public void ShouldSuccessfullyGetUserIdInUserObject() { _controller.ControllerContext.RequestContext.Principal = new GenericPrincipal(new GenericIdentity("foo", "bar"), new[] { "user" }); _userResource.Setup(a => a.GetByUserName(It.IsAny<string>())).Returns(new User { Id = 1 }); _httpActionContext.ActionArguments.Add("dummy", new User { Id = 1 }); var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object }; Assert.DoesNotThrow(() => attribute.OnActionExecuting(_httpActionContext)); }
public void ShouldThrowWhenFailedToFetchUser() { _httpActionContext.ActionArguments.Add("dummy", new DummyObject { User = new User { Id = 1 } }); _controller.ControllerContext.RequestContext.Principal = new GenericPrincipal(new GenericIdentity("foo", "bar"), new[] { "user" }); _userResource.Setup(a => a.GetByUserName(It.IsAny<string>())).Returns((User)null); var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object }; var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext)); Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode); }
public void ShouldThrowWhenIdInUserPropertyIsZeroInParameter() { _httpActionContext.ActionArguments.Add("dummy", new DummyObject { User = new User { Id = 0 } }); var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object }; var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext)); Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode); }
public void ShouldThrowWhenNameIsEmptyInPrincipal() { _httpActionContext.ActionArguments.Add("dummy", new DummyObject { User = new User { Id = 1 } }); _controller.ControllerContext.RequestContext.Principal = new GenericPrincipal(new GenericIdentity("", ""), null); var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object }; var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext)); Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode); }
public void ShouldThrowWhenNoParameterIsUsed() { var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object }; var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext)); Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode); }