private static void CheckAuthorization(GetCommitmentRequest message, Domain.Entities.Commitment commitment) { switch (message.Caller.CallerType) { case CallerType.Provider: if (commitment.ProviderId != message.Caller.Id) { throw new UnauthorizedException($"Provider {message.Caller.Id} not authorised to access commitment {message.CommitmentId}, expected provider {commitment.ProviderId}"); } break; case CallerType.TransferSender: if (commitment.TransferSenderId != message.Caller.Id) { throw new UnauthorizedException($"Transfer Sender {message.Caller.Id} not authorised to access commitment {message.CommitmentId}, expected transfer sender {commitment.TransferSenderId}"); } break; case CallerType.Support: break; case CallerType.Employer: default: if (commitment.EmployerAccountId != message.Caller.Id) { throw new UnauthorizedException($"Employer {message.Caller.Id} not authorised to access commitment {message.CommitmentId}, expected employer {commitment.EmployerAccountId}"); } break; } }
private void AssertMappingIsCorrect(Domain.Entities.Commitment argument) { argument.Reference.Should().Be(_exampleValidRequest.Commitment.Reference); argument.EmployerAccountId.Should().Be(_exampleValidRequest.Commitment.EmployerAccountId); argument.LegalEntityId.Should().Be(_exampleValidRequest.Commitment.LegalEntityId); argument.LegalEntityAddress.Should().Be(_exampleValidRequest.Commitment.LegalEntityAddress); argument.LegalEntityOrganisationType.Should().Be(_exampleValidRequest.Commitment.LegalEntityOrganisationType); argument.ProviderId.Should().Be(_exampleValidRequest.Commitment.ProviderId); argument.CommitmentStatus.Should().Be(CommitmentStatus.New); argument.LastAction.Should().Be(LastAction.None); argument.LastUpdatedByEmployerName.Should().Be(_exampleValidRequest.Commitment.LastUpdatedByEmployerName); argument.LastUpdatedByEmployerEmail.Should().Be(_exampleValidRequest.Commitment.LastUpdatedByEmployerEmail); argument.Apprenticeships.Should().BeEmpty(); }