public void GetAuthorisedApplicationReviewAsync_ShouldAllowForEmployerAccountId(string applicationReviewEmployerAccountId,
string requestedEmployerAccountId, bool shouldAllow)
{
var applicationReviewId = Guid.NewGuid();
var client = new Mock <IRecruitVacancyClient>();
client.Setup(c => c.GetApplicationReviewAsync(applicationReviewId)).Returns(Task.FromResult(
new ApplicationReview
{
Id = applicationReviewId,
EmployerAccountId = applicationReviewEmployerAccountId,
VacancyReference = 1000000001
}));
var rm = new ApplicationReviewRouteModel
{
EmployerAccountId = requestedEmployerAccountId,
ApplicationReviewId = applicationReviewId
};
Func <Task <ApplicationReview> > act = () => Utility.GetAuthorisedApplicationReviewAsync(client.Object, rm);
if (shouldAllow)
{
var applicationReview = act().Result;
applicationReview.EmployerAccountId.Should().Be(requestedEmployerAccountId);
}
else
{
var ex = Assert.ThrowsAsync <AuthorisationException>(act);
ex.Result.Message.Should().Be($"The employer account 'ANOTHER EMPLOYER ACCOUNT ID' cannot access employer account 'EMPLOYER ACCOUNT ID' application '{applicationReviewId}' for vacancy '1000000001'.");
}
}
public async Task GetAuthorisedApplicationReviewAsync_ShouldAllowForProviderAssociatedUkprn()
{
const long requestedUkprn = 12345678;
var rm = new ApplicationReviewRouteModel
{
Ukprn = requestedUkprn,
ApplicationReviewId = _applicationReviewId,
VacancyId = _vacancyId
};
var applicationReview = await Utility.GetAuthorisedApplicationReviewAsync(_mockVacancyClient.Object, rm);
applicationReview.Should().NotBeNull();
}
public async Task GetAuthorisedApplicationReviewAsync_ShouldAllowForAssociatedEmployerAccountId()
{
const string requestedEmployerAccountId = "EMPLOYER ACCOUNT ID";
var rm = new ApplicationReviewRouteModel
{
EmployerAccountId = requestedEmployerAccountId,
ApplicationReviewId = _applicationReviewId,
VacancyId = _vacancyId
};
var applicationReview = await Utility.GetAuthorisedApplicationReviewAsync(_mockVacancyClient.Object, rm);
applicationReview.Should().NotBeNull();
}
public async Task <ApplicationReview> GetAuthorisedApplicationReviewAsync(ApplicationReviewRouteModel rm)
{
var applicationReview = _vacancyClient.GetApplicationReviewAsync(rm.ApplicationReviewId);
var vacancy = _vacancyClient.GetVacancyAsync(rm.VacancyId);
await Task.WhenAll(applicationReview, vacancy);
try
{
CheckAuthorisedAccess(vacancy.Result, rm.EmployerAccountId);
return(applicationReview.Result);
}
catch (Exception)
{
throw new AuthorisationException(string.Format(ExceptionMessages.ApplicationReviewUnauthorisedAccess, rm.EmployerAccountId,
vacancy.Result.EmployerAccountId, rm.ApplicationReviewId, vacancy.Result.Id));
}
}
public async Task GetAuthorisedApplicationReviewAsync_ShouldNotAllowForProviderUnassociatedUkprn()
{
const long requestedUkprn = 123456789;
var rm = new ApplicationReviewRouteModel
{
Ukprn = requestedUkprn,
ApplicationReviewId = _applicationReviewId,
VacancyId = _vacancyId
};
Func <Task <ApplicationReview> > act = () => Utility.GetAuthorisedApplicationReviewAsync(_mockVacancyClient.Object, rm);
var ex = await Assert.ThrowsAsync <AuthorisationException>(act);
ex.Message.Should().Be(
$"The provider account '{requestedUkprn}' cannot access provider account '{_applicationReviewUkprn}' " +
$"application '{rm.ApplicationReviewId}' for vacancy '{_vacancyId}'.");
}
public async Task GetAuthorisedApplicationReviewAsync_ShouldNotAllowForUnassociatedEmployerAccountId()
{
const string requestedEmployerAccountId = "WRONG EMPLOYER ACCOUNT ID";
var rm = new ApplicationReviewRouteModel
{
EmployerAccountId = requestedEmployerAccountId,
ApplicationReviewId = _applicationReviewId,
VacancyId = _vacancyId
};
Func <Task <ApplicationReview> > act = () => Utility.GetAuthorisedApplicationReviewAsync(_mockVacancyClient.Object, rm);
var ex = await Assert.ThrowsAsync <AuthorisationException>(act);
ex.Message.Should().Be($"The employer account '{requestedEmployerAccountId}' " +
$"cannot access employer account '{ApplicationReviewEmployerAccountId}' " +
$"application '{rm.ApplicationReviewId}' for " +
$"vacancy '{_vacancyId}'.");
}
public async Task <ApplicationReviewViewModel> GetApplicationReviewViewModelAsync(ApplicationReviewRouteModel rm)
{
var applicationReview = await Utility.GetAuthorisedApplicationReviewAsync(_vacancyClient, rm);
if (applicationReview.IsWithdrawn)
{
throw new ApplicationWithdrawnException($"Application has been withdrawn. ApplicationReviewId:{applicationReview.Id}", rm.VacancyId.Value);
}
return(applicationReview.ToViewModel());
}
public static async Task <ApplicationReview> GetAuthorisedApplicationReviewAsync(IRecruitVacancyClient vacancyClient, ApplicationReviewRouteModel rm)
{
var applicationReview = await vacancyClient.GetApplicationReviewAsync(rm.ApplicationReviewId);
var vacancy = await vacancyClient.GetVacancyAsync(rm.VacancyId.GetValueOrDefault());
try
{
CheckAuthorisedAccess(vacancy, rm.Ukprn);
return(applicationReview);
}
catch (Exception)
{
throw new AuthorisationException(string.Format(ExceptionMessages.ApplicationReviewUnauthorisedAccessForProvider, rm.Ukprn,
vacancy.TrainingProvider.Ukprn, rm.ApplicationReviewId, vacancy.Id));
}
}
public async Task <IActionResult> ApplicationReview(ApplicationReviewRouteModel rm)
{
var vm = await _orchestrator.GetApplicationReviewViewModelAsync(rm);
return(View(vm));
}
public static async Task <ApplicationReview> GetAuthorisedApplicationReviewAsync(IRecruitVacancyClient client, ApplicationReviewRouteModel rm)
{
var applicationReview = await client.GetApplicationReviewAsync(rm.ApplicationReviewId);
//TODO: this needs changing when we implement application review story
if (applicationReview.EmployerAccountId == rm.Ukprn.ToString()) // needs to be reviewed
{
return(applicationReview);
}
throw new AuthorisationException(string.Format(ExceptionMessages.ApplicationReviewUnauthorisedAccess, rm.Ukprn, applicationReview.EmployerAccountId, applicationReview.Id, applicationReview.VacancyReference)); // needs to be reviewed
}
public static async Task <ApplicationReview> GetAuthorisedApplicationReviewAsync(IRecruitVacancyClient client, ApplicationReviewRouteModel rm)
{
var applicationReview = await client.GetApplicationReviewAsync(rm.ApplicationReviewId);
if (applicationReview.EmployerAccountId == rm.EmployerAccountId)
{
return(applicationReview);
}
throw new AuthorisationException(string.Format(ExceptionMessages.ApplicationReviewUnauthorisedAccess, rm.EmployerAccountId, applicationReview.EmployerAccountId, applicationReview.Id, applicationReview.VacancyReference));
}
public static async Task <ApplicationReview> GetAuthorisedApplicationReviewAsync(IRecruitVacancyClient client, ApplicationReviewRouteModel rm)
{
var applicationReview = await client.GetApplicationReviewAsync(rm.ApplicationReviewId);
var vacancy = await client.GetVacancyAsync(rm.VacancyId);
try
{
CheckAuthorisedAccess(vacancy, rm.EmployerAccountId);
return(applicationReview);
}
catch (Exception)
{
throw new AuthorisationException(string.Format(ExceptionMessages.ApplicationReviewUnauthorisedAccess, rm.EmployerAccountId,
vacancy.EmployerAccountId, rm.ApplicationReviewId, vacancy.Id));
}
}
