//[Fact] public async System.Threading.Tasks.Task UserCantAccessAnotherUsersShareholders() { // verify (before we log in) that we are not logged in await GetCurrentUserIsUnauthorized(); // register as a new user (creates an account and contact) var loginUser1 = randomNewUserName("NewSecUser1", 6); var businessName1 = randomNewUserName(loginUser1, 6); var strId1 = await LoginAndRegisterAsNewUser(loginUser1, businessName1); // verify the current user represents our new user ViewModels.User user1 = await GetCurrentUser(); Assert.Equal(user1.name, loginUser1 + " TestUser"); Assert.Equal(user1.businessname, businessName1 + " TestBusiness"); // fetch our current account ViewModels.Account account1 = await GetAccountForCurrentUser(); ViewModels.AdoxioLegalEntity legalEntity1 = await SecurityHelper.GetLegalEntityRecordForCurrent(_client); Assert.Equal(user1.accountid, account1.id); // *** create some shareholders and directors ViewModels.AdoxioLegalEntity dos1 = await SecurityHelper.CreateDirectorOrShareholder(_client, user1, legalEntity1.id, true, false, false); Assert.NotNull(dos1); ViewModels.AdoxioLegalEntity dos2 = await SecurityHelper.CreateDirectorOrShareholder(_client, user1, legalEntity1.id, false, true, false); Assert.NotNull(dos2); ViewModels.AdoxioLegalEntity dos3 = await SecurityHelper.CreateDirectorOrShareholder(_client, user1, legalEntity1.id, false, false, true); Assert.NotNull(dos3); List <ViewModels.AdoxioLegalEntity> dos1s = await SecurityHelper.GetLegalEntitiesByPosition(_client, legalEntity1.id, "director-officer-shareholder", true); Assert.NotNull(dos1s); Assert.Equal(3, dos1s.Count); // *** // logout and verify we are logged out await Logout(); await GetCurrentUserIsUnauthorized(); // register and login as a second user var loginUser2 = randomNewUserName("NewSecUser2", 6); var businessName2 = randomNewUserName(loginUser2, 6); var strId2 = await LoginAndRegisterAsNewUser(loginUser2, businessName2); ViewModels.User user2 = await GetCurrentUser(); Assert.Equal(user2.name, loginUser2 + " TestUser"); Assert.Equal(user2.businessname, businessName2 + " TestBusiness"); ViewModels.Account account2 = await GetAccountForCurrentUser(); Assert.NotEqual(account1.id, account2.id); Assert.Equal(user2.accountid, account2.id); // *** as user 2, try to access shareholders of account 1 var tmp = await SecurityHelper.GetLegalEntityRecord(_client, dos1.id, false); Assert.Null(tmp); tmp = await SecurityHelper.GetLegalEntityRecord(_client, dos2.id, false); Assert.Null(tmp); tmp = await SecurityHelper.GetLegalEntityRecord(_client, dos3.id, false); Assert.Null(tmp); List <ViewModels.AdoxioLegalEntity> dos2s = await SecurityHelper.GetLegalEntitiesByPosition(_client, legalEntity1.id, "director-officer-shareholder", false); Assert.Null(dos2s); // *** // logout and cleanup second test user await LogoutAndCleanupTestUser(strId2); await GetCurrentUserIsUnauthorized(); // login again as the same user as above ^^^ await Login(loginUser1, businessName1); user1 = await GetCurrentUser(); Assert.Equal(user1.name, loginUser1 + " TestUser"); Assert.Equal(user1.businessname, businessName1 + " TestBusiness"); account1 = await GetAccountForCurrentUser(); // *** cleanup shareholders records tmp = await SecurityHelper.GetLegalEntityRecord(_client, dos3.id, true); Assert.NotNull(tmp); await SecurityHelper.DeleteLegalEntityRecord(_client, dos3.id); tmp = await SecurityHelper.GetLegalEntityRecord(_client, dos2.id, true); Assert.NotNull(tmp); await SecurityHelper.DeleteLegalEntityRecord(_client, dos2.id); tmp = await SecurityHelper.GetLegalEntityRecord(_client, dos1.id, true); Assert.NotNull(tmp); await SecurityHelper.DeleteLegalEntityRecord(_client, dos1.id); // *** // logout and cleanup (deletes the account and contact created above ^^^) await LogoutAndCleanupTestUser(strId1); await GetCurrentUserIsUnauthorized(); }