public async Task UpdateMembership_ShouldReturnForbiddenResult_WhenCurrentUserIsNotAdmin()
{
// Arrange
const int membershipId = 1;
UpdateMembershipBody body = new UpdateMembershipBody {
IsAdmin = true
};
Mock <IMediator> mediatorMock = new Mock <IMediator>();
mediatorMock
.Setup(m => m.Send(It.IsAny <MembershipExistsQuery>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(true);
mediatorMock
.Setup(m => m.Send(It.IsAny <CanUpdateMembershipQuery>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(false);
GroupMembershipController controller = new GroupMembershipController(mediatorMock.Object, null);
// Act
ActionResult response = await controller.UpdateMembership(membershipId, body);
// Assert
ObjectResult result = Assert.IsType <ObjectResult>(response);
ErrorResource error = Assert.IsType <ErrorResource>(result.Value);
Assert.NotNull(error);
Assert.Equal(StatusCodes.Status403Forbidden, error.StatusCode);
}
public async Task UpdateMembership_ShouldReturnBadRequestResult_WhenModelValidationFails()
{
// Arrange
const int membershipId = -3;
UpdateMembershipBody body = new UpdateMembershipBody();
GroupMembershipController controller = new GroupMembershipController(null, null);
controller.ModelState.AddModelError("", "");
// Act
ActionResult response = await controller.UpdateMembership(membershipId, body);
// Assert
Assert.IsType <BadRequestObjectResult>(response);
}
public async Task UpdateMembership_ShouldUpdateMembership()
{
// Arrange
const int membershipId = 1;
UpdateMembershipBody body = new UpdateMembershipBody {
IsAdmin = true
};
Mock <IMediator> mediatorMock = new Mock <IMediator>();
mediatorMock
.Setup(m => m.Send(It.IsAny <MembershipExistsQuery>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(true);
mediatorMock
.Setup(m => m.Send(It.IsAny <CanUpdateMembershipQuery>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(true);
UpdateMembershipCommand passedUpdateCommand = null;
mediatorMock
.Setup(m => m.Send(It.IsAny <UpdateMembershipCommand>(), It.IsAny <CancellationToken>()))
.Callback <IRequest <Unit>, CancellationToken>((c, _) => passedUpdateCommand = (UpdateMembershipCommand)c)
.ReturnsAsync(Unit.Value);
GroupMembershipController controller = new GroupMembershipController(mediatorMock.Object, null);
// Act
ActionResult response = await controller.UpdateMembership(membershipId, body);
// Assert
Assert.IsType <NoContentResult>(response);
mediatorMock.Verify(m => m.Send(It.IsAny <UpdateMembershipCommand>(), It.IsAny <CancellationToken>()), Times.Once);
Assert.NotNull(passedUpdateCommand);
Assert.Equal(membershipId, passedUpdateCommand.GroupMembershipId);
Assert.Equal(body.IsAdmin, passedUpdateCommand.IsAdmin);
}
public async Task <ActionResult> UpdateMembership([FromRoute] int membershipId, [FromBody] UpdateMembershipBody body, CancellationToken cancellationToken = default)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
// Check if membership exists
MembershipExistsQuery existsQuery = new MembershipExistsQuery {
GroupMembershipId = membershipId
};
bool exists = await _mediator.Send(existsQuery, cancellationToken);
if (!exists)
{
return(NotFound(new ErrorResource
{
StatusCode = StatusCodes.Status404NotFound,
Message = $"Membership with ID '{membershipId}' does not exist"
}));
}
// Check if the user wants to update himself
IsOwnMembershipQuery isOwnMembershipQuery = new IsOwnMembershipQuery {
GroupMembershipId = membershipId
};
bool isOwnMembership = await _mediator.Send(isOwnMembershipQuery, cancellationToken);
if (isOwnMembership)
{
return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource
{
StatusCode = StatusCodes.Status403Forbidden,
Message = "Cannot update your own membership"
}));
}
// Check if the current user is allowed to update the membership
CanUpdateMembershipQuery canUpdateQuery = new CanUpdateMembershipQuery {
GroupMembershipIdToUpdate = membershipId
};
bool canUpdate = await _mediator.Send(canUpdateQuery, cancellationToken);
if (!canUpdate)
{
return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource
{
StatusCode = StatusCodes.Status403Forbidden,
Message = "You are not permitted to mutate users in this group. This privilege is only granted to administrators of the group"
}));
}
// Update membership
UpdateMembershipCommand updateCommand = new UpdateMembershipCommand
{
GroupMembershipId = membershipId,
IsAdmin = body.IsAdmin != null && (bool)body.IsAdmin
};
await _mediator.Send(updateCommand, cancellationToken);
return(NoContent());
}