public void Returns_NotFound_if_service_returns_null()
{
// Given
context.RouteData.Values["learningLogItemId"] = LearningLogItemId;
A.CallTo(() => actionPlanService.VerifyDelegateCanAccessActionPlanResource(LearningLogItemId, DelegateId))
.Returns(null);
// When
new VerifyDelegateCanAccessActionPlanResource(actionPlanService).OnActionExecuting(context);
// Then
context.Result.Should().BeNotFoundResult();
}
public void VerifyDelegateCanAccessActionPlanResource_returns_null_if_signposting_is_deactivated()
{
// Given
A.CallTo(() => config[ConfigurationExtensions.UseSignposting]).Returns("false");
// When
var result = actionPlanService.VerifyDelegateCanAccessActionPlanResource(
GenericLearningLogItemId,
GenericDelegateId
);
// Then
using (new AssertionScope())
{
result.Should().BeNull();
A.CallTo(() => learningLogItemsDataService.GetLearningLogItem(A <int> ._)).MustNotHaveHappened();
}
}
public void OnActionExecuting(ActionExecutingContext context)
{
if (!(context.Controller is Controller controller))
{
return;
}
// Candidate Id will be non-null as Authorize(User.Only) attribute will always be executed first
// because https://docs.microsoft.com/en-us/aspnet/core/mvc/controllers/filters?view=aspnetcore-3.1#filter-types-1
var delegateId = controller.User.GetCandidateIdKnownNotNull();
var learningLogItemId = int.Parse(context.RouteData.Values["learningLogItemId"].ToString() !);
var validationResult =
actionPlanService.VerifyDelegateCanAccessActionPlanResource(learningLogItemId, delegateId);
if (!validationResult.HasValue)
{
context.Result = new NotFoundResult();
}
else if (!validationResult.Value)
{
context.Result = new RedirectToActionResult("AccessDenied", "LearningSolutions", new { });
}
}
