public async Task Post_UserCannotAccessVenue_ReturnsForbidden(TestUserType userType)
{
// Arrange
var provider = await TestData.CreateProvider();
var venueId = (await TestData.CreateVenue(provider.ProviderId, createdBy: User.ToUserInfo())).VenueId;
var anotherProvider = await TestData.CreateProvider();
await TestData.CreatePostcodeInfo("CV1 2AA", latitude : 42D, longitude : 43D, inEngland : true);
var requestContent = new FormUrlEncodedContentBuilder()
.Add("AddressLine1", "Updated address line 1")
.Add("AddressLine2", "Updated address line 2")
.Add("Town", "Updated town")
.Add("County", "Updated county")
.Add("Postcode", "CV1 2AA")
.ToContent();
var request = new HttpRequestMessage(HttpMethod.Post, $"venues/{venueId}/address")
{
Content = requestContent
};
await User.AsTestUser(userType, anotherProvider.ProviderId);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
}
public async Task Post_UserCannotAccessCourse_ReturnsForbidden(TestUserType userType)
{
// Arrange
var anotherProviderId = await TestData.CreateProvider(ukprn : 23456);
var providerId = await TestData.CreateProvider(ukprn : 12345);
var courseId = await TestData.CreateCourse(providerId, createdBy : User.ToUserInfo());
var courseRunId = await GetCourseRunIdForCourse(courseId);
var requestContent = new FormUrlEncodedContentBuilder()
.Add("Confirm", "true")
.ToContent();
var request = new HttpRequestMessage(
HttpMethod.Post,
$"/courses/{courseId}/course-runs/{courseRunId}/delete?returnUrl=%2fcourses")
{
Content = requestContent
};
await User.AsTestUser(userType, anotherProviderId);
CreateFormFlowInstance(courseId, courseRunId);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
public async Task Get_ProviderUserCannotAccess(TestUserType testUserType)
{
// Arrange
var provider = await TestData.CreateProvider(
providerName : "Provider 1",
apprenticeshipQAStatus : ApprenticeshipQAStatus.Submitted | ApprenticeshipQAStatus.UnableToComplete);
var providerUser = await TestData.CreateUser(providerId : provider.ProviderId);
var standard = await TestData.CreateStandard(standardCode : 1234, version : 1, standardName : "Test Standard");
var apprenticeshipId = (await TestData.CreateApprenticeship(provider.ProviderId, standard, createdBy: User.ToUserInfo())).Id;
await TestData.CreateApprenticeshipQASubmission(
provider.ProviderId,
submittedOn : Clock.UtcNow,
submittedByUserId : providerUser.UserId,
providerMarketingInformation : "The overview",
apprenticeshipIds : new[] { apprenticeshipId });
await TestData.CreateApprenticeshipQAUnableToCompleteInfo(
provider.ProviderId,
ApprenticeshipQAUnableToCompleteReasons.ProviderHasAppliedToTheWrongRoute | ApprenticeshipQAUnableToCompleteReasons.ProviderDevelopingProvision,
comments : "Some feedback",
addedByUserId : User.UserId,
addedOn : Clock.UtcNow);
await User.AsTestUser(testUserType, provider.ProviderId);
// Act
var response = await HttpClient.GetAsync($"apprenticeship-qa/{provider.ProviderId}/status");
// Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
public async Task Post_UserCannotAccessReturnsForbidden(TestUserType testUserType)
{
// Arrange
var provider = await TestData.CreateProvider(
providerName : "Provider 1",
apprenticeshipQAStatus : ApprenticeshipQAStatus.Submitted);
var providerUser = await TestData.CreateUser(providerId : provider.ProviderId);
var standard = await TestData.CreateStandard(standardCode : 1234, version : 1, standardName : "Test Standard");
var apprenticeshipId = (await TestData.CreateApprenticeship(provider.ProviderId, standard, createdBy: User.ToUserInfo())).Id;
await TestData.CreateApprenticeshipQASubmission(
provider.ProviderId,
submittedOn : Clock.UtcNow,
submittedByUserId : providerUser.UserId,
providerMarketingInformation : "The overview",
apprenticeshipIds : new[] { apprenticeshipId });
await User.AsTestUser(testUserType, provider.ProviderId);
var requestContent = new FormUrlEncodedContentBuilder()
.Add("UnableToComplete", bool.TrueString)
.ToContent();
// Act
var response = await HttpClient.PostAsync($"apprenticeship-qa/{provider.ProviderId}/status", requestContent);
// Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
public async Task Get_ProviderUserCannotAccess(TestUserType testUserType)
{
// Arrange
var provider = await TestData.CreateProvider(
providerName : "Provider 1",
apprenticeshipQAStatus : ApprenticeshipQAStatus.Submitted);
var providerUser = await TestData.CreateUser(providerId : provider.ProviderId);
var standard = await TestData.CreateStandard(standardCode : 1234, version : 1, standardName : "Test Standard");
var apprenticeshipId = (await TestData.CreateApprenticeship(provider.ProviderId, standard, createdBy: User.ToUserInfo())).Id;
await TestData.CreateApprenticeshipQASubmission(
provider.ProviderId,
submittedOn : Clock.UtcNow,
submittedByUserId : providerUser.UserId,
providerMarketingInformation : "The overview",
apprenticeshipIds : new[] { apprenticeshipId });
await User.AsTestUser(testUserType, provider.ProviderId);
// Act
var response = await HttpClient.GetAsync($"apprenticeship-qa/{provider.ProviderId}");
// Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
public async Task DeleteVenue_Post_WithMismatchedProvider_ReturnsForbidden(TestUserType userType)
{
// Arrange
var provider1 = await TestData.CreateProvider(providerType : ProviderType.FE);
var provider2 = await TestData.CreateProvider(providerType : ProviderType.FE);
var venue = await TestData.CreateVenue(provider1.ProviderId);
await User.AsTestUser(userType, provider2.ProviderId);
var requestContent = new FormUrlEncodedContentBuilder()
.Add(nameof(Command.Confirm), true)
.Add(nameof(Command.ProviderId), provider1)
.ToContent();
var request = new HttpRequestMessage(HttpMethod.Post, $"/venues/{venue.Id}/delete")
{
Content = requestContent
};
// Act
var response = await HttpClient.SendAsync(request);
// Assert
response.StatusCode.Should().Be(StatusCodes.Status403Forbidden);
}
public async Task Get_ValidRequest_RendersExpectedContent(TestUserType userType)
{
// Arrange
var provider = await TestData.CreateProvider(
providerName : "My Provider",
providerType : ProviderType.FE,
providerStatus : "Active",
alias : "My Trading Name");
var request = new HttpRequestMessage(HttpMethod.Get, $"providers?providerId={provider.ProviderId}");
await User.AsTestUser(userType, provider.ProviderId);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var doc = await response.GetDocument();
Assert.Equal("My Provider", doc.GetElementByTestId("ProviderName").TextContent);
Assert.Equal("Active", doc.GetSummaryListValueWithKey("Course directory status"));
Assert.Equal(provider.Ukprn.ToString(), doc.GetSummaryListValueWithKey("UKPRN"));
Assert.Equal("My Trading Name", doc.GetSummaryListValueWithKey("Trading name"));
Assert.Equal("FE Courses", doc.GetSummaryListValueWithKey("Provider type"));
}
public async Task ProviderUsersForDifferentProviderAsCourse_AreBlocked(TestUserType userType)
{
// Arrange
var anotherProvider = await TestData.CreateProvider();
var tLevelDefinitions = await TestData.CreateInitialTLevelDefinitions();
var provider = await TestData.CreateProvider(
providerType : ProviderType.TLevels,
tLevelDefinitionIds : tLevelDefinitions.Select(tld => tld.TLevelDefinitionId).ToArray());
var providerUser = await TestData.CreateUser(providerId : provider.ProviderId);
var venueId = (await TestData.CreateVenue(provider.ProviderId, createdBy: User.ToUserInfo())).VenueId;
var tLevel = await TestData.CreateTLevel(
provider.ProviderId,
tLevelDefinitions.First().TLevelDefinitionId,
locationVenueIds : new[] { venueId },
createdBy : User.ToUserInfo());
var request = new HttpRequestMessage(
HttpMethod.Get,
$"/AuthorizeTLevelAttributeTests/{tLevel.TLevelId}");
await User.AsTestUser(userType, anotherProvider.ProviderId);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
public async Task ProviderUserForTLevelsOnlyProvider_RendersExpectedNav(TestUserType testUserType)
{
// Arrange
var provider = await TestData.CreateProvider(
providerType : ProviderType.TLevels,
providerName : "Test Provider");
await User.AsTestUser(testUserType, provider.ProviderId);
// Act
var response = await HttpClient.GetAsync($"/tests/empty-provider-context");
// Assert
response.EnsureSuccessStatusCode();
var doc = await response.GetDocument();
var topLevelLinks = GetTopLevelNavLinks(doc);
var subNavLinks = GetSubNavLinks(doc);
topLevelLinks.Count.Should().Be(4);
using (new AssertionScope())
{
topLevelLinks[0].TestId.Should().Be("topnav-home");
topLevelLinks[1].TestId.Should().Be("topnav-tlevels");
topLevelLinks[2].TestId.Should().Be("topnav-locations");
topLevelLinks[3].TestId.Should().Be("topnav-signout");
}
subNavLinks.Count.Should().Be(0);
}
public async Task Get_UserCannotAccessTLevel_ReturnsForbidden(TestUserType userType)
{
// Arrange
var tLevelDefinitions = await TestData.CreateInitialTLevelDefinitions();
var anotherProvider = await TestData.CreateProvider(
providerType : ProviderType.TLevels,
tLevelDefinitionIds : tLevelDefinitions.Select(tld => tld.TLevelDefinitionId).ToArray());
var provider = await TestData.CreateProvider(
providerType : ProviderType.TLevels,
tLevelDefinitionIds : tLevelDefinitions.Select(tld => tld.TLevelDefinitionId).ToArray());
var venueId = (await TestData.CreateVenue(provider.ProviderId)).Id;
var tLevel = await TestData.CreateTLevel(
provider.ProviderId,
tLevelDefinitions.First().TLevelDefinitionId,
locationVenueIds : new[] { venueId },
createdBy : User.ToUserInfo());
var request = new HttpRequestMessage(HttpMethod.Get, $"/t-levels/{tLevel.TLevelId}/delete");
await User.AsTestUser(userType, anotherProvider.ProviderId);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
}
public Task AsTestUser(TestUserType userType, Guid?providerId = null)
{
if ((userType == TestUserType.ProviderSuperUser || userType == TestUserType.ProviderUser) &&
!providerId.HasValue)
{
throw new ArgumentNullException(nameof(providerId));
}
switch (userType)
{
case TestUserType.Developer:
return(AsDeveloper());
case TestUserType.Helpdesk:
return(AsHelpdesk());
case TestUserType.ProviderSuperUser:
return(AsProviderSuperUser(providerId.Value, Core.Models.ProviderType.FE | Core.Models.ProviderType.Apprenticeships));
case TestUserType.ProviderUser:
return(AsProviderUser(providerId.Value, Core.Models.ProviderType.FE | Core.Models.ProviderType.Apprenticeships));
default:
throw new ArgumentException($"Unknown test user type: '{userType}'.", nameof(userType));
}
}
public async Task Get_UserCannotAccessApprenticeship_ReturnsForbidden(TestUserType userType)
{
// Arrange
var anotherProvider = await TestData.CreateProvider(
providerType : ProviderType.Apprenticeships);
var provider = await TestData.CreateProvider(
providerType : ProviderType.Apprenticeships);
var apprenticeshipTitle = await TestData.CreateStandard(standardName : "");
var apprenticeship = await TestData.CreateApprenticeship(
provider.ProviderId,
apprenticeshipTitle,
createdBy : User.ToUserInfo());
var request = new HttpRequestMessage(HttpMethod.Get, $"/apprenticeships/delete/{apprenticeship.ApprenticeshipId}");
await User.AsTestUser(userType, anotherProvider.ProviderId);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
}
public async Task ProviderUserForBothFEAndApprenticeships_RendersExpectedNav(TestUserType testUserType)
{
// Arrange
var providerId = await TestData.CreateProvider(
providerType : ProviderType.FE | ProviderType.Apprenticeships,
providerName : "Test Provider");
await User.AsTestUser(testUserType, providerId);
// Act
var response = await HttpClient.GetAsync($"/tests/empty-provider-context");
// Assert
response.EnsureSuccessStatusCode();
var doc = await response.GetDocument();
var topLevelLinks = GetTopLevelNavLinks(doc);
var subNavLinks = GetSubNavLinks(doc);
topLevelLinks.Count.Should().Be(6);
using (new AssertionScope())
{
topLevelLinks[0].TestId.Should().Be("topnav-home");
topLevelLinks[1].TestId.Should().Be("topnav-courses");
topLevelLinks[2].TestId.Should().Be("topnav-apprenticeships");
topLevelLinks[3].TestId.Should().Be("topnav-locations");
topLevelLinks[4].TestId.Should().Be("topnav-bulkupload");
topLevelLinks[4].Href.Should().Be("/BulkUpload/LandingOptions");
topLevelLinks[5].TestId.Should().Be("topnav-signout");
}
subNavLinks.Count.Should().Be(0);
}
public async Task Post_UserCannotAccessCourse_ReturnsForbidden(TestUserType userType)
{
// Arrange
var anotherProvider = await TestData.CreateProvider(
providerType : ProviderType.Apprenticeships);
var provider = await TestData.CreateProvider(
providerType : ProviderType.Apprenticeships);
var apprenticeshipTitle = await TestData.CreateStandard(standardName : "");
var requestContent = new FormUrlEncodedContentBuilder()
.Add("Confirm", "true")
.ToContent();
var apprenticeship = await TestData.CreateApprenticeship(
provider.ProviderId,
apprenticeshipTitle,
createdBy : User.ToUserInfo());
var request = new HttpRequestMessage(HttpMethod.Post, $"/apprenticeships/delete/{apprenticeship.ApprenticeshipId}")
{
Content = requestContent
};
CreateJourneyInstance(apprenticeship.ApprenticeshipId);
await User.AsTestUser(userType, anotherProvider.ProviderId);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
}
public async Task Post_UserCannotAccessVenue_ReturnsForbidden(TestUserType userType)
{
// Arrange
var providerId = await TestData.CreateProvider(ukprn : 12345);
var venueId = await TestData.CreateVenue(providerId);
var anotherProviderId = await TestData.CreateProvider(ukprn : 67890);
var requestContent = new FormUrlEncodedContentBuilder()
.Add("Website", "new-provider.com")
.ToContent();
var request = new HttpRequestMessage(HttpMethod.Post, $"venues/{venueId}/website")
{
Content = requestContent
};
await User.AsTestUser(userType, anotherProviderId);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
}
public async Task Post_UserCannotAccessVenue_ReturnsForbidden(TestUserType userType)
{
// Arrange
var provider = await TestData.CreateProvider();
var venueId = (await TestData.CreateVenue(provider.ProviderId)).Id;
var anotherProvider = await TestData.CreateProvider();
var requestContent = new FormUrlEncodedContentBuilder()
.Add("PhoneNumber", "020 7946 0000")
.ToContent();
var request = new HttpRequestMessage(HttpMethod.Post, $"venues/{venueId}/phone-number")
{
Content = requestContent
};
await User.AsTestUser(userType, anotherProvider.ProviderId);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
}
public async Task AdminUserWithoutProviderContext_RendersExpectedNav(TestUserType testUserType)
{
// Arrange
await User.AsTestUser(testUserType);
// Act
var response = await HttpClient.GetAsync("/tests/empty-provider-context");
// Assert
response.EnsureSuccessStatusCode();
var doc = await response.GetDocument();
var topLevelLinks = GetTopLevelNavLinks(doc);
var subNavLinks = GetSubNavLinks(doc);
topLevelLinks.Count.Should().Be(6);
using (new AssertionScope())
{
topLevelLinks[0].TestId.Should().Be("topnav-home");
topLevelLinks[1].TestId.Should().Be("topnav-qa");
topLevelLinks[2].TestId.Should().Be("topnav-searchproviders");
topLevelLinks[3].TestId.Should().Be("topnav-manageusers");
topLevelLinks[4].TestId.Should().Be("topnav-migrationreports");
topLevelLinks[5].TestId.Should().Be("topnav-signout");
}
subNavLinks.Count.Should().Be(0);
}
public async Task Post_UserCannotAccessTLevel_ReturnsForbidden(TestUserType userType)
{
// Arrange
var anotherProvider = await TestData.CreateProvider(providerType : ProviderType.TLevels);
var tLevelDefinitions = await TestData.CreateInitialTLevelDefinitions();
var authorizedTLevelDefinitionIds = tLevelDefinitions.Select(tld => tld.TLevelDefinitionId).ToArray();
var provider = await TestData.CreateProvider(
providerType : ProviderType.TLevels,
tLevelDefinitionIds : authorizedTLevelDefinitionIds);
var venue = await TestData.CreateVenue(provider.ProviderId, venueName : "T Level venue");
var tLevelDefinition = tLevelDefinitions.First();
var whoFor = "Who for";
var entryRequirements = "Entry requirements";
var whatYoullLearn = "What you'll learn";
var howYoullLearn = "How you'll learn";
var howYoullBeAssessed = "How you'll be assessed";
var whatYouCanDoNext = "What you can do next";
var yourReference = "YOUR-REF";
var startDate = new DateTime(2021, 4, 1);
var website = "http://example.com/tlevel";
var tLevel = await TestData.CreateTLevel(
provider.ProviderId,
tLevelDefinition.TLevelDefinitionId,
whoFor : whoFor,
entryRequirements : entryRequirements,
whatYoullLearn : whatYoullLearn,
howYoullLearn : howYoullLearn,
howYoullBeAssessed : howYoullBeAssessed,
whatYouCanDoNext : whatYouCanDoNext,
yourReference : yourReference,
startDate : startDate,
locationVenueIds : new[] { venue.Id },
website : website,
createdBy : User.ToUserInfo());
var journeyInstance = await CreateJourneyInstance(tLevel.TLevelId);
var request = new HttpRequestMessage(
HttpMethod.Post,
$"/t-levels/{tLevel.TLevelId}/check-publish?ffiid={journeyInstance.InstanceId.UniqueKey}")
{
Content = new FormUrlEncodedContentBuilder().ToContent()
};
await User.AsTestUser(userType, anotherProvider.ProviderId);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
}
public async Task LiveTLevelsReport_WithAdminUser_ReturnsExpectedCsv(TestUserType userType)
{
//Arange
var tLevelDefinitions = await TestData.CreateInitialTLevelDefinitions();
var providers = await Task.WhenAll(Enumerable.Range(0, 3).Select(async i =>
{
var providerName = $"TestProvider{i}";
var provider = await TestData.CreateProvider(providerName: providerName, providerType: ProviderType.TLevels, tLevelDefinitionIds: tLevelDefinitions.Select(d => d.TLevelDefinitionId).ToArray());
return(new { ProviderId = provider.ProviderId, Ukprn = provider.Ukprn, ProviderName = providerName });
}));
var tLevels = (await Task.WhenAll(providers.Select(async(p, i) =>
{
var user = await TestData.CreateUser($"TestUser{p.ProviderId}-{i}");
var venues = await Task.WhenAll(Enumerable.Range(0, 3).Select(
ii => TestData.CreateVenue(p.ProviderId, createdBy: User.ToUserInfo(), venueName: $"TestVenue{p.ProviderId}-{ii}")));
return(await Task.WhenAll(venues.Select((v, ii) =>
TestData.CreateTLevel(p.ProviderId, tLevelDefinitions.OrderBy(_ => Guid.NewGuid()).Select(d => d.TLevelDefinitionId).First(), new[] { v.VenueId }, user, startDate: Clock.UtcNow.AddDays(ii).Date))));
}))).SelectMany(t => t).ToArray();
await User.AsTestUser(userType);
var request = new HttpRequestMessage(
HttpMethod.Get,
$"/t-levels/reports/live-t-levels");
// Act
var response = await HttpClient.SendAsync(request);
// Assert
response.StatusCode.Should().Be(StatusCodes.Status200OK);
response.Content.Headers.ContentType.ToString().Should().Be("text/csv");
response.Content.Headers.ContentDisposition.ToString().Should().Be($"attachment; filename=LiveTLevelsReport-{Clock.UtcNow:yyyyMMddHHmmss}.csv");
using var reader = new StreamReader(await response.Content.ReadAsStreamAsync());
using var csvReader = new CsvReader(reader, CultureInfo.InvariantCulture);
var records = csvReader.GetRecords <Features.TLevels.Reporting.LiveTLevelsReport.Csv>();
records.Should().BeEquivalentTo(tLevels.Select(t =>
{
var p = providers.Single(p => p.ProviderId == t.ProviderId);
return(new Features.TLevels.Reporting.LiveTLevelsReport.Csv
{
ProviderUkprn = p.Ukprn,
ProviderName = p.ProviderName,
TLevelName = t.TLevelDefinition.Name,
VenueName = t.Locations.Single().VenueName,
StartDate = t.StartDate
});
}).OrderBy(r => r.ProviderUkprn).ThenBy(r => r.TLevelName).ThenBy(r => r.VenueName).ThenBy(r => r.StartDate));
}
protected void InitController(System.Web.Mvc.Controller controller, TestUserType userType)
{
controller.ControllerContext = new ControllerContext()
{
Controller = controller,
RequestContext = new System.Web.Routing.RequestContext(new MockHttpContext(userType), new System.Web.Routing.RouteData())
};
//
// TODO: Add constructor logic here
//
}
protected void InitController(System.Web.Mvc.Controller controller, TestUserType userType)
{
controller.ControllerContext = new ControllerContext()
{
Controller = controller,
RequestContext = new System.Web.Routing.RequestContext(new MockHttpContext(userType), new System.Web.Routing.RouteData())
};
//
// TODO: Add constructor logic here
//
}
public async Task Get_AdminsCanAccess(TestUserType userType)
{
// Arrange
await User.AsTestUser(userType);
// Act
var response = await HttpClient.GetAsync("helpdesk-dashboard");
// Assert
response.StatusCode.Should().Be(StatusCodes.Status200OK);
}
public async Task Get_AdminsCanAccess(TestUserType userType)
{
// Arrange
await User.AsTestUser(userType);
// Act
var response = await HttpClient.GetAsync("helpdesk-dashboard");
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
}
public async Task AdminUser_MissingQueryParam_DoesNotAssignContext(TestUserType userType)
{
// Arrange
await User.AsTestUser(userType);
// Act
var response = await HttpClient.GetAsync($"currentprovideractionfiltertests?providerId=");
// Assert
Assert.False(response.IsSuccessStatusCode);
}
public async Task Get_AuthenticatedUser_ReturnsOk(TestUserType userType)
{
// Arrange
var provider = await TestData.CreateProvider();
await User.AsTestUser(userType, provider.ProviderId);
// Act
var response = await HttpClient.GetAsync("cookies/details");
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
}
public async Task Get_ProviderUserCannotAccess(TestUserType userType)
{
// Arrange
var provider = await TestData.CreateProvider();
await User.AsTestUser(userType, provider.ProviderId);
// Act
var response = await HttpClient.GetAsync("helpdesk-dashboard");
// Assert
response.StatusCode.Should().Be(StatusCodes.Status403Forbidden);
}
public async Task AdminUsers_AreNotBlocked(TestUserType userType)
{
// Arrange
var request = new HttpRequestMessage(HttpMethod.Get, "/RequireUserIsAdminTests");
await User.AsTestUser(userType);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
}
public async Task Get_ProviderUserCannotAccess(TestUserType userType)
{
// Arrange
var provider = await TestData.CreateProvider();
await User.AsTestUser(userType, provider.ProviderId);
// Act
var response = await HttpClient.GetAsync("apprenticeship-qa");
// Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
public async Task AdminUser_RedirectsToHelpdeskDashboard(TestUserType userType)
{
// Arrange
await User.AsTestUser(userType);
var request = new HttpRequestMessage(HttpMethod.Get, "/");
// Act
var response = await HttpClient.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Found);
response.Headers.Location.OriginalString.Should().Be("/helpdesk-dashboard");
}
public async Task Post_UserCannotAccessVenue_ReturnsForbidden(TestUserType userType)
{
// Arrange
var provider = await TestData.CreateProvider();
var venueId = (await TestData.CreateVenue(provider.ProviderId)).Id;
var anotherProvider = await TestData.CreateProvider();
OnspdSearchClient
.Setup(c => c.Search(It.Is <OnspdSearchQuery>(q => q.Postcode == "CV1 2AA")))
.ReturnsAsync(new SearchResult <Onspd>()
{
Items = new[]
{
new SearchResultItem <Onspd>()
{
Record = new Onspd()
{
pcds = "CV1 2AA",
Country = "England",
lat = 42M,
@long = 43M
}
}
}
});
var requestContent = new FormUrlEncodedContentBuilder()
.Add("AddressLine1", "Updated address line 1")
.Add("AddressLine2", "Updated address line 2")
.Add("Town", "Updated town")
.Add("County", "Updated county")
.Add("Postcode", "CV1 2AA")
.ToContent();
var request = new HttpRequestMessage(HttpMethod.Post, $"venues/{venueId}/address")
{
Content = requestContent
};
await User.AsTestUser(userType, anotherProvider.ProviderId);
// Act
var response = await HttpClient.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
}
public async Task Get_ProviderUser_ReturnsForbidden(TestUserType userType)
{
// Arrange
var provider = await TestData.CreateProvider(
providerType : ProviderType.Apprenticeships,
marketingInformation : "Current overview");
await User.AsTestUser(userType, provider.ProviderId);
// Act
var response = await HttpClient.GetAsync($"/providers/info?providerId={provider.ProviderId}");
// Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
public MockHttpContext()
: base()
{
userType = TestUserType.Public;
}
public MockHttpContext(TestUserType userType)
: base()
{
this.userType = userType;
}