public async void OrganisationUserExists_AndDoesNotMatchCurrentUserId_DoesNotChangeManageUserData() { var existingUserId = Guid.NewGuid(); var currentUserId = Guid.NewGuid(); var organisationUserId = Guid.NewGuid(); var manageUserData = new ManageUserData { UserId = existingUserId.ToString() }; A.CallTo(() => dataAccess.GetOrganisationUser(organisationUserId)) .Returns(manageUserData); A.CallTo(() => userContext.UserId) .Returns(currentUserId); var result = await GetUserDataHandler().HandleAsync(new GetUserData(organisationUserId)); Assert.Equal(manageUserData, result); }
public async Task <ManageUserData> HandleAsync(GetUserData query) { authorization.EnsureCanAccessInternalArea(); var manageUserData = await dataAccess.GetOrganisationUser(query.OrganisationUserId) ?? await dataAccess.GetCompetentAuthorityUser(query.OrganisationUserId); if (manageUserData != null && userContext != null && userContext.UserId.ToString() == manageUserData.UserId) { manageUserData.CanManageRoleAndStatus = false; } manageUserData.CanEditUser = authorization.CheckUserInRole(Roles.InternalAdmin); return(manageUserData); }
public async void GetUserDataHandler_WithNonInternalUser_ThrowSecurityException(AuthorizationBuilder.UserType userType) { // Arrange IGetManageUserDataAccess dataAccess = A.Fake <IGetManageUserDataAccess>(); A.CallTo(() => dataAccess.GetCompetentAuthorityUser(Guid.NewGuid())).Returns(new ManageUserData()); A.CallTo(() => dataAccess.GetOrganisationUser(Guid.NewGuid())).Returns(new ManageUserData()); IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType); GetUserDataHandler handler = new GetUserDataHandler(userContext, authorization, dataAccess); GetUserData request = new GetUserData(Guid.NewGuid()); // Act Func <Task <ManageUserData> > action = () => handler.HandleAsync(request); // Assert await Assert.ThrowsAsync <SecurityException>(action); }
private IGetManageUserDataAccess CreateFakeDataAccess() { IGetManageUserDataAccess dataAccess = A.Fake <IGetManageUserDataAccess>(); ManageUserData manageUserData = new ManageUserData { UserStatus = UserStatus.Active, OrganisationId = Guid.NewGuid(), Id = orgUserId, UserId = Guid.NewGuid().ToString(), Email = "*****@*****.**", FirstName = "Test", LastName = "Test", OrganisationName = "Test ltd.", IsCompetentAuthorityUser = false }; A.CallTo(() => dataAccess.GetOrganisationUser(orgUserId)).Returns(manageUserData); A.CallTo(() => dataAccess.GetCompetentAuthorityUser(orgUserId)).Returns(new ManageUserData()); return(dataAccess); }