public async Task <int> HandleAsync(UpdateOrganisationUserStatus query) { var organisationUser = await dataAccess.GetOrganisationUser(query.OrganisationUserId); if (organisationUser == null) { throw new Exception(string.Format("No organisation user was found with ID \"{0}\".", query.OrganisationUserId)); } authorization.EnsureInternalOrOrganisationAccess(organisationUser.OrganisationId); if (userContext != null && userContext.UserId.ToString() == organisationUser.UserId) { throw new InvalidOperationException(string.Format("Error for user with Id '{0}': Users cannot change their own status", userContext.UserId)); } return(await dataAccess.ChangeOrganisationUserStatus(organisationUser, query.UserStatus)); }
public async Task OrganisationUserExists_AndIsNotCurrentUser_ShouldVerifyAuthorization_BeforeChangingOrgansiationUserStatus(UserStatus userStatus) { var userId = Guid.NewGuid(); var organisationId = Guid.NewGuid(); var organisationUserId = Guid.NewGuid(); var organisationUser = OrganisationUser(userStatus, organisationId, Guid.NewGuid()); A.CallTo(() => userContext.UserId) .Returns(userId); A.CallTo(() => dataAccess.GetOrganisationUser(organisationUserId)) .Returns(organisationUser); await UpdateOrganisationUserStatusHandler() .HandleAsync(new UpdateOrganisationUserStatus(organisationUserId, userStatus)); A.CallTo(() => weeeAuthorization.EnsureInternalOrOrganisationAccess(A <Guid> ._)) .MustHaveHappened(Repeated.Exactly.Once) .Then( A.CallTo(() => dataAccess.ChangeOrganisationUserStatus(organisationUser, userStatus)) .MustHaveHappened(Repeated.Exactly.Once)); }