public void DRating_WhenAskedForKey_ReturnsEmail_ID()
{
//Arrange: An instruction with a unique key is constructed.
DRating instruction = new DRating { Rating_ID = -1 };
//Act: the key is retrieved.
int key = instruction.key;
//Assert: the key is the same as the friended user's ID.
Assert.AreEqual(key, instruction.Rating_ID);
}
public void DRatingWithSqlMembers_WhenScrubbed_BecomesSafe()
{
//Arrange: An instruction with malicious html and sql members is constructed.
string malicious = "1');DELETE TABLE dbo.example;--";
DRating instruction = new DRating{
Reasons = malicious
};
//Act: The friended user is scrubbed.
instruction.Scrub();
//Assert: The friended user has no html in its members.
Assert.AreNotEqual(malicious, instruction.Reasons);
}
public void DRatingWithHtmlMembers_WhenScrubbed_BecomesSafe()
{
//Arrange: An instruction with malicious sql members is constructed.
string malicious = "<div></div>";
DRating instruction = new DRating{
Reasons = malicious
};
//Act: The friended user is scrubbed.
instruction.Scrub();
//Assert: The friended user has no html in its members.
Assert.AreNotEqual(malicious, instruction.Reasons);
}
public IEnumerable<DDrink> Rating_Update(DRating updating, string username)
{
IDataRepository<DDrink> drinks =
RepositoryFactory.Instance.Construct<DDrink>(username);
IDataRepository<DRating> ratings;
if((ratings = drinks.FirstOrDefault(x => x.Drink_ID == updating.Drink_ID)
.ratings as IDataRepository<DRating>) != null){
//Drink for the rating belongs to the given user, may proceed.
ratings.Update(updating);
}
return drinks;
}
public ActionResult Rating_Update(DRating updating)
{
return View("Index");
}
public ActionResult Rating_Delete(DRating deleting)
{
return View("Index");
}
public ActionResult Rating_Create(DRating creating)
{
return View("Index");
}