public void CanEditSnippet() { Snippet sn = new Snippet { Id = 1, Title = "T1", Content = "C1", UserId = 1 }; Mock<ISnippetRepository> repo = new Mock<ISnippetRepository>(); repo.Setup(m => m.GetById(It.Is<long>(x => x == 1))).Returns(sn); var snippet = new Snippet(); repo.Setup(m => m.Update(It.Is<Snippet>(x => x.Id == 1))).Callback<Snippet>(x => { sn.Id = x.Id; sn.Title = x.Title; sn.Content = x.Content; }); Mock<IWebSecurity> webSec = new Mock<IWebSecurity>(); webSec.Setup(x => x.CurrentUserId).Returns(1); EditVM vm = new EditVM { Id = 1, Title = "TT1", Content = "CC1", }; var controller = new HomeController(repo.Object, webSec.Object); var result = controller.Edit(vm) as RedirectResult; Assert.AreEqual("TT1", sn.Title); Assert.AreEqual("CC1", sn.Content); }
public ActionResult Edit(long id) { var snippet = this.snippetRepo.GetById(id); if (snippet == null) { return HttpNotFound("Snippet with id " + id + " was not found"); } int? userId = snippet.UserId; if (userId == null || userId != webSecurity.CurrentUserId) { return new HttpUnauthorizedResult("User is performing unautorized action"); } var vm = new EditVM { Id = snippet.Id, Title = snippet.Title, Content = snippet.Content }; return View(vm); }
public ActionResult Edit(EditVM snippet) { var dbSnippet = this.snippetRepo.GetById(snippet.Id); if (dbSnippet == null) { return HttpNotFound("Snippet with id " + snippet.Id + " was not found"); } int? userId = dbSnippet.UserId; if (userId == null || userId != webSecurity.CurrentUserId) { return new HttpUnauthorizedResult("User is performing unautorized action"); } if (ModelState.IsValid) { dbSnippet.Title = snippet.Title; dbSnippet.Content = snippet.Content; dbSnippet.DatePublished = DateTime.Now; this.snippetRepo.Update(dbSnippet); return RedirectToAction("Show", new { id = dbSnippet.Id }); } else { return View(); } }
public void UserCannotEditOtherUsersSnippets() { Snippet sn = new Snippet { Id = 1, Title = "T1", Content = "C1", UserId = 1 }; Mock<ISnippetRepository> repo = new Mock<ISnippetRepository>(); repo.Setup(m => m.GetById(It.Is<long>(x => x == 1))).Returns(sn); var snippet = new Snippet(); repo.Setup(m => m.Update(It.Is<Snippet>(x => x.Id == 1))).Callback<Snippet>(x => { sn.Id = x.Id; sn.Title = x.Title; sn.Content = x.Content; }); Mock<IWebSecurity> webSec = new Mock<IWebSecurity>(); webSec.Setup(x => x.CurrentUserId).Returns(2); EditVM vm = new EditVM { Id = 1, Title = "TT1", Content = "CC1", }; var controller = new HomeController(repo.Object, webSec.Object); var result = controller.Edit(vm) as HttpUnauthorizedResult; Assert.IsNotNull(result); Assert.AreEqual(401, result.StatusCode); }