public async void GetUserDataHandler_RequestingUserData_ReturnsCorrectUser() { // Arrange IGetManageUserDataAccess dataAccess = CreateFakeDataAccess(); IWeeeAuthorization authorization = AuthorizationBuilder.CreateUserWithAllRights(); GetUserDataHandler handler = new GetUserDataHandler(userContext, authorization, dataAccess); GetUserData request = new GetUserData(orgUserId); // Act var response = await handler.HandleAsync(request); // Assert Assert.NotNull(response); Assert.Equal(response.Email, "*****@*****.**"); Assert.Equal(response.OrganisationName, "Test ltd."); }
public async void GetUserDataHandler_WithNonInternalUser_ThrowSecurityException(AuthorizationBuilder.UserType userType) { // Arrange IGetManageUserDataAccess dataAccess = A.Fake<IGetManageUserDataAccess>(); A.CallTo(() => dataAccess.GetCompetentAuthorityUser(Guid.NewGuid())).Returns(new ManageUserData()); A.CallTo(() => dataAccess.GetOrganisationUser(Guid.NewGuid())).Returns(new ManageUserData()); IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType); GetUserDataHandler handler = new GetUserDataHandler(userContext, authorization, dataAccess); GetUserData request = new GetUserData(Guid.NewGuid()); // Act Func<Task<ManageUserData>> action = () => handler.HandleAsync(request); // Assert await Assert.ThrowsAsync<SecurityException>(action); }
public async Task GetUserDataHandler_ReturnsFalseForCanEditUser_WhenCurrentUserIsNotInternalAdmin() { // Arrange var dataAccess = A.Dummy <IGetManageUserDataAccess>(); var userContext = A.Dummy <IUserContext>(); var authorization = new AuthorizationBuilder() .AllowInternalAreaAccess() .DenyRole(Roles.InternalAdmin) .Build(); var handler = new GetUserDataHandler(userContext, authorization, dataAccess); // Act var result = await handler.HandleAsync(A.Dummy <GetUserData>()); // Assert Assert.False(result.CanEditUser); }
public async void GetUserDataHandler_WithNonInternalUser_ThrowSecurityException(AuthorizationBuilder.UserType userType) { // Arrange IGetManageUserDataAccess dataAccess = A.Fake <IGetManageUserDataAccess>(); A.CallTo(() => dataAccess.GetCompetentAuthorityUser(Guid.NewGuid())).Returns(new ManageUserData()); A.CallTo(() => dataAccess.GetOrganisationUser(Guid.NewGuid())).Returns(new ManageUserData()); IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType); GetUserDataHandler handler = new GetUserDataHandler(userContext, authorization, dataAccess); GetUserData request = new GetUserData(Guid.NewGuid()); // Act Func <Task <ManageUserData> > action = () => handler.HandleAsync(request); // Assert await Assert.ThrowsAsync <SecurityException>(action); }
public async Task GetUserDataHandler_ReturnsFalseForCanEditUser_WhenCurrentUserIsNotInternalAdmin() { // Arrange var dataAccess = A.Dummy<IGetManageUserDataAccess>(); var userContext = A.Dummy<IUserContext>(); var authorization = new AuthorizationBuilder() .AllowInternalAreaAccess() .DenyRole(Roles.InternalAdmin) .Build(); var handler = new GetUserDataHandler(userContext, authorization, dataAccess); // Act var result = await handler.HandleAsync(A.Dummy<GetUserData>()); // Assert Assert.False(result.CanEditUser); }