public async Task MembershipExistsQuery_ShouldReturnFalse_WhenMembeshipDoesNotExist() { // Arrange MembershipExistsQuery request = new MembershipExistsQuery { GroupMembershipId = 411 }; _unitOfWorkMock .Setup(m => m.GroupMemberships.Exists(request.GroupMembershipId, It.IsAny <CancellationToken>())) .ReturnsAsync(false); MembershipExistsQuery.Handler handler = new MembershipExistsQuery.Handler(_unitOfWorkMock.Object); // Act bool exists = await handler.Handle(request); // Assert Assert.False(exists); }
public async Task <ActionResult> DeleteMembership([FromRoute] int membershipId, CancellationToken cancellationToken = default) { // Check if the membership exists MembershipExistsQuery existsQuery = new MembershipExistsQuery { GroupMembershipId = membershipId }; bool exists = await _mediator.Send(existsQuery, cancellationToken); if (!exists) { return(NotFound(new ErrorResource { StatusCode = StatusCodes.Status404NotFound, Message = $"Membership with ID '{membershipId}' does not exist" })); } // Check if the user is permitted to delete CanDeleteMembershipQuery canDeleteQuery = new CanDeleteMembershipQuery { GroupMembershipIdToDelete = membershipId }; bool canDelete = await _mediator.Send(canDeleteQuery, cancellationToken); if (!canDelete) { return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource { StatusCode = StatusCodes.Status403Forbidden, Message = "You are not permitted to delete users from this group. This privilege is only granted to administrators of the group" })); } // Delete the membership DeleteMembershipCommand deleteCommand = new DeleteMembershipCommand { GroupMembershipId = membershipId }; await _mediator.Send(deleteCommand, cancellationToken); return(NoContent()); }
public async Task <ActionResult> UpdateMembership([FromRoute] int membershipId, [FromBody] UpdateMembershipBody body, CancellationToken cancellationToken = default) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } // Check if membership exists MembershipExistsQuery existsQuery = new MembershipExistsQuery { GroupMembershipId = membershipId }; bool exists = await _mediator.Send(existsQuery, cancellationToken); if (!exists) { return(NotFound(new ErrorResource { StatusCode = StatusCodes.Status404NotFound, Message = $"Membership with ID '{membershipId}' does not exist" })); } // Check if the user wants to update himself IsOwnMembershipQuery isOwnMembershipQuery = new IsOwnMembershipQuery { GroupMembershipId = membershipId }; bool isOwnMembership = await _mediator.Send(isOwnMembershipQuery, cancellationToken); if (isOwnMembership) { return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource { StatusCode = StatusCodes.Status403Forbidden, Message = "Cannot update your own membership" })); } // Check if the current user is allowed to update the membership CanUpdateMembershipQuery canUpdateQuery = new CanUpdateMembershipQuery { GroupMembershipIdToUpdate = membershipId }; bool canUpdate = await _mediator.Send(canUpdateQuery, cancellationToken); if (!canUpdate) { return(StatusCode(StatusCodes.Status403Forbidden, new ErrorResource { StatusCode = StatusCodes.Status403Forbidden, Message = "You are not permitted to mutate users in this group. This privilege is only granted to administrators of the group" })); } // Update membership UpdateMembershipCommand updateCommand = new UpdateMembershipCommand { GroupMembershipId = membershipId, IsAdmin = body.IsAdmin != null && (bool)body.IsAdmin }; await _mediator.Send(updateCommand, cancellationToken); return(NoContent()); }