public async Task CreateDraftTemplate_FailsIfUserWithoutPermissionsToCreateTemplates() { ITemplateBuilderApiClient apiClient = Substitute.For <ITemplateBuilderApiClient>(); TemplateCreateModel model = new TemplateCreateModel { Description = "Test Description", FundingStreamId = "TEST", FundingPeriodId = "TEST" }; string templateId = Guid.NewGuid().ToString(); apiClient .CreateDraftTemplate(Arg.Any <TemplateCreateCommand>()) .Returns(new ValidatedApiResponse <string>(HttpStatusCode.Created, templateId)); var authHelper = Substitute.For <IAuthorizationHelper>(); authHelper.GetUserFundingStreamPermissions(Arg.Any <ClaimsPrincipal>(), Arg.Is(model.FundingStreamId)) .Returns(new FundingStreamPermission { CanCreateTemplates = false, FundingStreamId = model.FundingStreamId }); TemplateBuildController controller = new TemplateBuildController(apiClient, authHelper, Substitute.For <ILogger>()); IActionResult result = await controller.CreateDraftTemplate(model); result .Should() .BeAssignableTo <ForbidResult>(); apiClient.Received(0); }
public async Task CreateDraftTemplate_ReturnsCorrectResult() { ITemplateBuilderApiClient apiClient = Substitute.For <ITemplateBuilderApiClient>(); TemplateCreateModel model = new TemplateCreateModel { Description = "Test Description", FundingStreamId = "TEST", FundingPeriodId = "TEST" }; string templateId = Guid.NewGuid().ToString(); apiClient .CreateDraftTemplate(Arg.Any <TemplateCreateCommand>()) .Returns(new ValidatedApiResponse <string>(HttpStatusCode.Created, templateId)); var authHelper = Substitute.For <IAuthorizationHelper>(); authHelper.GetUserFundingStreamPermissions(Arg.Any <ClaimsPrincipal>(), Arg.Is(model.FundingStreamId)) .Returns(new FundingStreamPermission { CanCreateTemplates = true, FundingStreamId = model.FundingStreamId }); TemplateBuildController controller = new TemplateBuildController(apiClient, authHelper, Substitute.For <ILogger>()); IActionResult result = await controller.CreateDraftTemplate(model); result .Should() .BeAssignableTo <CreatedResult>(); string resultId = (result as CreatedResult)?.Value as string; resultId .Should() .Be(templateId); string resultLocation = (result as CreatedResult)?.Location; resultLocation .Should() .Be($"api/templates/build/{templateId}"); }
public async Task <IActionResult> CreateDraftTemplate([FromBody] TemplateCreateModel createModel) { Guard.ArgumentNotNull(createModel, nameof(createModel)); if (!ModelState.IsValid) { return(BadRequest(ModelState)); } FundingStreamPermission permissions = await _authorizationHelper.GetUserFundingStreamPermissions(User, createModel.FundingStreamId); if (!permissions.CanCreateTemplates) { _logger.Error($"User [{User?.Identity?.Name}] has insufficient permissions to create a {createModel.FundingStreamId} template"); return(Forbid(new AuthenticationProperties())); } ValidatedApiResponse <string> result = await _client.CreateDraftTemplate(new TemplateCreateCommand { Description = createModel.Description, FundingStreamId = createModel.FundingStreamId, FundingPeriodId = createModel.FundingPeriodId, SchemaVersion = "1.1" }); switch (result.StatusCode) { case HttpStatusCode.Created: return(Created($"api/templates/build/{result.Content}", result.Content)); case HttpStatusCode.BadRequest: return(BadRequest(result.ModelState)); default: return(StatusCode((int)result.StatusCode)); } }