//[Fact] public async System.Threading.Tasks.Task UserCantAccessAnotherUsersAccount() { // verify (before we log in) that we are not logged in await GetCurrentUserIsUnauthorized(); // register as a new user (creates an account and contact) var loginUser1 = randomNewUserName("NewSecUser1", 6); var businessName1 = randomNewUserName(loginUser1, 6); var strId1 = await LoginAndRegisterAsNewUser(loginUser1, businessName1); // verify the current user represents our new user ViewModels.User user1 = await GetCurrentUser(); Assert.Equal(user1.name, loginUser1 + " TestUser"); Assert.Equal(user1.businessname, businessName1 + " TestBusiness"); // fetch our current account ViewModels.Account account1 = await GetAccountForCurrentUser(); ViewModels.AdoxioLegalEntity legalEntity1 = await SecurityHelper.GetLegalEntityRecordForCurrent(_client); Assert.Equal(user1.accountid, account1.id); // logout and verify we are logged out await Logout(); await GetCurrentUserIsUnauthorized(); // register and login as a second user var loginUser2 = randomNewUserName("NewSecUser2", 6); var businessName2 = randomNewUserName(loginUser2, 6); var strId2 = await LoginAndRegisterAsNewUser(loginUser2, businessName2); ViewModels.User user2 = await GetCurrentUser(); Assert.Equal(user2.name, loginUser2 + " TestUser"); Assert.Equal(user2.businessname, businessName2 + " TestBusiness"); ViewModels.Account account2 = await GetAccountForCurrentUser(); Assert.NotEqual(account1.id, account2.id); Assert.Equal(user2.accountid, account2.id); // *** as user 2, try to access account and legal entity of account 1 var secAccount = await SecurityHelper.GetAccountRecord(_client, account1.id, false); Assert.Null(secAccount); var secLegalEntity = await SecurityHelper.GetLegalEntityRecord(_client, legalEntity1.id, false); Assert.Null(secLegalEntity); secAccount = await SecurityHelper.UpdateAccountRecord(_client, account1.id, account1, false); Assert.Null(secAccount); // *** // logout and cleanup second test user await LogoutAndCleanupTestUser(strId2); await GetCurrentUserIsUnauthorized(); // login again as the same user as above ^^^ await Login(loginUser1, businessName1); user1 = await GetCurrentUser(); Assert.Equal(user1.name, loginUser1 + " TestUser"); Assert.Equal(user1.businessname, businessName1 + " TestBusiness"); account1 = await GetAccountForCurrentUser(); // logout and cleanup (deletes the account and contact created above ^^^) await LogoutAndCleanupTestUser(strId1); await GetCurrentUserIsUnauthorized(); }