| public OnActionExecuting ( System.Web.Http.Controllers.HttpActionContext actionContext ) : void | ||
| actionContext | System.Web.Http.Controllers.HttpActionContext | |
| return | void | |
public void ShouldSuccessWhenParameterIsUserAndUserIsAllowed()
{
_controller.ControllerContext.RequestContext.Principal =
new GenericPrincipal(new GenericIdentity("foo", "bar"), new[] { "user" });
_userResource.Setup(a => a.GetByUserName(It.IsAny<string>())).Returns(new User { Id = 1 });
_httpActionContext.ActionArguments.Add("dummy", new User { Id = 1 });
var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object };
Assert.DoesNotThrow(() => attribute.OnActionExecuting(_httpActionContext));
}
public void ShouldSuccessfullyGetUserIdInComplexObjectParameter()
{
var complexDummyObject = new DummyComplexObject
{
SomeValue = 1,
DummyObject = new DummyObject
{
Name = "foobar",
User = new User
{
Id = 1
}
}
};
_controller.ControllerContext.RequestContext.Principal =
new GenericPrincipal(new GenericIdentity("foo", "bar"), new[] { "user" });
_userResource.Setup(a => a.GetByUserName(It.IsAny<string>())).Returns(new User { Id = 1 });
_httpActionContext.ActionArguments.Add("dummy", complexDummyObject);
var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object };
Assert.DoesNotThrow(() => attribute.OnActionExecuting(_httpActionContext));
}
public void ShouldThrowWhenFailedToFetchUser()
{
_httpActionContext.ActionArguments.Add("dummy", new DummyObject { User = new User { Id = 1 } });
_controller.ControllerContext.RequestContext.Principal =
new GenericPrincipal(new GenericIdentity("foo", "bar"), new[] { "user" });
_userResource.Setup(a => a.GetByUserName(It.IsAny<string>())).Returns((User)null);
var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object };
var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext));
Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode);
}
public void ShouldThrowWhenNameIsEmptyInPrincipal()
{
_httpActionContext.ActionArguments.Add("dummy", new DummyObject { User = new User { Id = 1 } });
_controller.ControllerContext.RequestContext.Principal =
new GenericPrincipal(new GenericIdentity("", ""), null);
var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object };
var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext));
Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode);
}
public void ShouldThrowWhenIdInUserPropertyIsZeroInParameter()
{
_httpActionContext.ActionArguments.Add("dummy", new DummyObject { User = new User { Id = 0 } });
var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object };
var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext));
Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode);
}
public void ShouldThrowWhenNoParameterIsUsed()
{
var attribute = new PreventCrossUserManipulationAttribute { UsersResource = _userResource.Object };
var result = Assert.Throws<HttpResponseException>(() => attribute.OnActionExecuting(_httpActionContext));
Assert.AreEqual(HttpStatusCode.InternalServerError, result.Response.StatusCode);
}
