public void Given_custom_principle_has_permission_but_not_one_checking_When_OnActionExecuting_Then_should_throw_401_not_authorised_exception()
        {
            // Given
            var permissions = new string[] { Permissions.ViewCompanyDetails.ToString() };

            var userDto = new UserDto()
            {
                CompanyId = 0,
                Permissions = permissions
            };

            var customPrincipal = CreateCustomPrincipal(userDto);
            var filterContext = new ActionExecutingContext
            {
                HttpContext = MvcMockHelpers.FakeHttpContext(customPrincipal)
            };

            var permissionFilterAttribute = new PermissionFilterAttribute(Permissions.ViewSiteDetails);

            // When
            permissionFilterAttribute.OnActionExecuting(filterContext);

            // Then
            Assert.That(filterContext.Result, Is.TypeOf<HttpUnauthorizedResult>());
        }
        public void Given_a_companyid_but_not_correct_for_custom_principal_When_OnActionExecuting_Then_should_throw_401_not_authorised_exception()
        {
            // Given
            const int userCompanyId = 1;
            const int urlCompanyId = 9999;

            var userDto = new UserDto()
            {
                CompanyId = userCompanyId,
                Permissions = new List<string>()
            };

            var customPrincipal = CreateCustomPrincipal(userDto);
            var actionParameters = new Dictionary<string, object>
                                       {
                                           {"companyId", urlCompanyId}
                                       };

            var filterContext = new ActionExecutingContext
            {
                HttpContext = MvcMockHelpers.FakeHttpContext(customPrincipal),
                ActionParameters = actionParameters
            };

            var urlHackingFilter = new UrlHackingFilter();


            // When
            urlHackingFilter.OnActionExecuting(filterContext);

            // Then
            Assert.That(filterContext.Result, Is.TypeOf<HttpUnauthorizedResult>());

        }
        public void Given_user_in_cache_and_company_not_in_cache_When_create_custom_principal_Then_should_call_correct_methods()
        {
            // Given
            string userCacheKey = "User:"******"Company:" + _companyId;

            var target = CreateTarget();

            _clientService
                .Setup(x => x.GetCompanyDetails(_companyId))
                .Returns(_companyDto);

            var userDto = new UserDto();
            _cacheHelper
                .Setup(x => x.Load(userCacheKey, out userDto))
                .Returns(true);

            // When
            target.Create(_companyId, _userId);

            // Then
             _cacheHelper.Verify(x => x.Add(_userDto, userCacheKey, 5),Times.Never());
            _clientService.VerifyAll();
            _cacheHelper.Verify(x => x.Add(It.Is<CompanyDto>(y => y.CompanyName == _companyDto.CompanyName), companyCacheKey, 1440));
        }
        public void Given_not_got_a_companyid_When_OnActionExecuting_Then_should_have_result_of_null()
        {
            // Given
            var userDto = new UserDto()
            {
                Permissions = new string[] { }
            };
            var customPrincipal = CreateCustomPrincipal(userDto);
            var actionParameters = new Dictionary<string, object>();
            
            var filterContext = new ActionExecutingContext
                                    {
                                        HttpContext = MvcMockHelpers.FakeHttpContext(customPrincipal),
                                        ActionParameters = actionParameters
                                    };

            var urlHackingFilter = new UrlHackingFilter();


            // When
            urlHackingFilter.OnActionExecuting(filterContext);

            // Then
            Assert.That(filterContext.Result, Is.Null);

        }
 public void Setup()
 {
     var userDto = new UserDto()
                       {
                           Permissions = new List<string>() {"DeleteSiteDetails"}
                       };
     _user = new CustomPrincipal(userDto, new CompanyDto());
 }
Esempio n. 6
0
 public CustomPrincipal(UserDto userDto, CompanyDto companyDto)
 {
     Identity = new GenericIdentity(GetUserIdentity(userDto));
     UserId = userDto.Id;
     CompanyId = userDto.CompanyId;
     FullName = userDto.Employee != null ? userDto.Employee.FullName : null;
     Email = userDto.Employee != null && userDto.Employee.MainContactDetails != null && userDto.Employee.MainContactDetails.Email != null ? userDto.Employee.MainContactDetails.Email: string.Empty;
     CompanyName = companyDto.CompanyName;
     _allowableSites = userDto.AllowedSites;
     _permissions = userDto.Permissions;
 }
        public void When_custom_principal_has_no_employer_Then_should_user_id_as_identity()
        {
            // Given
            var userDto = new UserDto()
                                  {
                                      Id = Guid.NewGuid()
                                  };
            

            // When
            var customPrinciple = new CustomPrincipal(userDto, new CompanyDto());

            // Then
            Assert.That(customPrinciple.Identity.Name, Is.EqualTo(userDto.Id.ToString()));
        }
Esempio n. 8
0
 public UserDto Map(User user)
 {
     if (user == null)
     {
         return new UserDto();
     }
     var userDto = new UserDto();
     userDto.Id = user.Id;
     userDto.CreatedOn = user.CreatedOn;
     userDto.Deleted = user.Deleted;
     userDto.LastModifiedOn = user.LastModifiedOn;
     userDto.CompanyId = user.CompanyId;
     userDto.IsRegistered = user.IsRegistered.HasValue ? user.IsRegistered.Value : true;
     return userDto;
 }
        public void Given_search_for_current_user_When_GetViewModel_is_called_Then_should_call_correct_methods()
        {
            //Given
            var target = CreateTarget();

            var user = new UserDto()
                              {
                                  CompanyId = _companyId, 
                                  Id = Guid.NewGuid(),
                                  Employee =  new EmployeeDto() {Id = Guid.NewGuid()}
                                  
                              };

            _userService
                .Setup(x => x.GetIncludingEmployeeAndSiteByIdAndCompanyId(user.Id, user.CompanyId))
                .Returns(user);

            var createdFrom = DateTime.Now.AddDays(1);
            var createdTo = DateTime.Now.AddDays(40);

            _taskService
                .Setup(x => x.Search(It.Is<SearchTasksRequest>(y => y.CompanyId == _companyId &&
                                                                    y.CompletedFrom.Value.ToShortDateString() == createdFrom.ToShortDateString() && 
                                                                    y.CompletedTo.Value.ToShortDateString() == createdTo.ToShortDateString())));

            

            //When
            var allowedSiteIds = new List<long>(){1,2,3};
            target
                .WithEmployeeId(null)
                .WithUser(CreateCustomPrincipal(user))
                .WithCompanyId(_companyId)
                .WithCompletedFrom(createdFrom.ToShortDateString())
                .WithCompletedTo(createdTo.ToShortDateString())
                .WithAllowedSiteIds(allowedSiteIds)
                .WithUserEmployeeId(CreateCustomPrincipal(user))
                .GetViewModel();

            //Then
            _userService.VerifyAll();
            _taskService.VerifyAll();
            
            _siteGroupService.Verify(x => x.GetByCompanyId(_companyId));
            _siteService.Verify(
                x =>
                x.Search(It.Is<SearchSitesRequest>(y => y.CompanyId == _companyId && y.AllowedSiteIds == allowedSiteIds)));
        }
        public void SetUp()
        {
            _cacheHelper = new Mock<ICacheHelper>();
            _userService = new Mock<IUserService>();
            _clientService = new Mock<IClientService>();
            _companyId = 500;
            _userId = Guid.NewGuid();
            _userDto = new UserDto()
                          {
                              Id = _userId
                          };
            _companyDto = new CompanyDetailsDto(_companyId, "Test Company", string.Empty, string.Empty, string.Empty,
                                                string.Empty, string.Empty, 100, string.Empty, string.Empty,
                                                string.Empty, string.Empty);

        }
        public void Given_editing_new_group_state_but_without_correct_permisions_Than_delete_should_not_be_enabled()
        {
            //Given
            var target = new SiteGroupDetailsViewModel { GroupId = 1 };
            var userDto = new UserDto()
            {
                CompanyId = 0,
                Permissions = new List<string>()
            };

            //When
            _user = new CustomPrincipal(userDto, new CompanyDto());
            var result = target.IsDeleteButtonEnabled(_user);

            //Then
            Assert.That(result, Is.False);
        }    
        public void Given_GetSummaryViewModel_Then_calls_correct_methods()
        {
            //Given
            var target = CreateTarget();

            var user = new UserDto()
            {
                CompanyId = _companyId,
                Id = Guid.NewGuid()
            };

            var passedRequest = new SearchTasksRequest();

            _taskService
                .Setup(x => x.GetOutstandingTasksSummary(It.IsAny<SearchTasksRequest>()))
                .Returns(new TaskListSummaryResponse())
                .Callback<SearchTasksRequest>(y => passedRequest = y);

            //When
            target
                .WithCompanyId(_companyId)
                .WithSiteGroupId(_siteGroupId)
                .WithSiteId(_siteId)
                .WithTaskCategoryId(_taskCategoryId)
                .WithEmployeeId(_employeeId)
                .WithAllowedSiteIds(_allowedSiteIds)
                .GetSummaryViewModel();

            //Then
            _taskService.Verify(x => x.GetOutstandingTasksSummary(It.IsAny<SearchTasksRequest>()), Times.Once());
            Assert.That(passedRequest.CompanyId, Is.EqualTo(_companyId));
            Assert.That(passedRequest.SiteGroupId, Is.EqualTo(_siteGroupId));
            Assert.That(passedRequest.SiteId, Is.EqualTo(_siteId));
            Assert.That(passedRequest.TaskCategoryId, Is.EqualTo(_taskCategoryId));
            Assert.That(passedRequest.EmployeeIds, Is.EqualTo(new List<Guid>() { _employeeId }));
            Assert.That(passedRequest.AllowedSiteIds, Is.EqualTo(_allowedSiteIds));
        }
Esempio n. 13
0
 private static string GetUserIdentity(UserDto userDto)
 {
     return userDto.Employee != null && userDto.Employee.MainContactDetails != null && !string.IsNullOrEmpty(userDto.Employee.MainContactDetails.Email) ? userDto.Employee.MainContactDetails.Email : userDto.Id.ToString();
 }
        public void Given_a_companyid_and_matches_custom_principal_company_id_When_OnActionExecuting_Then_should_return_null()
        {
            // Given
            const int userCompanyId = 1;
            const int urlCompanyId = 1;
            var userDto = new UserDto()
            {
                CompanyId = userCompanyId,
                Permissions = new string[] { }
            };
            var customPrincipal = CreateCustomPrincipal(userDto);
            var actionParameters = new Dictionary<string, object>
                                       {
                                           {"companyId", urlCompanyId}
                                       };

            var filterContext = new ActionExecutingContext
            {
                HttpContext = MvcMockHelpers.FakeHttpContext(customPrincipal),
                ActionParameters = actionParameters
            };

            var urlHackingFilter = new UrlHackingFilter();

            // When
            urlHackingFilter.OnActionExecuting(filterContext);

            // Then
            Assert.That(filterContext.Result, Is.Null);
        }
Esempio n. 15
0
        public void Given_valid_viewmodel_with_deleted_user_When_update_is_clicked_with_site_id_selected_Then_correct_user_service_is_called()
        {
            // Given
            var controller = CreateUserRoleController();

            var viewModel = new AddUsersViewModel
            {
                CompanyId = 999L,
                EmployeeId = Guid.NewGuid(),
                UserId = Guid.NewGuid(),
                RoleId = Guid.NewGuid(),
                SiteId = 10,
                SiteGroupId = null,
                EmployeeAlreadyExistsAsUser = true,
                IsUserDeleted = true
            };

            _userPermissionsViewModelFactory.Setup(x => x.GetViewModel(viewModel.CompanyId, viewModel.EmployeeId, true, true)).Returns(
               new AddUsersViewModel());

            UserDto user = new UserDto
                               {
                                   Id = Guid.NewGuid(),
                                   Employee = new EmployeeDto
                                                  {
                                                      MainContactDetails = new EmployeeContactDetailDto
                                                                               {
                                                                                   Email = "*****@*****.**",
                                                                                   Telephone1 = "098098",
                                                                                   Telephone2 = "098098"

                                                                               }
                                                  }
                               };
            _userService.Setup(x => x.GetByIdAndCompanyIdIncludeDeleted(It.IsAny<Guid>(), It.IsAny<long>())).Returns(
                user);
            // When
            controller.UpdateUser(viewModel);

            // Then
            _userService.Verify(
                x => x.ReinstateUser(viewModel.UserId, TestControllerHelpers.UserIdAssigned));
        }
        public void Given_custom_principal_has_valid_permission_When_OnActionExecuting_Then_should_return_null()
        {
            // Given
            var permissions = new string[] { Permissions.ViewCompanyDetails.ToString() };
            var userDto = new UserDto()
            {
                CompanyId = 0,
                Permissions = permissions
            };
            var customPrincipal = CreateCustomPrincipal(userDto);
            var filterContext = new ActionExecutingContext
            {
                HttpContext = MvcMockHelpers.FakeHttpContext(customPrincipal)
            };

            var permissionFilterAttribute = new PermissionFilterAttribute(Permissions.ViewCompanyDetails);

            // When
            permissionFilterAttribute.OnActionExecuting(filterContext);

            // Then
            Assert.That(filterContext.Result, Is.Null);
        }
        public void When_custom_principal_with_user_not_got_employer_email_Then_should_user_id_as_identity()
        {
            // Given
            var userDto = new UserDto()
            {
                Id = Guid.NewGuid(),
                Employee = new EmployeeDto()
                               {
                                   MainContactDetails = new EmployeeContactDetailDto { Email = string.Empty }
                               }
            };


            // When
            var customPrinciple = new CustomPrincipal(userDto, new CompanyDto());

            // Then
            Assert.That(customPrinciple.Identity.Name, Is.EqualTo(userDto.Id.ToString()));
        }
 private static CustomPrincipal CreateCustomPrincipal(UserDto userDto)
 {
     var customPrincipal = new CustomPrincipal(userDto, new CompanyDto());
     return customPrincipal;
 }
        private static CustomPrincipal CreateCustomPrinciple(IEnumerable<string> permissions, string companyName = "")
        {
            var userDto = new UserDto()
            {
                Id = Guid.Empty,
                CompanyId = 0,
                Permissions = permissions
            };
            
            var companyDto = new CompanyDto()
            {
                CompanyName = companyName,
                Id = 100L
            };

            var customPrinciple = new CustomPrincipal(userDto, companyDto);
            return customPrinciple;
        }
        public void When_custom_principal_with_employer_email_Then_should_employer_email_as_identity()
        {
            // Given
            var userDto = new UserDto()
            {
                Id = Guid.NewGuid(),
                Employee = new EmployeeDto()
                {
                    MainContactDetails = new EmployeeContactDetailDto { Email = "*****@*****.**" }
                }
            };


            // When
            var customPrinciple = new CustomPrincipal(userDto, new CompanyDto());

            // Then
            Assert.That(customPrinciple.Identity.Name, Is.EqualTo(userDto.Employee.MainContactDetails.Email));
        }
        public void Given_search_by_title_When_GetViewModel_Then_passed_requested_title_to_task_service()
        {
            //Given
            var target = CreateTarget();

            const string title = "title";

            var user = new UserDto()
            {
                CompanyId = _companyId,
                Id = Guid.NewGuid(),
                Employee = new EmployeeDto() { Id = Guid.NewGuid() }

            };

            _userService
                .Setup(x => x.GetIncludingEmployeeAndSiteByIdAndCompanyId(user.Id, user.CompanyId))
                .Returns(user);

            var createdFrom = DateTime.Now.AddDays(1);
            var createdTo = DateTime.Now.AddDays(40);

            _taskService
                .Setup(x => x.Search(It.IsAny<SearchTasksRequest>()));



            //When
            var allowedSiteIds = new List<long>() { 1, 2, 3 };
            target
                .WithTitle(title)
                .GetViewModel();

            //Then
            _taskService.Verify(x => x.Search(It.Is<SearchTasksRequest>(y => y.Title == title)));
        }