public async Task <ActionResult> DeleteMembership([FromRoute] int membershipId, CancellationToken cancellationToken = default)
{
// Check if the membership exists
MembershipExistsQuery existsQuery = new MembershipExistsQuery {
GroupMembershipId = membershipId
};
bool exists = await _mediator.Send(existsQuery, cancellationToken);
if (!exists)
{
return(NotFound(new ErrorResource
{
StatusCode = StatusCodes.Status404NotFound,
Message = $"Membership with ID '{membershipId}' does not exist"
}));
}
// Check if the user is permitted to delete
CanDeleteMembershipQuery canDeleteQuery = new CanDeleteMembershipQuery {
GroupMembershipIdToDelete = membershipId
};
bool canDelete = await _mediator.Send(canDeleteQuery, cancellationToken);
if (!canDelete)
{
return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource
{
StatusCode = StatusCodes.Status403Forbidden,
Message = "You are not permitted to delete users from this group. This privilege is only granted to administrators of the group"
}));
}
// Delete the membership
DeleteMembershipCommand deleteCommand = new DeleteMembershipCommand {
GroupMembershipId = membershipId
};
await _mediator.Send(deleteCommand, cancellationToken);
return(NoContent());
}
public async Task CanDeleteMembershipQueryHandler_ShouldReturnFalse_WhenUserIsNotPermitted()
{
// Arrange
CanDeleteMembershipQuery request = new CanDeleteMembershipQuery
{
GroupMembershipIdToDelete = 1
};
_unitOfWorkMock
.Setup(m => m.GroupMemberships.CanDeleteMembership(1, request.GroupMembershipIdToDelete, It.IsAny <CancellationToken>()))
.ReturnsAsync(false);
CanDeleteMembershipQuery.Handler handler = new CanDeleteMembershipQuery.Handler(_unitOfWorkMock.Object, _userProviderMock.Object);
// Act
bool canDelete = await handler.Handle(request);
// Assert
Assert.False(canDelete);
}