//[Fact]
public async System.Threading.Tasks.Task UserCantAccessAnotherUsersApplicationAttachments()
{
// verify (before we log in) that we are not logged in
await GetCurrentUserIsUnauthorized();
// register as a new user (creates an account and contact)
var loginUser1 = randomNewUserName("NewSecUser1", 6);
var businessName1 = randomNewUserName(loginUser1, 6);
var strId1 = await LoginAndRegisterAsNewUser(loginUser1, businessName1);
// verify the current user represents our new user
ViewModels.User user1 = await GetCurrentUser();
Assert.Equal(user1.name, loginUser1 + " TestUser");
Assert.Equal(user1.businessname, businessName1 + " TestBusiness");
// fetch our current account
ViewModels.Account account1 = await GetAccountForCurrentUser();
ViewModels.AdoxioLegalEntity legalEntity1 = await SecurityHelper.GetLegalEntityRecordForCurrent(_client);
Assert.Equal(user1.accountid, account1.id);
// *** create some license applications
ViewModels.AdoxioApplication application1 = await SecurityHelper.CreateLicenceApplication(_client, account1);
Assert.NotNull(application1);
var tmp = await SecurityHelper.GetLicenceApplication(_client, application1.id, true);
Assert.NotNull(tmp);
// add an attachment to the application
string file1 = await SecurityHelper.UploadFileToApplication(_client, application1.id, "TestAppFileSecurity");
List <ViewModels.FileSystemItem> file1s = await SecurityHelper.GetFileListForApplication(_client, application1.id, "TestAppFileSecurity", true);
Assert.NotNull(file1s);
Assert.Single(file1s);
//string _data1 = await SecurityHelper.DownloadFileForApplication(_client, application1.id, file1s[0].id, true);
// ***
// logout and verify we are logged out
await Logout();
await GetCurrentUserIsUnauthorized();
// register and login as a second user
var loginUser2 = randomNewUserName("NewSecUser2", 6);
var businessName2 = randomNewUserName(loginUser2, 6);
var strId2 = await LoginAndRegisterAsNewUser(loginUser2, businessName2);
ViewModels.User user2 = await GetCurrentUser();
Assert.Equal(user2.name, loginUser2 + " TestUser");
Assert.Equal(user2.businessname, businessName2 + " TestBusiness");
ViewModels.Account account2 = await GetAccountForCurrentUser();
Assert.NotEqual(account1.id, account2.id);
Assert.Equal(user2.accountid, account2.id);
// *** as user 2, try to access license applications of account 1
tmp = await SecurityHelper.GetLicenceApplication(_client, application1.id, false);
Assert.Null(tmp);
// test access to the application's attachment
List <ViewModels.FileSystemItem> file2s = await SecurityHelper.GetFileListForApplication(_client, application1.id, "TestFileSecurity", false);
Assert.Null(file2s);
//string _data2 = await SecurityHelper.DownloadFileForApplication(_client, application1.id, file1s[0].id, true);
// ***
// logout and cleanup second test user
await LogoutAndCleanupTestUser(strId2);
await GetCurrentUserIsUnauthorized();
// login again as the same user as above ^^^
await Login(loginUser1, businessName1);
user1 = await GetCurrentUser();
Assert.Equal(user1.name, loginUser1 + " TestUser");
Assert.Equal(user1.businessname, businessName1 + " TestBusiness");
account1 = await GetAccountForCurrentUser();
// *** delete license applications of account 1
// delete the application's attachments
//await SecurityHelper.DeleteFileForApplication(_client, application1.id, file1s[0].id);
await SecurityHelper.DeleteLicenceApplication(_client, application1.id);
// ***
// logout and cleanup (deletes the account and contact created above ^^^)
await LogoutAndCleanupTestUser(strId1);
await GetCurrentUserIsUnauthorized();
}
