public async Task <CommentViewModel> Edit(CommentInputEditModel model, string username)
{
if (IsValidComment(model.Id))
{
throw new ArgumentException($"Comment with id '{model.Id}' does not exist.");
}
var user = this.userRepository.Query().FirstOrDefault(u => u.UserName == username);
var comment = this.commentRepository.Query().Include(c => c.Author).First(c => c.Id == model.Id);
var isCallerAdmin = await this.UserManager.IsInRoleAsync(user, "Admin");
if (comment?.Author.Email != user?.Email && !isCallerAdmin)
{
throw new UnauthorizedAccessException("You are not allowed for this operation.");
}
comment.Text = model.Text;
comment.CreationDate = DateTime.UtcNow;
this.commentRepository.Update(comment);
await this.commentRepository.SaveChangesAsync();
return(this.Mapper.Map <CommentViewModel>(comment));
}
public async Task <object> Edit(int id, [FromBody] CommentInputEditModel model)
{
if (id != model.Id)
{
return(this.BadRequest(new ReturnMessage {
Message = "Invalid ids"
}));
}
try
{
var comment = await this.commentService.Edit(model, this.User.FindFirst(ClaimTypes.Name).Value);
return(this.Ok(new CreateEditReturnMessage <CommentViewModel>
{
Message = "Comment edited successfully", Data = comment
}));
}
catch (UnauthorizedAccessException e)
{
return(this.Unauthorized(new ReturnMessage {
Message = e.Message
}));
}
catch (Exception e)
{
return(this.BadRequest(new ReturnMessage {
Message = e.Message
}));
}
}
public async Task EditCommentFailInvalidAuthor(string email, string password, string username, int commentId, string body)
{
await this.Register(email, password, username);
var token = await this.Login(email, password);
this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);
var post = new CommentInputEditModel
{
Id = commentId,
Text = body
};
var json = new StringContent(
JsonConvert.SerializeObject(post),
Encoding.UTF8,
"application/json");
var response = await this.client.PutAsync(CommentEditEndpoint + commentId, json);
var content = JsonConvert.DeserializeObject <ReturnMessage>(await response.Content.ReadAsStringAsync());
Assert.Equal(StatusCodes.Status401Unauthorized, content.Status);
Assert.Equal("You are not allowed for this operation.", content.Message);
}
public async Task EditCommentSuccessfully(string email, string password, int commentId, string body)
{
var token = await this.Login(email, password);
this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);
var post = new CommentInputEditModel
{
Id = commentId,
Text = body
};
var json = new StringContent(
JsonConvert.SerializeObject(post),
Encoding.UTF8,
"application/json");
var response = await this.client.PutAsync(CommentEditEndpoint + commentId, json);
response.EnsureSuccessStatusCode();
var content = JsonConvert.DeserializeObject <CreateEditReturnMessage <CommentViewModel> >(await response.Content.ReadAsStringAsync());
Assert.Equal(StatusCodes.Status200OK, content.Status);
Assert.Equal("Comment edited successfully", content.Message);
}
public async Task CommentEditFailInvalidAuthor(string username, string commentText, string newText, string fakeUsername, string fakeEmail)
{
await this.Seed();
await this.userRepository.AddAsync(new User { UserName = fakeUsername, Email = fakeEmail });
await this.userRepository.SaveChangesAsync();
var post = this.postRepository.Query().ToList().Last().Id;
var allBeforeAdd = this.commentRepository.Query().ToList().Count;
var comment = await this.commentService.Create(new CommentInputModel
{
PostId = post,
Text = commentText
}, username);
var afterAddCommentsCount = this.commentRepository.Query().ToList().Count;
var postComments =
this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments;
Assert.Equal(1, postComments.Count);
Assert.Equal(commentText, comment.Text);
Assert.Equal(comment.Id, postComments.First().Id);
Assert.Equal(commentText, postComments.First().Text);
Assert.Equal(allBeforeAdd + 1, afterAddCommentsCount);
Assert.Equal(username, comment.Author);
var commentEditModel = new CommentInputEditModel
{
Id = comment.Id,
Text = newText
};
var exception = await Assert.ThrowsAsync <UnauthorizedAccessException>(async() =>
await this.commentService.Edit(commentEditModel, fakeUsername));
Assert.Equal("You are not allowed for this operation.", exception.Message);
postComments =
this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments;
Assert.Equal(1, postComments.Count);
Assert.Equal(commentText, comment.Text);
Assert.Equal(comment.Id, postComments.First().Id);
Assert.Equal(commentText, postComments.First().Text);
Assert.Equal(allBeforeAdd + 1, afterAddCommentsCount);
Assert.Equal(username, comment.Author);
}
public async Task CommentEditSuccessfully(string username, string commentText, string newText)
{
await this.Seed();
var post = this.postRepository.Query().ToList().Last().Id;
var allBeforeAdd = this.commentRepository.Query().ToList().Count;
var comment = await this.commentService.Create(new CommentInputModel
{
PostId = post,
Text = commentText
}, username);
var afterAddCommentsCount = this.commentRepository.Query().ToList().Count;
var postComments =
this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments;
Assert.Equal(1, postComments.Count);
Assert.Equal(commentText, comment.Text);
Assert.Equal(comment.Id, postComments.First().Id);
Assert.Equal(commentText, postComments.First().Text);
Assert.Equal(allBeforeAdd + 1, afterAddCommentsCount);
Assert.Equal(username, comment.Author);
var commentEditModel = new CommentInputEditModel
{
Id = comment.Id,
Text = newText
};
comment = await this.commentService.Edit(commentEditModel, username);
var afterEditCommentsCount = this.commentRepository.Query().ToList().Count;
postComments =
this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments;
Assert.Equal(1, postComments.Count);
Assert.Equal(newText, comment.Text);
Assert.Equal(comment.Id, postComments.First().Id);
Assert.Equal(newText, postComments.First().Text);
Assert.Equal(username, comment.Author);
Assert.Equal(afterAddCommentsCount, afterEditCommentsCount);
Assert.Equal(username, comment.Author);
Assert.Equal(post, comment.PostId);
}
public async Task CommentEditFailInvalidCommentId(string username, string commentText, string newText)
{
await this.Seed();
var post = this.postRepository.Query().ToList().Last().Id;
var allBeforeAdd = this.commentRepository.Query().ToList().Count;
var comment = await this.commentService.Create(new CommentInputModel
{
PostId = post,
Text = commentText
}, username);
var afterAddCommentsCount = this.commentRepository.Query().ToList().Count();
var postComments =
this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments;
Assert.Equal(1, postComments.Count);
Assert.Equal(commentText, comment.Text);
Assert.Equal(comment.Id, postComments.First().Id);
Assert.Equal(commentText, postComments.First().Text);
Assert.Equal(allBeforeAdd + 1, afterAddCommentsCount);
Assert.Equal(username, comment.Author);
var commentEditModel = new CommentInputEditModel
{
Id = 42,
Text = newText
};
var exception = await Assert.ThrowsAsync <ArgumentException>(async() => await this.commentService.Edit(commentEditModel, username));
Assert.Equal($"Comment with id '{42}' does not exist.", exception.Message);
postComments =
this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments;
Assert.Equal(1, postComments.Count);
Assert.Equal(commentText, comment.Text);
Assert.Equal(comment.Id, postComments.First().Id);
Assert.Equal(commentText, postComments.First().Text);
Assert.Equal(allBeforeAdd + 1, afterAddCommentsCount);
Assert.Equal(username, comment.Author);
}
public async Task EditCommentFailDueToInvalidParameters(string email, string password, int commentId, string body)
{
var token = await this.Login(email, password);
this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);
var post = new CommentInputEditModel
{
Id = commentId,
Text = body
};
var json = new StringContent(
JsonConvert.SerializeObject(post),
Encoding.UTF8,
"application/json");
var response = await this.client.PutAsync(CommentEditEndpoint + commentId, json);
var content = JsonConvert.DeserializeObject <ReturnMessage>(await response.Content.ReadAsStringAsync());
Assert.Equal(StatusCodes.Status400BadRequest, content.Status);
Assert.Equal(ValidationMessage, content.Title);
}
