private async Task <object> ResolvePaymentsConnectionAsync(IMediator mediator, IResolveConnectionContext <object> context) { var first = context.First; var skip = Convert.ToInt32(context.After ?? 0.ToString()); var request = new SearchPaymentsQuery { Skip = skip, Take = first ?? context.PageSize ?? 10, Filter = context.GetArgument <string>("filter"), Sort = context.GetArgument <string>("sort"), CultureName = context.GetArgument <string>(nameof(Currency.CultureName).ToCamelCase()), CustomerId = context.GetArgumentOrValue <string>("userId") }; var authorizationResult = await _authorizationService.AuthorizeAsync(context.GetCurrentPrincipal(), request, new CanAccessOrderAuthorizationRequirement()); if (!authorizationResult.Succeeded) { throw new ExecutionError($"Access denied"); } context.UserContext.Add(nameof(Currency.CultureName).ToCamelCase(), request.CultureName); var response = await mediator.Send(request); foreach (var payment in response.Results) { context.SetExpandedObjectGraph(payment); } var allCurrencies = await _currencyService.GetAllCurrenciesAsync(); //Store all currencies in the user context for future resolve in the schema types context.SetCurrencies(allCurrencies, request.CultureName); return(new PagedConnection <PaymentIn>(response.Results, skip, Convert.ToInt32(context.After ?? 0.ToString()), response.TotalCount)); }
public async Task CanAccessOrderAuthorizationHandler_SearchPaymentsWithoutAuth_ShouldFail(SearchPaymentsQuery query) { //Arrange var requirements = new[] { new CanAccessOrderAuthorizationRequirement() }; var user = new ClaimsPrincipal(new ClaimsIdentity()); var context = new AuthorizationHandlerContext(requirements, user, query); var subject = new CanAccessOrderAuthorizationHandler(); //Act await subject.HandleAsync(context); //Assert context.HasFailed.Should().BeTrue(); }
public async Task CanAccessOrderAuthorizationHandler_SearchPaymentsBelongToUser_ShouldSucceed(SearchPaymentsQuery query) { //Arrange var requirements = new[] { new CanAccessOrderAuthorizationRequirement() }; var userId = "userId"; var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("name", userId) })); var context = new AuthorizationHandlerContext(requirements, user, query); var subject = new CanAccessOrderAuthorizationHandler(); //Act await subject.HandleAsync(context); //Assert context.HasSucceeded.Should().BeTrue(); query.CustomerId.Should().Be("userId"); }