public async Task EditFailInvalidAuthor(string email, string username, string title, string description, string newTitle, string newDescription) { await this.Seed(); await this.userRepository.AddAsync(new User { UserName = "******", Email = "*****@*****.**" }); await this.userRepository.SaveChangesAsync(); var categoryId = this.categoryRepository.Query().ToList().Last().Id; var postModel = new PostInputEditModel { Id = 1, CategoryId = categoryId, Title = title, Body = description }; await this.postService.Create(postModel, "*****@*****.**"); postModel.CategoryId = categoryId; postModel.Title = newTitle; postModel.Body = newDescription; var exception = await Assert.ThrowsAsync <UnauthorizedAccessException>(async() => await this.postService.Edit(postModel, email)); Assert.Equal("You are not allowed for this operation.", exception.Message); }
public async Task EditPostFailDueToInvalidParameters(string email, string password, int postId, int categoryId, string title, string body) { var token = await this.Login(email, password); this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token); var post = new PostInputEditModel { Id = postId, CategoryId = categoryId, Title = title, Body = body }; var json = new StringContent( JsonConvert.SerializeObject(post), Encoding.UTF8, "application/json"); var response = await this.client.PutAsync(PostEditEndpoint + postId, json); var content = JsonConvert.DeserializeObject <ReturnMessage>(await response.Content.ReadAsStringAsync()); Assert.Equal(StatusCodes.Status400BadRequest, content.Status); Assert.Equal(ValidationMessage, content.Title); }
public async Task EditPostFailInvalidAuthor(string email, string password, string username, int postId, int categoryId, string title, string body) { await this.Register(email, password, username); var token = await this.Login(email, password); this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token); var post = new PostInputEditModel { Id = postId, CategoryId = categoryId, Title = title, Body = body }; var json = new StringContent( JsonConvert.SerializeObject(post), Encoding.UTF8, "application/json"); var response = await this.client.PutAsync(PostEditEndpoint + postId, json); var content = JsonConvert.DeserializeObject <ReturnMessage>(await response.Content.ReadAsStringAsync()); Assert.Equal(StatusCodes.Status401Unauthorized, content.Status); Assert.Equal("You are not allowed for this operation.", content.Message); }
public async Task EditPostSuccessfully(string email, string password, int postId, int categoryId, string title, string body) { var token = await this.Login(email, password); this.client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token); var post = new PostInputEditModel { Id = postId, CategoryId = categoryId, Title = title, Body = body }; var json = new StringContent( JsonConvert.SerializeObject(post), Encoding.UTF8, "application/json"); var response = await this.client.PutAsync(PostEditEndpoint + postId, json); response.EnsureSuccessStatusCode(); var content = JsonConvert.DeserializeObject <CreateEditReturnMessage <PostViewModel> >(await response.Content.ReadAsStringAsync()); Assert.Equal(StatusCodes.Status200OK, content.Status); Assert.Equal("Post edited successfully", content.Message); }
public async Task <object> Edit(int id, [FromBody] PostInputEditModel model) { if (id != model.Id) { return(this.BadRequest(new ReturnMessage { Message = "Invalid ids" })); } try { var post = await this.postService.Edit(model, this.User.FindFirst(ClaimTypes.Email).Value); return(this.Ok(new CreateEditReturnMessage <PostViewModel> { Message = "Post edited successfully", Data = post })); } catch (UnauthorizedAccessException e) { return(this.Unauthorized(new ReturnMessage { Message = e.Message })); } catch (Exception e) { return(this.BadRequest(new ReturnMessage { Message = e.Message })); } }
public async Task <PostViewModel> Edit(PostInputEditModel model, string email) { if (this.IsValidId(model.Id)) { throw new ArgumentException($"Post with id '{model.Id}' does not exist"); } if (this.IsValidCategory(model.CategoryId)) { throw new ArgumentException("The category provided for the edit of this post is not valid!"); } var user = this.userRepository.Query().FirstOrDefault(u => u.Email == email); var postDb = this.postRepository .Query() .Include(p => p.Author) .AsNoTracking() .FirstOrDefault(p => p.Id == model.Id); var isCallerAdmin = await this.UserManager.IsInRoleAsync(user, "Admin"); if (postDb?.Author.Email != user?.Email && !isCallerAdmin) { throw new UnauthorizedAccessException("You are not allowed for this operation."); } var post = this.Mapper.Map <Post>(model); post.CreationDate = DateTime.UtcNow; post.AuthorId = postDb?.AuthorId; this.postRepository.Update(post); await this.postRepository.SaveChangesAsync(); post = this.postRepository.Query().Include(p => p.Comments).Include(p => p.Category).FirstOrDefault(p => p.Id == post.Id); return(this.Mapper.Map <PostViewModel>(post)); }
public async Task EditSuccessfully(string email, string username, string title, string description, string newTitle, string newDescription) { await this.Seed(); var userId = this.userRepository.Query().AsNoTracking().Last().Id; var categoryId = this.categoryRepository.Query().ToList().Last().Id; var postToBeAdded = new Post { CategoryId = categoryId, Title = title, Body = description, AuthorId = userId, CreationDate = DateTime.UtcNow }; await this.postRepository.AddAsync(postToBeAdded); await this.postRepository.SaveChangesAsync(); this.context.Entry(postToBeAdded).State = EntityState.Detached; var postModel = this.postRepository.Query().AsNoTracking().Last(); var postToEdit = new PostInputEditModel() { Id = postModel.Id, Body = newDescription, Title = newTitle, CategoryId = postModel.CategoryId }; var edittedPost = await this.postService.Edit(postToEdit, email); var post = this.postService.GetPostById(edittedPost.Id); Assert.Equal(newTitle, post.Title); Assert.Equal(newDescription, post.Body); Assert.Equal(username, post.Author); }
public async Task EditFailInvalidCategoryId(string email, string username, string title, string description, string newTitle, string newDescription) { await this.Seed(); var categoryId = this.categoryRepository.Query().ToList().Last().Id; var postModel = new PostInputEditModel { Id = 1, CategoryId = categoryId, Title = title, Body = description }; await this.postService.Create(postModel, email); postModel.CategoryId = 42; postModel.Title = newTitle; postModel.Body = newDescription; var exception = await Assert.ThrowsAsync <ArgumentException>(async() => await this.postService.Edit(postModel, email)); Assert.Equal("The category provided for the edit of this post is not valid!", exception.Message); }
public async Task PostDeleteFailDueToUnauthorized(string title, string description, string invalidUser, string invalidEmail, string actualEmail) { await this.Seed(); await this.userRepository.AddAsync(new User { UserName = invalidUser, Email = invalidEmail }); await this.userRepository.SaveChangesAsync(); var categoryId = this.categoryRepository.Query().ToList().Last().Id; var postModel = new PostInputEditModel { Id = 1, CategoryId = categoryId, Title = title, Body = description }; var post = await this.postService.Create(postModel, "*****@*****.**"); var exception = await Assert.ThrowsAsync <UnauthorizedAccessException>(async() => await this.postService.Delete(post.Id, actualEmail)); Assert.Equal("You are not allowed for this operation.", exception.Message); }
public async Task ShouldDeleteSuccessfully(string title, string description, string email) { await this.Seed(); var categoryId = this.categoryRepository.Query().ToList().Last().Id; var postModel = new PostInputEditModel { Id = 1, CategoryId = categoryId, Title = title, Body = description }; var post = await this.postService.Create(postModel, email); var all = this.postService.All(); var deleted = await this.postService.Delete(post.Id, email); var afterDeleted = this.postService.All(); Assert.Equal(all.Count, afterDeleted.Count + 1); Assert.Equal(deleted, title); }