public static async Task OnAuthorizationAsync_UserHasSamePrimaryOrganisationId_ReturnsExpectedValue(
[Frozen] ApplicationDbContext dbContext,
[Frozen] CallOffId callOffId,
Order order,
OrderLookupOrganisationAuthorizationFilter filter)
{
dbContext.Order.Add(order);
await dbContext.SaveChangesAsync();
const string parameterName = OrderLookupOrganisationAuthorizationFilter.DefaultParameterName;
var user = ClaimsPrincipalBuilder.Create()
.WithClaim(ApplicationClaimTypes.Ordering)
.WithClaim(UserClaimTypes.PrimaryOrganisationId, order.OrderingParty.Id.ToString())
.Build();
var actionDescriptor = new ActionDescriptor
{
EndpointMetadata = new object[] { new AuthorizeOrganisationAttribute() },
Parameters = new[] { new ParameterDescriptor {
Name = parameterName
} },
};
var context = AuthorizationFilterContextBuilder.Create()
.WithActionDescription(actionDescriptor)
.WithRouteValue(parameterName, callOffId.ToString())
.WithUser(user)
.Build();
await filter.OnAuthorizationAsync(context);
context.Result.Should().BeNull();
}
public static async Task OnAuthorizationAsync_InvalidCallOffId_ReturnsExpectedValue(
OrderLookupOrganisationAuthorizationFilter filter)
{
const string parameterName = OrderLookupOrganisationAuthorizationFilter.DefaultParameterName;
var user = ClaimsPrincipalBuilder.Create()
.WithClaim(ApplicationClaimTypes.Ordering)
.WithClaim(UserClaimTypes.PrimaryOrganisationId)
.Build();
var actionDescriptor = new ActionDescriptor
{
EndpointMetadata = new object[] { new AuthorizeOrganisationAttribute() },
Parameters = new[] { new ParameterDescriptor {
Name = parameterName
} },
};
var context = AuthorizationFilterContextBuilder.Create()
.WithActionDescription(actionDescriptor)
.WithRouteValue(parameterName, "InvalidOrderId")
.WithUser(user)
.Build();
await filter.OnAuthorizationAsync(context);
context.Result.Should().NotBeNull();
context.Result.Should().BeOfType <NotFoundResult>();
}
