public AuthorizationBuilder AllowInternalAreaAccess() { A.CallTo(() => fake.EnsureCanAccessInternalArea()).DoesNothing(); A.CallTo(() => fake.EnsureCanAccessInternalArea(A <bool> ._)).DoesNothing(); A.CallTo(() => fake.CheckCanAccessInternalArea()).Returns(true); A.CallTo(() => fake.CheckCanAccessInternalArea(A <bool> ._)).Returns(true); return(this); }
public async Task GetUserDataHandler_NotRequestingCurrentUser_AndUserIsNotAdmin_ThrowsException() { var otherUserId = Guid.NewGuid().ToString(); A.CallTo(() => userContext.UserId) .Returns(Guid.NewGuid()); A.CallTo(() => weeeAuthorization.CheckCanAccessInternalArea()) .Returns(false); await Assert.ThrowsAsync <UnauthorizedAccessException>( async() => await GetUserDataHandler().HandleAsync(new GetUserData(otherUserId))); }
public async Task <bool> HandleAsync(UpdateSchemeContactDetails message) { authorization.EnsureInternalOrOrganisationAccess(message.SchemeData.OrganisationId); if (authorization.CheckCanAccessInternalArea()) { authorization.EnsureUserInRole(Roles.InternalAdmin); } var scheme = await dataAccess.FetchSchemeAsync(message.SchemeData.OrganisationId); if (scheme == null) { var errorMessage = $"A scheme with organisation id \"{message.SchemeData.OrganisationId}\" could not be found."; throw new ArgumentException(errorMessage); } var contact = new Contact( message.SchemeData.Contact.FirstName, message.SchemeData.Contact.LastName, message.SchemeData.Contact.Position); var contactChanged = !contact.Equals(scheme.Contact); scheme.AddOrUpdateMainContactPerson(contact); var country = await dataAccess.FetchCountryAsync(message.SchemeData.Address.CountryId); var address = new Address( message.SchemeData.Address.Address1, message.SchemeData.Address.Address2, message.SchemeData.Address.TownOrCity, message.SchemeData.Address.CountyOrRegion, message.SchemeData.Address.Postcode, country, message.SchemeData.Address.Telephone, message.SchemeData.Address.Email); var schemeAddressChanged = !address.Equals(scheme.Address); scheme.AddOrUpdateAddress(address); await dataAccess.SaveAsync(); if (message.SendNotificationOnChange && (contactChanged || schemeAddressChanged) && scheme.CompetentAuthority != null) { await weeeEmailService.SendOrganisationContactDetailsChanged(scheme.CompetentAuthority.Email, scheme.SchemeName, EntityType.Pcs); } return(true); }
public async Task <UserData> HandleAsync(GetUserData query) { string userId = userContext.UserId.ToString(); if (query.Id != userId && !weeeAuthorization.CheckCanAccessInternalArea()) { throw new UnauthorizedAccessException( string.Format("User {0} is not able to access data relating to another user ({1})", userId, query.Id)); } return(await context.Users.Select(u => new UserData { Email = u.Email, FirstName = u.FirstName, Id = u.Id, Surname = u.Surname, }).SingleOrDefaultAsync(u => u.Id == query.Id)); }