public async Task <int> HandleAsync(UpdateOrganisationUserStatus query)
{
var organisationUser = await dataAccess.GetOrganisationUser(query.OrganisationUserId);
if (organisationUser == null)
{
throw new Exception(string.Format("No organisation user was found with ID \"{0}\".", query.OrganisationUserId));
}
authorization.EnsureInternalOrOrganisationAccess(organisationUser.OrganisationId);
if (userContext != null && userContext.UserId.ToString() == organisationUser.UserId)
{
throw new InvalidOperationException(string.Format("Error for user with Id '{0}': Users cannot change their own status", userContext.UserId));
}
return(await dataAccess.ChangeOrganisationUserStatus(organisationUser, query.UserStatus));
}
public async Task OrganisationUserExists_AndIsNotCurrentUser_ShouldVerifyAuthorization_BeforeChangingOrgansiationUserStatus(UserStatus userStatus)
{
var userId = Guid.NewGuid();
var organisationId = Guid.NewGuid();
var organisationUserId = Guid.NewGuid();
var organisationUser = OrganisationUser(userStatus, organisationId, Guid.NewGuid());
A.CallTo(() => userContext.UserId)
.Returns(userId);
A.CallTo(() => dataAccess.GetOrganisationUser(organisationUserId))
.Returns(organisationUser);
await
UpdateOrganisationUserStatusHandler()
.HandleAsync(new UpdateOrganisationUserStatus(organisationUserId, userStatus));
A.CallTo(() => weeeAuthorization.EnsureInternalOrOrganisationAccess(A <Guid> ._))
.MustHaveHappened(Repeated.Exactly.Once)
.Then(
A.CallTo(() => dataAccess.ChangeOrganisationUserStatus(organisationUser, userStatus))
.MustHaveHappened(Repeated.Exactly.Once));
}
