public void CanEditSnippet()
        {
            Snippet sn = new Snippet
            {
                Id = 1,
                Title = "T1",
                Content = "C1",
                UserId = 1
            };
            Mock<ISnippetRepository> repo = new Mock<ISnippetRepository>();
            repo.Setup(m => m.GetById(It.Is<long>(x => x == 1))).Returns(sn);

            var snippet = new Snippet();
            repo.Setup(m => m.Update(It.Is<Snippet>(x => x.Id == 1))).Callback<Snippet>(x =>
                {
                    sn.Id = x.Id;
                    sn.Title = x.Title;
                    sn.Content = x.Content;
                });

            Mock<IWebSecurity> webSec = new Mock<IWebSecurity>();
            webSec.Setup(x => x.CurrentUserId).Returns(1);

            EditVM vm = new EditVM
            {
                Id = 1,
                Title = "TT1",
                Content = "CC1",
            };

            var controller = new HomeController(repo.Object, webSec.Object);
            var result = controller.Edit(vm) as RedirectResult;

            Assert.AreEqual("TT1", sn.Title);
            Assert.AreEqual("CC1", sn.Content);
        }
        public ActionResult Edit(long id)
        {
            var snippet = this.snippetRepo.GetById(id);
            if (snippet == null)
            {
                return HttpNotFound("Snippet with id " + id + " was not found");
            }

            int? userId = snippet.UserId;
            if (userId == null || userId != webSecurity.CurrentUserId)
            {
                return new HttpUnauthorizedResult("User is performing unautorized action");
            }

            var vm = new EditVM
            {
                Id = snippet.Id,
                Title = snippet.Title,
                Content = snippet.Content
            };

            return View(vm);
        }
        public ActionResult Edit(EditVM snippet)
        {
            var dbSnippet = this.snippetRepo.GetById(snippet.Id);
            if (dbSnippet == null)
            {
                return HttpNotFound("Snippet with id " + snippet.Id + " was not found");
            }

            int? userId = dbSnippet.UserId;
            if (userId == null || userId != webSecurity.CurrentUserId)
            {
                return new HttpUnauthorizedResult("User is performing unautorized action");
            }

            if (ModelState.IsValid)
            {
                dbSnippet.Title = snippet.Title;
                dbSnippet.Content = snippet.Content;
                dbSnippet.DatePublished = DateTime.Now;
                this.snippetRepo.Update(dbSnippet);
                return RedirectToAction("Show", new { id = dbSnippet.Id });
            }
            else
            {
                return View();
            }
        }
        public void UserCannotEditOtherUsersSnippets()
        {
            Snippet sn = new Snippet
            {
                Id = 1,
                Title = "T1",
                Content = "C1",
                UserId = 1
            };
            Mock<ISnippetRepository> repo = new Mock<ISnippetRepository>();
            repo.Setup(m => m.GetById(It.Is<long>(x => x == 1))).Returns(sn);

            var snippet = new Snippet();
            repo.Setup(m => m.Update(It.Is<Snippet>(x => x.Id == 1))).Callback<Snippet>(x =>
            {
                sn.Id = x.Id;
                sn.Title = x.Title;
                sn.Content = x.Content;
            });

            Mock<IWebSecurity> webSec = new Mock<IWebSecurity>();
            webSec.Setup(x => x.CurrentUserId).Returns(2);

            EditVM vm = new EditVM
            {
                Id = 1,
                Title = "TT1",
                Content = "CC1",
            };

            var controller = new HomeController(repo.Object, webSec.Object);
            var result = controller.Edit(vm) as HttpUnauthorizedResult;

            Assert.IsNotNull(result);
            Assert.AreEqual(401, result.StatusCode);
        }