public async Task IsOwnMembershipQueryHandler_ShouldReturnFalse_WhenMembershipIsForeign() { // Arrange IsOwnMembershipQuery request = new IsOwnMembershipQuery { GroupMembershipId = 2 }; IQueryable <GroupMembership> expectedMembership = new[] { new GroupMembership { GroupMembershipId = 2, UserId = 142, GroupId = 2 } } .AsQueryable() .BuildMock() .Object; _unitOfWorkMock .Setup(m => m.GroupMemberships.GetById(request.GroupMembershipId)) .Returns(expectedMembership); IsOwnMembershipQuery.Handler handler = new IsOwnMembershipQuery.Handler(_unitOfWorkMock.Object, _userProviderMock.Object); // Act bool isOwn = await handler.Handle(request); // Assert Assert.False(isOwn); }
public async Task <ActionResult> UpdateMembership([FromRoute] int membershipId, [FromBody] UpdateMembershipBody body, CancellationToken cancellationToken = default) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } // Check if membership exists MembershipExistsQuery existsQuery = new MembershipExistsQuery { GroupMembershipId = membershipId }; bool exists = await _mediator.Send(existsQuery, cancellationToken); if (!exists) { return(NotFound(new ErrorResource { StatusCode = StatusCodes.Status404NotFound, Message = $"Membership with ID '{membershipId}' does not exist" })); } // Check if the user wants to update himself IsOwnMembershipQuery isOwnMembershipQuery = new IsOwnMembershipQuery { GroupMembershipId = membershipId }; bool isOwnMembership = await _mediator.Send(isOwnMembershipQuery, cancellationToken); if (isOwnMembership) { return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource { StatusCode = StatusCodes.Status403Forbidden, Message = "Cannot update your own membership" })); } // Check if the current user is allowed to update the membership CanUpdateMembershipQuery canUpdateQuery = new CanUpdateMembershipQuery { GroupMembershipIdToUpdate = membershipId }; bool canUpdate = await _mediator.Send(canUpdateQuery, cancellationToken); if (!canUpdate) { return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource { StatusCode = StatusCodes.Status403Forbidden, Message = "You are not permitted to mutate users in this group. This privilege is only granted to administrators of the group" })); } // Update membership UpdateMembershipCommand updateCommand = new UpdateMembershipCommand { GroupMembershipId = membershipId, IsAdmin = body.IsAdmin != null && (bool)body.IsAdmin }; await _mediator.Send(updateCommand, cancellationToken); return(NoContent()); }