) that we are not logged in
await GetCurrentUserIsUnauthorized();
// register as a new user (creates an account and contact)
var loginUser1 = randomNewUserName("NewSecUser1", 6);
var businessName1 = randomNewUserName(loginUser1, 6);
var strId1 = await LoginAndRegisterAsNewUser(loginUser1, businessName1);
// verify the current user represents our new user
ViewModels.User user1 = await GetCurrentUser();
Assert.Equal(user1.name, loginUser1 + " TestUser");
Assert.Equal(user1.businessname, businessName1 + " TestBusiness");
// fetch our current account
ViewModels.Account account1 = await GetAccountForCurrentUser();
ViewModels.AdoxioLegalEntity legalEntity1 = await SecurityHelper.GetLegalEntityRecordForCurrent(_client);
Assert.Equal(user1.accountid, account1.id);
Assert.Equal(user1.accountid, legalEntity1.accountId);
// *** create some org shareholders and child business profiles
ViewModels.AdoxioLegalEntity org1 = await SecurityHelper.CreateOrganizationalShareholder(_client, user1, legalEntity1.id);
Assert.NotNull(org1);
// upload some files under new org1
ViewModels.Account org1Account = await SecurityHelper.GetAccountRecord(_client, org1.shareholderAccountId, true);
Assert.NotNull(org1Account);
string file1 = await SecurityHelper.UploadFileToLegalEntity(_client, org1.id, "TestFileSecurity");
List <ViewModels.FileSystemItem> file1s = await SecurityHelper.GetFileListForAccount(_client, org1.shareholderAccountId, "TestFileSecurity", true);
Assert.NotNull(file1s);
Assert.Single(file1s);
// TODO add a sub-profile of org1 profile as well, and add some attachments for it
// ***
// logout and verify we are logged out
await Logout();
await GetCurrentUserIsUnauthorized();
// register and login as a second user
var loginUser2 = randomNewUserName("NewSecUser2", 6);
var businessName2 = randomNewUserName(loginUser2, 6);
var strId2 = await LoginAndRegisterAsNewUser(loginUser2, businessName2);
ViewModels.User user2 = await GetCurrentUser();
Assert.Equal(user2.name, loginUser2 + " TestUser");
Assert.Equal(user2.businessname, businessName2 + " TestBusiness");
ViewModels.Account account2 = await GetAccountForCurrentUser();
Assert.NotEqual(account1.id, account2.id);
Assert.Equal(user2.accountid, account2.id);
// *** as user 2, try to access child business profiles of account 1
var tmp1 = await SecurityHelper.GetLegalEntityRecord(_client, org1.id, false);
Assert.Null(tmp1);
var tmp2 = await SecurityHelper.GetAccountRecord(_client, org1.shareholderAccountId, false);
Assert.Null(tmp2);
// try to access user1's files under new org1
List <ViewModels.FileSystemItem> file2s = await SecurityHelper.GetFileListForAccount(_client, org1Account.id, "TestFileSecurity", false);
Assert.Null(file2s);
//string _data2 = await SecurityHelper.DownloadFileForAccount(_client, org1Account.id, file1s[0].id, true);
// TODO test access to sub-profile of org1 profile's attachments as well
// ***
// logout and cleanup second test user
await LogoutAndCleanupTestUser(strId2);
await GetCurrentUserIsUnauthorized();
// login again as the same user as above ^^^
await Login(loginUser1, businessName1);
user1 = await GetCurrentUser();
Assert.Equal(user1.name, loginUser1 + " TestUser");
Assert.Equal(user1.businessname, businessName1 + " TestBusiness");
account1 = await GetAccountForCurrentUser();
// *** cleanup business profile records
tmp1 = await SecurityHelper.GetLegalEntityRecord(_client, org1.id, true);
Assert.NotNull(tmp1);
// ... and delete files under org1
//await SecurityHelper.DeleteFileForAccount(_client, org1Account.id, file1s[0].id);
await SecurityHelper.DeleteLegalEntityRecord(_client, org1.id);
// ***
// logout and cleanup (deletes the account and contact created above ^^^)
await LogoutAndCleanupTestUser(strId1);
await GetCurrentUserIsUnauthorized();
}
//[Fact]
public async System.Threading.Tasks.Task UserCantAccessAnotherUsersAccountAttachments()
{
// verify (before we log in) that we are not logged in
await GetCurrentUserIsUnauthorized();
// register as a new user (creates an account and contact)
var loginUser1 = randomNewUserName("NewSecUser1", 6);
var businessName1 = randomNewUserName(loginUser1, 6);
var strId1 = await LoginAndRegisterAsNewUser(loginUser1, businessName1);
// verify the current user represents our new user
ViewModels.User user1 = await GetCurrentUser();
Assert.Equal(user1.name, loginUser1 + " TestUser");
Assert.Equal(user1.businessname, businessName1 + " TestBusiness");
// fetch our current account
ViewModels.Account account1 = await GetAccountForCurrentUser();
ViewModels.AdoxioLegalEntity legalEntity1 = await SecurityHelper.GetLegalEntityRecordForCurrent(_client);
Assert.Equal(user1.accountid, account1.id);
// *** upload some legal entity attachments
string file1 = await SecurityHelper.UploadFileToLegalEntity(_client, legalEntity1.id, "TestFileSecurity");
List <ViewModels.FileSystemItem> file1s = await SecurityHelper.GetFileListForAccount(_client, user1.accountid.ToString(), "TestFileSecurity", true);
Assert.NotNull(file1s);
Assert.Single(file1s);
//string _data1 = await SecurityHelper.DownloadFileForAccount(_client, account1.id, file1s[0].id, true);
// ***
// logout and verify we are logged out
await Logout();
await GetCurrentUserIsUnauthorized();
// register and login as a second user
var loginUser2 = randomNewUserName("NewSecUser2", 6);
var businessName2 = randomNewUserName(loginUser2, 6);
var strId2 = await LoginAndRegisterAsNewUser(loginUser2, businessName2);
ViewModels.User user2 = await GetCurrentUser();
Assert.Equal(user2.name, loginUser2 + " TestUser");
Assert.Equal(user2.businessname, businessName2 + " TestBusiness");
ViewModels.Account account2 = await GetAccountForCurrentUser();
Assert.NotEqual(account1.id, account2.id);
Assert.Equal(user2.accountid, account2.id);
// *** as user 2, try to access Account attachments of account 1
List <ViewModels.FileSystemItem> file2s = await SecurityHelper.GetFileListForAccount(_client, account1.id, "TestFileSecurity", false);
Assert.Null(file2s);
//string _data2 = await SecurityHelper.DownloadFileForAccount(_client, account1.id, file1s[0].id, true);
// ***
// logout and cleanup second test user
await LogoutAndCleanupTestUser(strId2);
await GetCurrentUserIsUnauthorized();
// login again as the same user as above ^^^
await Login(loginUser1, businessName1);
user1 = await GetCurrentUser();
Assert.Equal(user1.name, loginUser1 + " TestUser");
Assert.Equal(user1.businessname, businessName1 + " TestBusiness");
account1 = await GetAccountForCurrentUser();
// *** cleanup user1 uploaded files
//await SecurityHelper.DeleteFileForAccount(_client, account1.id, file1s[0].id);
// ***
// logout and cleanup (deletes the account and contact created above ^^^)
await LogoutAndCleanupTestUser(strId1);
await GetCurrentUserIsUnauthorized();
}
