public async Task CreateDraftTemplate_FailsIfUserWithoutPermissionsToCreateTemplates()
{
ITemplateBuilderApiClient apiClient = Substitute.For <ITemplateBuilderApiClient>();
TemplateCreateModel model = new TemplateCreateModel
{
Description = "Test Description",
FundingStreamId = "TEST",
FundingPeriodId = "TEST"
};
string templateId = Guid.NewGuid().ToString();
apiClient
.CreateDraftTemplate(Arg.Any <TemplateCreateCommand>())
.Returns(new ValidatedApiResponse <string>(HttpStatusCode.Created, templateId));
var authHelper = Substitute.For <IAuthorizationHelper>();
authHelper.GetUserFundingStreamPermissions(Arg.Any <ClaimsPrincipal>(), Arg.Is(model.FundingStreamId))
.Returns(new FundingStreamPermission {
CanCreateTemplates = false, FundingStreamId = model.FundingStreamId
});
TemplateBuildController controller = new TemplateBuildController(apiClient, authHelper, Substitute.For <ILogger>());
IActionResult result = await controller.CreateDraftTemplate(model);
result
.Should()
.BeAssignableTo <ForbidResult>();
apiClient.Received(0);
}
public async Task CreateDraftTemplate_ReturnsCorrectResult()
{
ITemplateBuilderApiClient apiClient = Substitute.For <ITemplateBuilderApiClient>();
TemplateCreateModel model = new TemplateCreateModel
{
Description = "Test Description",
FundingStreamId = "TEST",
FundingPeriodId = "TEST"
};
string templateId = Guid.NewGuid().ToString();
apiClient
.CreateDraftTemplate(Arg.Any <TemplateCreateCommand>())
.Returns(new ValidatedApiResponse <string>(HttpStatusCode.Created, templateId));
var authHelper = Substitute.For <IAuthorizationHelper>();
authHelper.GetUserFundingStreamPermissions(Arg.Any <ClaimsPrincipal>(), Arg.Is(model.FundingStreamId))
.Returns(new FundingStreamPermission {
CanCreateTemplates = true, FundingStreamId = model.FundingStreamId
});
TemplateBuildController controller = new TemplateBuildController(apiClient, authHelper, Substitute.For <ILogger>());
IActionResult result = await controller.CreateDraftTemplate(model);
result
.Should()
.BeAssignableTo <CreatedResult>();
string resultId = (result as CreatedResult)?.Value as string;
resultId
.Should()
.Be(templateId);
string resultLocation = (result as CreatedResult)?.Location;
resultLocation
.Should()
.Be($"api/templates/build/{templateId}");
}
public async Task <IActionResult> CreateDraftTemplate([FromBody] TemplateCreateModel createModel)
{
Guard.ArgumentNotNull(createModel, nameof(createModel));
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
FundingStreamPermission permissions = await _authorizationHelper.GetUserFundingStreamPermissions(User, createModel.FundingStreamId);
if (!permissions.CanCreateTemplates)
{
_logger.Error($"User [{User?.Identity?.Name}] has insufficient permissions to create a {createModel.FundingStreamId} template");
return(Forbid(new AuthenticationProperties()));
}
ValidatedApiResponse <string> result = await _client.CreateDraftTemplate(new TemplateCreateCommand
{
Description = createModel.Description,
FundingStreamId = createModel.FundingStreamId,
FundingPeriodId = createModel.FundingPeriodId,
SchemaVersion = "1.1"
});
switch (result.StatusCode)
{
case HttpStatusCode.Created:
return(Created($"api/templates/build/{result.Content}", result.Content));
case HttpStatusCode.BadRequest:
return(BadRequest(result.ModelState));
default:
return(StatusCode((int)result.StatusCode));
}
}