public void User_Can_Not_Update_Collections_With_Duplicate_Names()
{
// Spoof an authenticated user by generating a ClaimsPrincipal
var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] {
new Claim(ClaimTypes.NameIdentifier, "FIREBASE_ID_1"),
}, "TestAuthentication"));
// Instantiate a real repos
var collectionRepo = new CollectionRepository(_context);
var userRepo = new UserRepository(_context);
var projColRepo = new ProjectCollectionRepository(_context);
// Instantiate a real CollectionController, passing in CollectionRepo
var controller = new CollectionController(userRepo, collectionRepo, projColRepo);
controller.ControllerContext = new ControllerContext(); // Required to create the controller
controller.ControllerContext.HttpContext = new DefaultHttpContext {
User = user
}; // Pretend the user is making a request to the controller
// Create a collection with a duplicate name
// create a new collectionFormViewModel
var collectionForm = new CollectionFormViewModel()
{
Collection = new Collection()
{
Id = 2,
UserId = 1,
CategorizationId = 1,
Name = "Monsters",
Description = "HA-HA! The titles match >:)",
Pinned = false,
CreationDate = DateTime.Now - TimeSpan.FromDays(15)
},
ProjectCollections = new List <ProjectCollection>()
{
new ProjectCollection()
{
ProjectId = 1,
CollectionId = 0 // I won't know this until it's made
},
new ProjectCollection()
{
ProjectId = 2,
CollectionId = 0 // I won't know this until it's made
}
}
};
// Attempt to Update collection
var response = controller.Put(collectionForm.Collection.Id, collectionForm);
// Should return created result
Assert.IsType <NotFoundResult>(response);
}
public void Anonymous_User_Can_Not_Add_Collection()
{
// Spoof an authenticated user by generating a ClaimsPrincipal
var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] {
new Claim(ClaimTypes.NameIdentifier, "FIREBASE_USER666"),
}, "TestAuthentication"));
// create a new collectionFormViewModel
var collectionForm = new CollectionFormViewModel()
{
Collection = new Collection()
{
UserId = 1,
CategorizationId = 1,
Name = "New stuff",
Description = "New lame description.",
Pinned = false,
CreationDate = DateTime.Now - TimeSpan.FromDays(10)
},
ProjectCollections = new List <ProjectCollection>()
{
new ProjectCollection()
{
ProjectId = 1,
CollectionId = 0
}
}
};
// Spoof UserController
var controller = new CollectionController(_fakeUserRepo.Object, _fakeCollectionRepo.Object, _fakeProjColRepo.Object);
controller.ControllerContext = new ControllerContext(); // Required to create the controller
controller.ControllerContext.HttpContext = new DefaultHttpContext {
User = user
}; // Pretend the user is making a request to the controller
// Attempt to Get this User's collections
var response = controller.Add(collectionForm);
// Returns Ok
Assert.IsType <NotFoundResult>(response);
// Verify we never called the repo method
_fakeCollectionRepo.Verify(r => r.Add(It.IsAny <Collection>()), Times.Never());
}
public void If_This_Collection_To_Update_Is_Not_Mine_Do_Not_Update()
{
// Spoof an authenticated user by generating a ClaimsPrincipal
var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] {
new Claim(ClaimTypes.NameIdentifier, "FIREBASE_USER2"),
}, "TestAuthentication"));
// Make a fake collection to update
Collection collection = new Collection()
{
Id = 1,
UserId = 1,
CategorizationId = 1,
Name = "New stuff",
Description = "New lame description.",
Pinned = false,
CreationDate = DateTime.Now - TimeSpan.FromDays(10)
};
// Make collectionForm to pass into put
CollectionFormViewModel collectionForm = new CollectionFormViewModel()
{
Collection = collection,
ProjectCollections = new List <ProjectCollection>()
};
// Use a matching Id
var collectionParamId = 1;
// Spoof UserController
var controller = new CollectionController(_fakeUserRepo.Object, _fakeCollectionRepo.Object, _fakeProjColRepo.Object);
controller.ControllerContext = new ControllerContext(); // Required to create the controller
controller.ControllerContext.HttpContext = new DefaultHttpContext {
User = user
}; // Pretend the user is making a request to the controller
// Attempt to Get this User's collections
var response = controller.Put(collectionParamId, collectionForm);
// Returns Ok
Assert.IsType <NotFoundResult>(response);
}
public IActionResult Add(CollectionFormViewModel collectionForm)
{
// For the Add, do not need to check for if the projectCollections are in the db
// because this Collection is unique, there can be no duplicates.
var firebaseUser = _utils.GetCurrentUser(User);
// Check to ensure an unauthorized user (anonymous account) can not add a collection
if (firebaseUser == null)
{
return(NotFound());
}
// Ensure the userId on the incoming collection matches the person making the request
if (collectionForm.Collection.UserId != firebaseUser.Id)
{
return(BadRequest());
}
// Get all of this user's collections
var allCollections = _collectionRepo.Get(firebaseUser.Id);
// see if the name of the incoming collection is in the db
var collectionWithThatName = allCollections.Find(c => c.Name == collectionForm.Collection.Name);
// if there is a returned collection, we can't add because name isn't unique for this user
if (collectionWithThatName != null)
{
return(NotFound());
}
// Need to add the default requirements for the collection here
collectionForm.Collection.CategorizationId = 1;
collectionForm.Collection.CreationDate = DateTime.Now;
try
{
_collectionRepo.Add(collectionForm.Collection);
try
{
// After we add the collection, assign the collection id to each projectCollection
foreach (var projectCollection in collectionForm.ProjectCollections)
{
projectCollection.CollectionId = collectionForm.Collection.Id;
}
}
// The user attempted to enter Null for their ProjectCollecitons
catch (NullReferenceException e)
{
// Make a CollectionDetailsViewModel to pass the created collection into for deletion
var collectionDetailsVm = new CollectionDetailsViewModel
{
Collection = collectionForm.Collection,
ProjectCollections = new List <ProjectCollection>(),
Words = new List <Word>()
};
// Remove the just entered collection from db
_collectionRepo.Delete(collectionDetailsVm);
// Return a BadRequest
return(BadRequest());
}
// Add ProjectCollections
_projColRepo.Add(collectionForm.ProjectCollections);
return(Ok(collectionForm));
}
catch (DbUpdateException e)
{
return(NotFound());
}
}
public IActionResult Put(int id, CollectionFormViewModel incomingCollectionForm)
{
// Get current user
var firebaseUser = _utils.GetCurrentUser(User);
// Ensure an unauthorized user (anonymous account) can not update
if (firebaseUser == null)
{
return(NotFound());
}
// Collection Id coming from URL must match the Collection object's Id
if (id != incomingCollectionForm.Collection.Id)
{
return(BadRequest());
}
// Get Collection by Id to ensure it's in db
CollectionDetailsViewModel collectionDetailsToUpdate;
try
{
// If a user attempts to get an Id not in the db, causes a NullReferenceException error
collectionDetailsToUpdate = _collectionRepo.GetByCollectionId(id);
}
catch (NullReferenceException e)
{
return(NotFound());
}
// If it wasn't in the db don't let them update
if (collectionDetailsToUpdate == null)
{
return(NotFound());
}
// Get all of this user's collections
var allCollections = _collectionRepo.Get(firebaseUser.Id);
// see if the name of the incoming collection is in the db
var collectionsWithThatName = allCollections.Where(c => c.Name == incomingCollectionForm.Collection.Name).ToList();
// If the count is greater than 1, so it's in the DB, check to see what the Id is
if (collectionsWithThatName.Count > 0)
{
// If the Ids match, we can update, otherwise, it's already in db and not the current item
if (collectionsWithThatName[0].Id != incomingCollectionForm.Collection.Id)
{
return(NotFound());
}
}
// Get Collection's owner to ensure this is current user's collection
var collectionOwner = collectionDetailsToUpdate.Collection.UserId;
// Check if incoming user is the same one requesting deletion
if (collectionOwner != firebaseUser.Id)
{
return(NotFound());
}
// ** At this point, we know the person is able to update the collection.
// By using the collectionDetailsToUpdate we retrieved from the db,
// we re-assign its values that are editable, based on the incoming collection
collectionDetailsToUpdate.Collection.Name = incomingCollectionForm.Collection.Name;
collectionDetailsToUpdate.Collection.Description = incomingCollectionForm.Collection.Description;
try
{
// When updating a Collection, we DELETE all current ProjCols then ADD all incoming
// Delete all the ProjectCollections from collectionToUpdate
_projColRepo.Delete(collectionDetailsToUpdate.ProjectCollections);
// Add all incoming ProjectCollections
_projColRepo.Add(incomingCollectionForm.ProjectCollections);
_collectionRepo.Update(collectionDetailsToUpdate.Collection);
return(NoContent());
}
catch (DbUpdateException e)
{
return(NotFound());
}
}
