public void GetPrice() { var code = "code"; unitOfWork.Data = Utils.CreateAdminAndUser(); controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2"); var permissions = new List <Permission> { new Permission { id = (int)PermissionId.ViewStockSearch } }; cache.Set($"permissions_2", permissions, null); var customer_code = "c1"; var result = controller.getPrice(customer_code, code); Assert.IsInstanceOfType(result.Result, typeof(UnauthorizedResult)); unitOfWork.Data.Users.FirstOrDefault(u => u.id == 2).isInternal = true; result = controller.getPrice(customer_code, code); Assert.IsNotInstanceOfType(result, typeof(UnauthorizedResult)); Assert.IsTrue(apiClient.Parameters.ContainsKey("customer")); Assert.IsTrue(apiClient.Parameters.ContainsKey("product")); Assert.IsInstanceOfType((result.Result as OkNegotiatedContentResult <Task <object> >)?.Content?.Result, typeof(ProductPrices)); //Branch admin unitOfWork.Data = Utils.CreateAdminAndUser(); apiClient.Data.Orders = new List <Order>(); unitOfWork.Data.Customers = new List <Customer> { new Customer { code = "c1" }, new Customer { code = "c2", invoice_customer = "c3" }, new Customer { code = "c3" } }; controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "3"); cache.Set($"permissions_3", permissions, null); unitOfWork.Data.Users.Add(new User { id = 3, Roles = new List <Role> { new Role { id = Role.BranchAdmin } }, customer_code = "c3" }); var res = controller.getPrice("c3", code).Result; Assert.IsNotNull(res); Assert.AreEqual("c3", apiClient.Parameters["customer"]); res = controller.getPrice("c2", code).Result; Assert.IsNotNull(res); Assert.IsNotInstanceOfType(res, typeof(UnauthorizedResult)); Assert.AreEqual("c2", apiClient.Parameters["customer"]); res = controller.getPrice("c1", code).Result; Assert.IsNotNull(res); Assert.IsInstanceOfType(res, typeof(UnauthorizedResult)); //user permissions cache.Remove("permissions_2"); controller.Request.Headers.Authorization = new AuthenticationHeaderValue("jwt", "2"); res = controller.getPrice("c2", code).Result; Assert.IsNotNull(res); Assert.IsInstanceOfType(res, typeof(UnauthorizedResult)); }