public async Task <CommentViewModel> Edit(CommentInputEditModel model, string username) { if (IsValidComment(model.Id)) { throw new ArgumentException($"Comment with id '{model.Id}' does not exist."); } var user = this.userRepository.Query().FirstOrDefault(u => u.UserName == username); var comment = this.commentRepository.Query().Include(c => c.Author).First(c => c.Id == model.Id); var isCallerAdmin = await this.UserManager.IsInRoleAsync(user, "Admin"); if (comment?.Author.Email != user?.Email && !isCallerAdmin) { throw new UnauthorizedAccessException("You are not allowed for this operation."); } comment.Text = model.Text; comment.CreationDate = DateTime.UtcNow; this.commentRepository.Update(comment); await this.commentRepository.SaveChangesAsync(); return(this.Mapper.Map <CommentViewModel>(comment)); }
public async Task <object> Edit(int id, [FromBody] CommentInputEditModel model) { if (id != model.Id) { return(this.BadRequest(new ReturnMessage { Message = "Invalid ids" })); } try { var comment = await this.commentService.Edit(model, this.User.FindFirst(ClaimTypes.Name).Value); return(this.Ok(new CreateEditReturnMessage <CommentViewModel> { Message = "Comment edited successfully", Data = comment })); } catch (UnauthorizedAccessException e) { return(this.Unauthorized(new ReturnMessage { Message = e.Message })); } catch (Exception e) { return(this.BadRequest(new ReturnMessage { Message = e.Message })); } }
public async Task EditCommentFailInvalidAuthor(string email, string password, string username, int commentId, string body) { await this.Register(email, password, username); var token = await this.Login(email, password); this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token); var post = new CommentInputEditModel { Id = commentId, Text = body }; var json = new StringContent( JsonConvert.SerializeObject(post), Encoding.UTF8, "application/json"); var response = await this.client.PutAsync(CommentEditEndpoint + commentId, json); var content = JsonConvert.DeserializeObject <ReturnMessage>(await response.Content.ReadAsStringAsync()); Assert.Equal(StatusCodes.Status401Unauthorized, content.Status); Assert.Equal("You are not allowed for this operation.", content.Message); }
public async Task EditCommentSuccessfully(string email, string password, int commentId, string body) { var token = await this.Login(email, password); this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token); var post = new CommentInputEditModel { Id = commentId, Text = body }; var json = new StringContent( JsonConvert.SerializeObject(post), Encoding.UTF8, "application/json"); var response = await this.client.PutAsync(CommentEditEndpoint + commentId, json); response.EnsureSuccessStatusCode(); var content = JsonConvert.DeserializeObject <CreateEditReturnMessage <CommentViewModel> >(await response.Content.ReadAsStringAsync()); Assert.Equal(StatusCodes.Status200OK, content.Status); Assert.Equal("Comment edited successfully", content.Message); }
public async Task CommentEditFailInvalidAuthor(string username, string commentText, string newText, string fakeUsername, string fakeEmail) { await this.Seed(); await this.userRepository.AddAsync(new User { UserName = fakeUsername, Email = fakeEmail }); await this.userRepository.SaveChangesAsync(); var post = this.postRepository.Query().ToList().Last().Id; var allBeforeAdd = this.commentRepository.Query().ToList().Count; var comment = await this.commentService.Create(new CommentInputModel { PostId = post, Text = commentText }, username); var afterAddCommentsCount = this.commentRepository.Query().ToList().Count; var postComments = this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments; Assert.Equal(1, postComments.Count); Assert.Equal(commentText, comment.Text); Assert.Equal(comment.Id, postComments.First().Id); Assert.Equal(commentText, postComments.First().Text); Assert.Equal(allBeforeAdd + 1, afterAddCommentsCount); Assert.Equal(username, comment.Author); var commentEditModel = new CommentInputEditModel { Id = comment.Id, Text = newText }; var exception = await Assert.ThrowsAsync <UnauthorizedAccessException>(async() => await this.commentService.Edit(commentEditModel, fakeUsername)); Assert.Equal("You are not allowed for this operation.", exception.Message); postComments = this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments; Assert.Equal(1, postComments.Count); Assert.Equal(commentText, comment.Text); Assert.Equal(comment.Id, postComments.First().Id); Assert.Equal(commentText, postComments.First().Text); Assert.Equal(allBeforeAdd + 1, afterAddCommentsCount); Assert.Equal(username, comment.Author); }
public async Task CommentEditSuccessfully(string username, string commentText, string newText) { await this.Seed(); var post = this.postRepository.Query().ToList().Last().Id; var allBeforeAdd = this.commentRepository.Query().ToList().Count; var comment = await this.commentService.Create(new CommentInputModel { PostId = post, Text = commentText }, username); var afterAddCommentsCount = this.commentRepository.Query().ToList().Count; var postComments = this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments; Assert.Equal(1, postComments.Count); Assert.Equal(commentText, comment.Text); Assert.Equal(comment.Id, postComments.First().Id); Assert.Equal(commentText, postComments.First().Text); Assert.Equal(allBeforeAdd + 1, afterAddCommentsCount); Assert.Equal(username, comment.Author); var commentEditModel = new CommentInputEditModel { Id = comment.Id, Text = newText }; comment = await this.commentService.Edit(commentEditModel, username); var afterEditCommentsCount = this.commentRepository.Query().ToList().Count; postComments = this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments; Assert.Equal(1, postComments.Count); Assert.Equal(newText, comment.Text); Assert.Equal(comment.Id, postComments.First().Id); Assert.Equal(newText, postComments.First().Text); Assert.Equal(username, comment.Author); Assert.Equal(afterAddCommentsCount, afterEditCommentsCount); Assert.Equal(username, comment.Author); Assert.Equal(post, comment.PostId); }
public async Task CommentEditFailInvalidCommentId(string username, string commentText, string newText) { await this.Seed(); var post = this.postRepository.Query().ToList().Last().Id; var allBeforeAdd = this.commentRepository.Query().ToList().Count; var comment = await this.commentService.Create(new CommentInputModel { PostId = post, Text = commentText }, username); var afterAddCommentsCount = this.commentRepository.Query().ToList().Count(); var postComments = this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments; Assert.Equal(1, postComments.Count); Assert.Equal(commentText, comment.Text); Assert.Equal(comment.Id, postComments.First().Id); Assert.Equal(commentText, postComments.First().Text); Assert.Equal(allBeforeAdd + 1, afterAddCommentsCount); Assert.Equal(username, comment.Author); var commentEditModel = new CommentInputEditModel { Id = 42, Text = newText }; var exception = await Assert.ThrowsAsync <ArgumentException>(async() => await this.commentService.Edit(commentEditModel, username)); Assert.Equal($"Comment with id '{42}' does not exist.", exception.Message); postComments = this.postRepository.Query().Include(p => p.Comments).First(p => p.Id == post).Comments; Assert.Equal(1, postComments.Count); Assert.Equal(commentText, comment.Text); Assert.Equal(comment.Id, postComments.First().Id); Assert.Equal(commentText, postComments.First().Text); Assert.Equal(allBeforeAdd + 1, afterAddCommentsCount); Assert.Equal(username, comment.Author); }
public async Task EditCommentFailDueToInvalidParameters(string email, string password, int commentId, string body) { var token = await this.Login(email, password); this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token); var post = new CommentInputEditModel { Id = commentId, Text = body }; var json = new StringContent( JsonConvert.SerializeObject(post), Encoding.UTF8, "application/json"); var response = await this.client.PutAsync(CommentEditEndpoint + commentId, json); var content = JsonConvert.DeserializeObject <ReturnMessage>(await response.Content.ReadAsStringAsync()); Assert.Equal(StatusCodes.Status400BadRequest, content.Status); Assert.Equal(ValidationMessage, content.Title); }