public void User_Can_Not_Update_Collections_With_Duplicate_Names() { // Spoof an authenticated user by generating a ClaimsPrincipal var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, "FIREBASE_ID_1"), }, "TestAuthentication")); // Instantiate a real repos var collectionRepo = new CollectionRepository(_context); var userRepo = new UserRepository(_context); var projColRepo = new ProjectCollectionRepository(_context); // Instantiate a real CollectionController, passing in CollectionRepo var controller = new CollectionController(userRepo, collectionRepo, projColRepo); controller.ControllerContext = new ControllerContext(); // Required to create the controller controller.ControllerContext.HttpContext = new DefaultHttpContext { User = user }; // Pretend the user is making a request to the controller // Create a collection with a duplicate name // create a new collectionFormViewModel var collectionForm = new CollectionFormViewModel() { Collection = new Collection() { Id = 2, UserId = 1, CategorizationId = 1, Name = "Monsters", Description = "HA-HA! The titles match >:)", Pinned = false, CreationDate = DateTime.Now - TimeSpan.FromDays(15) }, ProjectCollections = new List <ProjectCollection>() { new ProjectCollection() { ProjectId = 1, CollectionId = 0 // I won't know this until it's made }, new ProjectCollection() { ProjectId = 2, CollectionId = 0 // I won't know this until it's made } } }; // Attempt to Update collection var response = controller.Put(collectionForm.Collection.Id, collectionForm); // Should return created result Assert.IsType <NotFoundResult>(response); }
public void Anonymous_User_Can_Not_Add_Collection() { // Spoof an authenticated user by generating a ClaimsPrincipal var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, "FIREBASE_USER666"), }, "TestAuthentication")); // create a new collectionFormViewModel var collectionForm = new CollectionFormViewModel() { Collection = new Collection() { UserId = 1, CategorizationId = 1, Name = "New stuff", Description = "New lame description.", Pinned = false, CreationDate = DateTime.Now - TimeSpan.FromDays(10) }, ProjectCollections = new List <ProjectCollection>() { new ProjectCollection() { ProjectId = 1, CollectionId = 0 } } }; // Spoof UserController var controller = new CollectionController(_fakeUserRepo.Object, _fakeCollectionRepo.Object, _fakeProjColRepo.Object); controller.ControllerContext = new ControllerContext(); // Required to create the controller controller.ControllerContext.HttpContext = new DefaultHttpContext { User = user }; // Pretend the user is making a request to the controller // Attempt to Get this User's collections var response = controller.Add(collectionForm); // Returns Ok Assert.IsType <NotFoundResult>(response); // Verify we never called the repo method _fakeCollectionRepo.Verify(r => r.Add(It.IsAny <Collection>()), Times.Never()); }
public void If_This_Collection_To_Update_Is_Not_Mine_Do_Not_Update() { // Spoof an authenticated user by generating a ClaimsPrincipal var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, "FIREBASE_USER2"), }, "TestAuthentication")); // Make a fake collection to update Collection collection = new Collection() { Id = 1, UserId = 1, CategorizationId = 1, Name = "New stuff", Description = "New lame description.", Pinned = false, CreationDate = DateTime.Now - TimeSpan.FromDays(10) }; // Make collectionForm to pass into put CollectionFormViewModel collectionForm = new CollectionFormViewModel() { Collection = collection, ProjectCollections = new List <ProjectCollection>() }; // Use a matching Id var collectionParamId = 1; // Spoof UserController var controller = new CollectionController(_fakeUserRepo.Object, _fakeCollectionRepo.Object, _fakeProjColRepo.Object); controller.ControllerContext = new ControllerContext(); // Required to create the controller controller.ControllerContext.HttpContext = new DefaultHttpContext { User = user }; // Pretend the user is making a request to the controller // Attempt to Get this User's collections var response = controller.Put(collectionParamId, collectionForm); // Returns Ok Assert.IsType <NotFoundResult>(response); }
public IActionResult Add(CollectionFormViewModel collectionForm) { // For the Add, do not need to check for if the projectCollections are in the db // because this Collection is unique, there can be no duplicates. var firebaseUser = _utils.GetCurrentUser(User); // Check to ensure an unauthorized user (anonymous account) can not add a collection if (firebaseUser == null) { return(NotFound()); } // Ensure the userId on the incoming collection matches the person making the request if (collectionForm.Collection.UserId != firebaseUser.Id) { return(BadRequest()); } // Get all of this user's collections var allCollections = _collectionRepo.Get(firebaseUser.Id); // see if the name of the incoming collection is in the db var collectionWithThatName = allCollections.Find(c => c.Name == collectionForm.Collection.Name); // if there is a returned collection, we can't add because name isn't unique for this user if (collectionWithThatName != null) { return(NotFound()); } // Need to add the default requirements for the collection here collectionForm.Collection.CategorizationId = 1; collectionForm.Collection.CreationDate = DateTime.Now; try { _collectionRepo.Add(collectionForm.Collection); try { // After we add the collection, assign the collection id to each projectCollection foreach (var projectCollection in collectionForm.ProjectCollections) { projectCollection.CollectionId = collectionForm.Collection.Id; } } // The user attempted to enter Null for their ProjectCollecitons catch (NullReferenceException e) { // Make a CollectionDetailsViewModel to pass the created collection into for deletion var collectionDetailsVm = new CollectionDetailsViewModel { Collection = collectionForm.Collection, ProjectCollections = new List <ProjectCollection>(), Words = new List <Word>() }; // Remove the just entered collection from db _collectionRepo.Delete(collectionDetailsVm); // Return a BadRequest return(BadRequest()); } // Add ProjectCollections _projColRepo.Add(collectionForm.ProjectCollections); return(Ok(collectionForm)); } catch (DbUpdateException e) { return(NotFound()); } }
public IActionResult Put(int id, CollectionFormViewModel incomingCollectionForm) { // Get current user var firebaseUser = _utils.GetCurrentUser(User); // Ensure an unauthorized user (anonymous account) can not update if (firebaseUser == null) { return(NotFound()); } // Collection Id coming from URL must match the Collection object's Id if (id != incomingCollectionForm.Collection.Id) { return(BadRequest()); } // Get Collection by Id to ensure it's in db CollectionDetailsViewModel collectionDetailsToUpdate; try { // If a user attempts to get an Id not in the db, causes a NullReferenceException error collectionDetailsToUpdate = _collectionRepo.GetByCollectionId(id); } catch (NullReferenceException e) { return(NotFound()); } // If it wasn't in the db don't let them update if (collectionDetailsToUpdate == null) { return(NotFound()); } // Get all of this user's collections var allCollections = _collectionRepo.Get(firebaseUser.Id); // see if the name of the incoming collection is in the db var collectionsWithThatName = allCollections.Where(c => c.Name == incomingCollectionForm.Collection.Name).ToList(); // If the count is greater than 1, so it's in the DB, check to see what the Id is if (collectionsWithThatName.Count > 0) { // If the Ids match, we can update, otherwise, it's already in db and not the current item if (collectionsWithThatName[0].Id != incomingCollectionForm.Collection.Id) { return(NotFound()); } } // Get Collection's owner to ensure this is current user's collection var collectionOwner = collectionDetailsToUpdate.Collection.UserId; // Check if incoming user is the same one requesting deletion if (collectionOwner != firebaseUser.Id) { return(NotFound()); } // ** At this point, we know the person is able to update the collection. // By using the collectionDetailsToUpdate we retrieved from the db, // we re-assign its values that are editable, based on the incoming collection collectionDetailsToUpdate.Collection.Name = incomingCollectionForm.Collection.Name; collectionDetailsToUpdate.Collection.Description = incomingCollectionForm.Collection.Description; try { // When updating a Collection, we DELETE all current ProjCols then ADD all incoming // Delete all the ProjectCollections from collectionToUpdate _projColRepo.Delete(collectionDetailsToUpdate.ProjectCollections); // Add all incoming ProjectCollections _projColRepo.Add(incomingCollectionForm.ProjectCollections); _collectionRepo.Update(collectionDetailsToUpdate.Collection); return(NoContent()); } catch (DbUpdateException e) { return(NotFound()); } }