public async void GetUserDataHandler_RequestingUserData_ReturnsCorrectUser()
{
// Arrange
IGetManageUserDataAccess dataAccess = CreateFakeDataAccess();
IWeeeAuthorization authorization = AuthorizationBuilder.CreateUserWithAllRights();
GetUserDataHandler handler = new GetUserDataHandler(userContext, authorization, dataAccess);
GetUserData request = new GetUserData(orgUserId);
// Act
var response = await handler.HandleAsync(request);
// Assert
Assert.NotNull(response);
Assert.Equal(response.Email, "*****@*****.**");
Assert.Equal(response.OrganisationName, "Test ltd.");
}
public async void GetUserDataHandler_WithNonInternalUser_ThrowSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrange
IGetManageUserDataAccess dataAccess = A.Fake<IGetManageUserDataAccess>();
A.CallTo(() => dataAccess.GetCompetentAuthorityUser(Guid.NewGuid())).Returns(new ManageUserData());
A.CallTo(() => dataAccess.GetOrganisationUser(Guid.NewGuid())).Returns(new ManageUserData());
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
GetUserDataHandler handler = new GetUserDataHandler(userContext, authorization, dataAccess);
GetUserData request = new GetUserData(Guid.NewGuid());
// Act
Func<Task<ManageUserData>> action = () => handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync<SecurityException>(action);
}
public async void GetUserDataHandler_RequestingUserData_ReturnsCorrectUser()
{
// Arrange
IGetManageUserDataAccess dataAccess = CreateFakeDataAccess();
IWeeeAuthorization authorization = AuthorizationBuilder.CreateUserWithAllRights();
GetUserDataHandler handler = new GetUserDataHandler(userContext, authorization, dataAccess);
GetUserData request = new GetUserData(orgUserId);
// Act
var response = await handler.HandleAsync(request);
// Assert
Assert.NotNull(response);
Assert.Equal(response.Email, "*****@*****.**");
Assert.Equal(response.OrganisationName, "Test ltd.");
}
public async Task GetUserDataHandler_ReturnsFalseForCanEditUser_WhenCurrentUserIsNotInternalAdmin()
{
// Arrange
var dataAccess = A.Dummy <IGetManageUserDataAccess>();
var userContext = A.Dummy <IUserContext>();
var authorization = new AuthorizationBuilder()
.AllowInternalAreaAccess()
.DenyRole(Roles.InternalAdmin)
.Build();
var handler = new GetUserDataHandler(userContext, authorization, dataAccess);
// Act
var result = await handler.HandleAsync(A.Dummy <GetUserData>());
// Assert
Assert.False(result.CanEditUser);
}
public async void GetUserDataHandler_WithNonInternalUser_ThrowSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrange
IGetManageUserDataAccess dataAccess = A.Fake <IGetManageUserDataAccess>();
A.CallTo(() => dataAccess.GetCompetentAuthorityUser(Guid.NewGuid())).Returns(new ManageUserData());
A.CallTo(() => dataAccess.GetOrganisationUser(Guid.NewGuid())).Returns(new ManageUserData());
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
GetUserDataHandler handler = new GetUserDataHandler(userContext, authorization, dataAccess);
GetUserData request = new GetUserData(Guid.NewGuid());
// Act
Func <Task <ManageUserData> > action = () => handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task GetUserDataHandler_ReturnsFalseForCanEditUser_WhenCurrentUserIsNotInternalAdmin()
{
// Arrange
var dataAccess = A.Dummy<IGetManageUserDataAccess>();
var userContext = A.Dummy<IUserContext>();
var authorization = new AuthorizationBuilder()
.AllowInternalAreaAccess()
.DenyRole(Roles.InternalAdmin)
.Build();
var handler = new GetUserDataHandler(userContext, authorization, dataAccess);
// Act
var result = await handler.HandleAsync(A.Dummy<GetUserData>());
// Assert
Assert.False(result.CanEditUser);
}
