public void GetCustomer()
{
var mockData = Utils.CreateAdminAndUser();
mockData.Customers = new List <Customer>
{
new Customer {
code = "c1", address6 = ""
},
new Customer {
code = "c2", invoice_customer = "c3"
},
new Customer {
code = "c3"
}
};
mockData.Users.Add(new User
{
id = 3,
customer_code = "c3",
Roles = new List <Role>
{
new Role {
id = Role.BranchAdmin
}
}
});
mockData.Users.Add(new User
{
id = 4,
Roles = new List <Role>
{
new Role {
id = Role.User
}
},
isInternal = true
});
unitOfWork.Data = mockData;
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "1");
var customer = controller.GetCustomer("c1 ");
Assert.IsNotNull(customer);
customer = controller.GetCustomer("c4");
Assert.IsNull(customer);
//User can get only its customer
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2");
var regularUser = mockData.Users[1];
var branchAdmin = mockData.Users[2];
customer = controller.GetCustomer(
mockData.Users.FirstOrDefault(u => u.customer_code != regularUser.customer_code)?.customer_code);
Assert.IsNull(customer);
customer = controller.GetCustomer(regularUser.customer_code);
Assert.IsNotNull(customer);
//Check if admin can reach any customer
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "1");
Assert.IsTrue(mockData.Customers.All(c => controller.GetCustomer(c.code) != null));
//Branch admin should get customer 2 and 3
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "3");
Assert.IsNotNull(controller.GetCustomer(branchAdmin.customer_code));
Assert.IsNotNull(controller.GetCustomer(regularUser.customer_code));
Assert.IsNull(controller.GetCustomer(mockData.Users[0].customer_code));
//Internal user can get any customer like admin
controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "4");
Assert.IsTrue(mockData.Customers.All(c => controller.GetCustomer(c.code) != null));
}
