public async Task UpdateApprovalStatusForAllocationLine_WhenUserDoesHavePublishFundingPermission_ThenActionAllowed()
{
// Arrange
string specificationId = "abc123";
PublishedAllocationLineResultStatusUpdateViewModel model = new PublishedAllocationLineResultStatusUpdateViewModel
{
Status = AllocationLineStatusViewModel.Published,
Providers = new List <PublishedAllocationLineResultStatusUpdateProviderViewModel>()
};
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanPublishFunding))
.Returns(true);
IResultsApiClient resultsClient = CreateResultsClient();
resultsClient
.UpdatePublishedAllocationLineStatusByBatch(Arg.Is(specificationId), Arg.Any <PublishedAllocationLineResultStatusUpdateModel>())
.Returns(new ValidatedApiResponse <PublishedAllocationLineResultStatusUpdateResponseModel>(HttpStatusCode.OK, new PublishedAllocationLineResultStatusUpdateResponseModel()));
ApprovalController controller = CreateApprovalController(resultsClient: resultsClient, authorizationHelper: authorizationHelper);
// Act
IActionResult result = await controller.UpdateApprovalStatusForAllocationLine(specificationId, model);
// Assert
result.Should().BeOfType <OkResult>();
}
public async Task UpdateApprovalStatusForAllocationLine_ThenCallEndpointToScheduleJob()
{
// Arrange
string specificationId = "abc123";
PublishedAllocationLineResultStatusUpdateViewModel model = new PublishedAllocationLineResultStatusUpdateViewModel
{
Status = AllocationLineStatusViewModel.Approved,
Providers = new List <PublishedAllocationLineResultStatusUpdateProviderViewModel>()
};
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveFunding))
.Returns(true);
IResultsApiClient resultsClient = CreateResultsClient();
ApprovalController controller = CreateApprovalController(resultsClient: resultsClient, authorizationHelper: authorizationHelper);
// Act
IActionResult result = await controller.UpdateApprovalStatusForAllocationLine(specificationId, model);
// Assert
result.Should().BeOfType <OkResult>();
await resultsClient
.Received(1)
.UpdatePublishedAllocationLineStatus(Arg.Is(specificationId), Arg.Any <PublishedAllocationLineResultStatusUpdateModel>());
}
public async Task UpdateApprovalStatusForAllocationLine_WhenUserDoesNotHaveApproveFundingPermission_ThenReturn403()
{
// Arrange
string specificationId = "abc123";
PublishedAllocationLineResultStatusUpdateViewModel model = new PublishedAllocationLineResultStatusUpdateViewModel
{
Status = AllocationLineStatusViewModel.Approved
};
IAuthorizationHelper authorizationHelper = Substitute.For <IAuthorizationHelper>();
authorizationHelper
.DoesUserHavePermission(Arg.Any <ClaimsPrincipal>(), Arg.Is(specificationId), Arg.Is(SpecificationActionTypes.CanApproveFunding))
.Returns(false);
ApprovalController controller = CreateApprovalController(authorizationHelper: authorizationHelper);
// Act
IActionResult result = await controller.UpdateApprovalStatusForAllocationLine(specificationId, model);
// Assert
result.Should().BeOfType <ForbidResult>();
}
public async Task <IActionResult> UpdateApprovalStatusForAllocationLine([FromRoute] string specificationId, [FromBody] PublishedAllocationLineResultStatusUpdateViewModel allocationLines)
{
Guard.ArgumentNotNull(allocationLines, nameof(allocationLines));
if (allocationLines.Status != AllocationLineStatusViewModel.Approved && allocationLines.Status != AllocationLineStatusViewModel.Published)
{
ModelState.AddModelError(nameof(allocationLines.Status), "The status provided is not a valid destination status");
}
SpecificationActionTypes permissionRequired = allocationLines.Status == AllocationLineStatusViewModel.Approved ? SpecificationActionTypes.CanApproveFunding : SpecificationActionTypes.CanPublishFunding;
if (!await _authorizationHelper.DoesUserHavePermission(User, specificationId, permissionRequired))
{
return(new ForbidResult());
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
PublishedAllocationLineResultStatusUpdateModel updateModel = new PublishedAllocationLineResultStatusUpdateModel()
{
Status = _mapper.Map <AllocationLineStatus>(allocationLines.Status),
};
Dictionary <string, PublishedAllocationLineResultStatusUpdateProviderModel> updateProviders = new Dictionary <string, PublishedAllocationLineResultStatusUpdateProviderModel>();
foreach (PublishedAllocationLineResultStatusUpdateProviderViewModel updateItem in allocationLines.Providers)
{
PublishedAllocationLineResultStatusUpdateProviderModel providerUpdateModel = null;
if (!updateProviders.ContainsKey(updateItem.ProviderId))
{
providerUpdateModel = new PublishedAllocationLineResultStatusUpdateProviderModel()
{
ProviderId = updateItem.ProviderId,
};
updateProviders.Add(updateItem.ProviderId, providerUpdateModel);
updateModel.AddProvider(providerUpdateModel);
}
else
{
providerUpdateModel = updateProviders[updateItem.ProviderId];
}
providerUpdateModel.AddAllocationLine(updateItem.AllocationLineId);
}
await _resultsClient.UpdatePublishedAllocationLineStatus(specificationId, updateModel);
return(Ok());
}
