public async Task EditFailInvalidAuthor(string email, string username, string title, string description, string newTitle, string newDescription)
{
await this.Seed();
await this.userRepository.AddAsync(new User { UserName = "******", Email = "*****@*****.**" });
await this.userRepository.SaveChangesAsync();
var categoryId = this.categoryRepository.Query().ToList().Last().Id;
var postModel = new PostInputEditModel
{
Id = 1,
CategoryId = categoryId,
Title = title,
Body = description
};
await this.postService.Create(postModel, "*****@*****.**");
postModel.CategoryId = categoryId;
postModel.Title = newTitle;
postModel.Body = newDescription;
var exception = await Assert.ThrowsAsync <UnauthorizedAccessException>(async() => await this.postService.Edit(postModel, email));
Assert.Equal("You are not allowed for this operation.", exception.Message);
}
public async Task EditPostFailDueToInvalidParameters(string email, string password, int postId, int categoryId, string title, string body)
{
var token = await this.Login(email, password);
this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);
var post = new PostInputEditModel
{
Id = postId,
CategoryId = categoryId,
Title = title,
Body = body
};
var json = new StringContent(
JsonConvert.SerializeObject(post),
Encoding.UTF8,
"application/json");
var response = await this.client.PutAsync(PostEditEndpoint + postId, json);
var content = JsonConvert.DeserializeObject <ReturnMessage>(await response.Content.ReadAsStringAsync());
Assert.Equal(StatusCodes.Status400BadRequest, content.Status);
Assert.Equal(ValidationMessage, content.Title);
}
public async Task EditPostFailInvalidAuthor(string email, string password, string username, int postId, int categoryId, string title, string body)
{
await this.Register(email, password, username);
var token = await this.Login(email, password);
this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);
var post = new PostInputEditModel
{
Id = postId,
CategoryId = categoryId,
Title = title,
Body = body
};
var json = new StringContent(
JsonConvert.SerializeObject(post),
Encoding.UTF8,
"application/json");
var response = await this.client.PutAsync(PostEditEndpoint + postId, json);
var content = JsonConvert.DeserializeObject <ReturnMessage>(await response.Content.ReadAsStringAsync());
Assert.Equal(StatusCodes.Status401Unauthorized, content.Status);
Assert.Equal("You are not allowed for this operation.", content.Message);
}
public async Task EditPostSuccessfully(string email, string password, int postId, int categoryId, string title, string body)
{
var token = await this.Login(email, password);
this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);
var post = new PostInputEditModel
{
Id = postId,
CategoryId = categoryId,
Title = title,
Body = body
};
var json = new StringContent(
JsonConvert.SerializeObject(post),
Encoding.UTF8,
"application/json");
var response = await this.client.PutAsync(PostEditEndpoint + postId, json);
response.EnsureSuccessStatusCode();
var content = JsonConvert.DeserializeObject <CreateEditReturnMessage <PostViewModel> >(await response.Content.ReadAsStringAsync());
Assert.Equal(StatusCodes.Status200OK, content.Status);
Assert.Equal("Post edited successfully", content.Message);
}
public async Task <object> Edit(int id, [FromBody] PostInputEditModel model)
{
if (id != model.Id)
{
return(this.BadRequest(new ReturnMessage {
Message = "Invalid ids"
}));
}
try
{
var post = await this.postService.Edit(model, this.User.FindFirst(ClaimTypes.Email).Value);
return(this.Ok(new CreateEditReturnMessage <PostViewModel>
{
Message = "Post edited successfully", Data = post
}));
}
catch (UnauthorizedAccessException e)
{
return(this.Unauthorized(new ReturnMessage {
Message = e.Message
}));
}
catch (Exception e)
{
return(this.BadRequest(new ReturnMessage {
Message = e.Message
}));
}
}
public async Task <PostViewModel> Edit(PostInputEditModel model, string email)
{
if (this.IsValidId(model.Id))
{
throw new ArgumentException($"Post with id '{model.Id}' does not exist");
}
if (this.IsValidCategory(model.CategoryId))
{
throw new ArgumentException("The category provided for the edit of this post is not valid!");
}
var user = this.userRepository.Query().FirstOrDefault(u => u.Email == email);
var postDb = this.postRepository
.Query()
.Include(p => p.Author)
.AsNoTracking()
.FirstOrDefault(p => p.Id == model.Id);
var isCallerAdmin = await this.UserManager.IsInRoleAsync(user, "Admin");
if (postDb?.Author.Email != user?.Email && !isCallerAdmin)
{
throw new UnauthorizedAccessException("You are not allowed for this operation.");
}
var post = this.Mapper.Map <Post>(model);
post.CreationDate = DateTime.UtcNow;
post.AuthorId = postDb?.AuthorId;
this.postRepository.Update(post);
await this.postRepository.SaveChangesAsync();
post = this.postRepository.Query().Include(p => p.Comments).Include(p => p.Category).FirstOrDefault(p => p.Id == post.Id);
return(this.Mapper.Map <PostViewModel>(post));
}
public async Task EditSuccessfully(string email, string username, string title, string description, string newTitle, string newDescription)
{
await this.Seed();
var userId = this.userRepository.Query().AsNoTracking().Last().Id;
var categoryId = this.categoryRepository.Query().ToList().Last().Id;
var postToBeAdded = new Post
{
CategoryId = categoryId,
Title = title,
Body = description,
AuthorId = userId,
CreationDate = DateTime.UtcNow
};
await this.postRepository.AddAsync(postToBeAdded);
await this.postRepository.SaveChangesAsync();
this.context.Entry(postToBeAdded).State = EntityState.Detached;
var postModel = this.postRepository.Query().AsNoTracking().Last();
var postToEdit = new PostInputEditModel()
{
Id = postModel.Id,
Body = newDescription,
Title = newTitle,
CategoryId = postModel.CategoryId
};
var edittedPost = await this.postService.Edit(postToEdit, email);
var post = this.postService.GetPostById(edittedPost.Id);
Assert.Equal(newTitle, post.Title);
Assert.Equal(newDescription, post.Body);
Assert.Equal(username, post.Author);
}
public async Task EditFailInvalidCategoryId(string email, string username, string title, string description, string newTitle, string newDescription)
{
await this.Seed();
var categoryId = this.categoryRepository.Query().ToList().Last().Id;
var postModel = new PostInputEditModel
{
Id = 1,
CategoryId = categoryId,
Title = title,
Body = description
};
await this.postService.Create(postModel, email);
postModel.CategoryId = 42;
postModel.Title = newTitle;
postModel.Body = newDescription;
var exception = await Assert.ThrowsAsync <ArgumentException>(async() => await this.postService.Edit(postModel, email));
Assert.Equal("The category provided for the edit of this post is not valid!", exception.Message);
}
public async Task PostDeleteFailDueToUnauthorized(string title, string description, string invalidUser,
string invalidEmail, string actualEmail)
{
await this.Seed();
await this.userRepository.AddAsync(new User { UserName = invalidUser, Email = invalidEmail });
await this.userRepository.SaveChangesAsync();
var categoryId = this.categoryRepository.Query().ToList().Last().Id;
var postModel = new PostInputEditModel
{
Id = 1,
CategoryId = categoryId,
Title = title,
Body = description
};
var post = await this.postService.Create(postModel, "*****@*****.**");
var exception = await Assert.ThrowsAsync <UnauthorizedAccessException>(async() => await this.postService.Delete(post.Id, actualEmail));
Assert.Equal("You are not allowed for this operation.", exception.Message);
}
public async Task ShouldDeleteSuccessfully(string title, string description, string email)
{
await this.Seed();
var categoryId = this.categoryRepository.Query().ToList().Last().Id;
var postModel = new PostInputEditModel
{
Id = 1,
CategoryId = categoryId,
Title = title,
Body = description
};
var post = await this.postService.Create(postModel, email);
var all = this.postService.All();
var deleted = await this.postService.Delete(post.Id, email);
var afterDeleted = this.postService.All();
Assert.Equal(all.Count, afterDeleted.Count + 1);
Assert.Equal(deleted, title);
}
