public async Task EditMessage_ShouldReturnForbiddenResult_WhenUserIsNotTheAuthorOfTheMessage()
{
// Arrange
const int messageId = 1;
EditMessageBody body = new EditMessageBody {
HtmlContent = "<p>hello world</p>"
};
_mediatorMock
.Setup(m => m.Send(It.IsAny <MessageExistsQuery>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(true);
_mediatorMock
.Setup(m => m.Send(It.IsAny <IsAuthorOfMessageQuery>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(false);
MessageController controller = new MessageController(null, _mediatorMock.Object);
// Act
ActionResult response = await controller.EditMessage(messageId, body);
// Assert
ObjectResult result = Assert.IsType <ObjectResult>(response);
ErrorResource error = Assert.IsType <ErrorResource>(result.Value);
Assert.NotNull(error);
Assert.Equal(StatusCodes.Status403Forbidden, error.StatusCode);
}
public async Task EditMessage_ShouldUpdateTheMessagesContent()
{
// Arrange
const int messageId = 1;
EditMessageBody body = new EditMessageBody {
HtmlContent = "<p>hello world</p>"
};
_mediatorMock
.Setup(m => m.Send(It.IsAny <MessageExistsQuery>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(true);
_mediatorMock
.Setup(m => m.Send(It.IsAny <IsAuthorOfMessageQuery>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(true);
_mediatorMock
.Setup(m => m.Send(It.IsAny <EditMessageCommand>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(Unit.Value);
MessageController controller = new MessageController(null, _mediatorMock.Object);
// Act
ActionResult response = await controller.EditMessage(messageId, body);
// Assert
Assert.IsType <NoContentResult>(response);
_mediatorMock.Verify(m => m.Send(It.IsAny <EditMessageCommand>(), It.IsAny <CancellationToken>()), Times.AtLeastOnce);
}
public async Task <ActionResult> EditMessage([FromRoute] int messageId, [FromBody] EditMessageBody body, CancellationToken cancellationToken = default)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
// Check if the message exists
MessageExistsQuery existsQuery = new MessageExistsQuery {
MessageId = messageId
};
bool exists = await _mediator.Send(existsQuery, cancellationToken);
if (!exists)
{
return(NotFound(new ErrorResource
{
StatusCode = StatusCodes.Status404NotFound,
Message = $"Message with ID '{messageId}' does not exist"
}));
}
// Check if the user is the author of the message and thus allowed to update it
IsAuthorOfMessageQuery isAuthorQuery = new IsAuthorOfMessageQuery {
MessageId = messageId
};
bool isAuthor = await _mediator.Send(isAuthorQuery, cancellationToken);
if (!isAuthor)
{
return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource
{
StatusCode = StatusCodes.Status403Forbidden,
Message = "Only the author of a message is allowed to update a message"
}));
}
// Update the message
EditMessageCommand editCommand = new EditMessageCommand {
MessageId = messageId, HtmlContent = body.HtmlContent
};
await _mediator.Send(editCommand, cancellationToken);
return(NoContent());
}
