public async Task UpdateApprovalStatusForAllocationLine_WhenUserDoesHavePublishFundingPermission_ThenActionAllowed() { // Arrange string specificationId = "abc123"; PublishedAllocationLineResultStatusUpdateViewModel model = new PublishedAllocationLineResultStatusUpdateViewModel { Status = AllocationLineStatusViewModel.Published, Providers = new List <PublishedAllocationLineResultStatusUpdateProviderViewModel>() }; IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>(); authorizationHelper .DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanPublishFunding)) .Returns(true); IResultsApiClient resultsClient = CreateResultsClient(); resultsClient .UpdatePublishedAllocationLineStatusByBatch(Arg.Is(specificationId), Arg.Any <PublishedAllocationLineResultStatusUpdateModel>()) .Returns(new ValidatedApiResponse <PublishedAllocationLineResultStatusUpdateResponseModel>(HttpStatusCode.OK, new PublishedAllocationLineResultStatusUpdateResponseModel())); ApprovalController controller = CreateApprovalController(resultsClient: resultsClient, authorizationHelper: authorizationHelper); // Act IActionResult result = await controller.UpdateApprovalStatusForAllocationLine(specificationId, model); // Assert result.Should().BeOfType <OkResult>(); }
public async Task UpdateApprovalStatusForAllocationLine_ThenCallEndpointToScheduleJob() { // Arrange string specificationId = "abc123"; PublishedAllocationLineResultStatusUpdateViewModel model = new PublishedAllocationLineResultStatusUpdateViewModel { Status = AllocationLineStatusViewModel.Approved, Providers = new List <PublishedAllocationLineResultStatusUpdateProviderViewModel>() }; IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>(); authorizationHelper .DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveFunding)) .Returns(true); IResultsApiClient resultsClient = CreateResultsClient(); ApprovalController controller = CreateApprovalController(resultsClient: resultsClient, authorizationHelper: authorizationHelper); // Act IActionResult result = await controller.UpdateApprovalStatusForAllocationLine(specificationId, model); // Assert result.Should().BeOfType <OkResult>(); await resultsClient .Received(1) .UpdatePublishedAllocationLineStatus(Arg.Is(specificationId), Arg.Any <PublishedAllocationLineResultStatusUpdateModel>()); }
public async Task UpdateApprovalStatusForAllocationLine_WhenUserDoesNotHaveApproveFundingPermission_ThenReturn403() { // Arrange string specificationId = "abc123"; PublishedAllocationLineResultStatusUpdateViewModel model = new PublishedAllocationLineResultStatusUpdateViewModel { Status = AllocationLineStatusViewModel.Approved }; IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>(); authorizationHelper .DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveFunding)) .Returns(false); ApprovalController controller = CreateApprovalController(authorizationHelper: authorizationHelper); // Act IActionResult result = await controller.UpdateApprovalStatusForAllocationLine(specificationId, model); // Assert result.Should().BeOfType <ForbidResult>(); }
public async Task <IActionResult> UpdateApprovalStatusForAllocationLine([FromRoute] string specificationId, [FromBody] PublishedAllocationLineResultStatusUpdateViewModel allocationLines) { Guard.ArgumentNotNull(allocationLines, nameof(allocationLines)); if (allocationLines.Status != AllocationLineStatusViewModel.Approved && allocationLines.Status != AllocationLineStatusViewModel.Published) { ModelState.AddModelError(nameof(allocationLines.Status), "The status provided is not a valid destination status"); } SpecificationActionTypes permissionRequired = allocationLines.Status == AllocationLineStatusViewModel.Approved ? SpecificationActionTypes.CanApproveFunding : SpecificationActionTypes.CanPublishFunding; if (!await _authorizationHelper.DoesUserHavePermission(User, specificationId, permissionRequired)) { return(new ForbidResult()); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } PublishedAllocationLineResultStatusUpdateModel updateModel = new PublishedAllocationLineResultStatusUpdateModel() { Status = _mapper.Map <AllocationLineStatus>(allocationLines.Status), }; Dictionary <string, PublishedAllocationLineResultStatusUpdateProviderModel> updateProviders = new Dictionary <string, PublishedAllocationLineResultStatusUpdateProviderModel>(); foreach (PublishedAllocationLineResultStatusUpdateProviderViewModel updateItem in allocationLines.Providers) { PublishedAllocationLineResultStatusUpdateProviderModel providerUpdateModel = null; if (!updateProviders.ContainsKey(updateItem.ProviderId)) { providerUpdateModel = new PublishedAllocationLineResultStatusUpdateProviderModel() { ProviderId = updateItem.ProviderId, }; updateProviders.Add(updateItem.ProviderId, providerUpdateModel); updateModel.AddProvider(providerUpdateModel); } else { providerUpdateModel = updateProviders[updateItem.ProviderId]; } providerUpdateModel.AddAllocationLine(updateItem.AllocationLineId); } await _resultsClient.UpdatePublishedAllocationLineStatus(specificationId, updateModel); return(Ok()); }