//[Fact] public async System.Threading.Tasks.Task UserCantAccessAnotherUsersInvoices() { // verify (before we log in) that we are not logged in await GetCurrentUserIsUnauthorized(); // register as a new user (creates an account and contact) var loginUser1 = randomNewUserName("NewSecUser1", 6); var businessName1 = randomNewUserName(loginUser1, 6); var strId1 = await LoginAndRegisterAsNewUser(loginUser1, businessName1); // verify the current user represents our new user ViewModels.User user1 = await GetCurrentUser(); Assert.Equal(user1.name, loginUser1 + " TestUser"); Assert.Equal(user1.businessname, businessName1 + " TestBusiness"); // fetch our current account ViewModels.Account account1 = await GetAccountForCurrentUser(); ViewModels.AdoxioLegalEntity legalEntity1 = await SecurityHelper.GetLegalEntityRecordForCurrent(_client); Assert.Equal(user1.accountid, account1.id); // *** create some license applications and invoices ViewModels.AdoxioApplication application1 = await SecurityHelper.CreateLicenceApplication(_client, account1); Assert.NotNull(application1); var tmp = await SecurityHelper.GetLicenceApplication(_client, application1.id, true); Assert.NotNull(tmp); // create invoices Dictionary <string, string> values = await SecurityHelper.PayLicenceApplicationFee(_client, application1.id, false, true); Assert.NotNull(values); Assert.True(values.ContainsKey("trnApproved")); Assert.Equal("0", values["trnApproved"]); // *** // logout and verify we are logged out await Logout(); await GetCurrentUserIsUnauthorized(); // register and login as a second user var loginUser2 = randomNewUserName("NewSecUser2", 6); var businessName2 = randomNewUserName(loginUser2, 6); var strId2 = await LoginAndRegisterAsNewUser(loginUser2, businessName2); ViewModels.User user2 = await GetCurrentUser(); Assert.Equal(user2.name, loginUser2 + " TestUser"); Assert.Equal(user2.businessname, businessName2 + " TestBusiness"); ViewModels.Account account2 = await GetAccountForCurrentUser(); Assert.NotEqual(account1.id, account2.id); Assert.Equal(user2.accountid, account2.id); // *** as user 2, try to access license application invoices of account 1 tmp = await SecurityHelper.GetLicenceApplication(_client, application1.id, false); Assert.Null(tmp); // access invoices and try to pay values = await SecurityHelper.PayLicenceApplicationFee(_client, application1.id, false, false); Assert.Null(values); // *** // logout and cleanup second test user await LogoutAndCleanupTestUser(strId2); await GetCurrentUserIsUnauthorized(); // login again as the same user as above ^^^ await Login(loginUser1, businessName1); user1 = await GetCurrentUser(); Assert.Equal(user1.name, loginUser1 + " TestUser"); Assert.Equal(user1.businessname, businessName1 + " TestBusiness"); account1 = await GetAccountForCurrentUser(); // TODO can't delete once invoices are created // logout and cleanup (deletes the account and contact created above ^^^) await Logout(); await GetCurrentUserIsUnauthorized(); }
//[Fact] public async System.Threading.Tasks.Task UserCantAccessAnotherUsersApplicationAttachments() { // verify (before we log in) that we are not logged in await GetCurrentUserIsUnauthorized(); // register as a new user (creates an account and contact) var loginUser1 = randomNewUserName("NewSecUser1", 6); var businessName1 = randomNewUserName(loginUser1, 6); var strId1 = await LoginAndRegisterAsNewUser(loginUser1, businessName1); // verify the current user represents our new user ViewModels.User user1 = await GetCurrentUser(); Assert.Equal(user1.name, loginUser1 + " TestUser"); Assert.Equal(user1.businessname, businessName1 + " TestBusiness"); // fetch our current account ViewModels.Account account1 = await GetAccountForCurrentUser(); ViewModels.AdoxioLegalEntity legalEntity1 = await SecurityHelper.GetLegalEntityRecordForCurrent(_client); Assert.Equal(user1.accountid, account1.id); // *** create some license applications ViewModels.AdoxioApplication application1 = await SecurityHelper.CreateLicenceApplication(_client, account1); Assert.NotNull(application1); var tmp = await SecurityHelper.GetLicenceApplication(_client, application1.id, true); Assert.NotNull(tmp); // add an attachment to the application string file1 = await SecurityHelper.UploadFileToApplication(_client, application1.id, "TestAppFileSecurity"); List <ViewModels.FileSystemItem> file1s = await SecurityHelper.GetFileListForApplication(_client, application1.id, "TestAppFileSecurity", true); Assert.NotNull(file1s); Assert.Single(file1s); //string _data1 = await SecurityHelper.DownloadFileForApplication(_client, application1.id, file1s[0].id, true); // *** // logout and verify we are logged out await Logout(); await GetCurrentUserIsUnauthorized(); // register and login as a second user var loginUser2 = randomNewUserName("NewSecUser2", 6); var businessName2 = randomNewUserName(loginUser2, 6); var strId2 = await LoginAndRegisterAsNewUser(loginUser2, businessName2); ViewModels.User user2 = await GetCurrentUser(); Assert.Equal(user2.name, loginUser2 + " TestUser"); Assert.Equal(user2.businessname, businessName2 + " TestBusiness"); ViewModels.Account account2 = await GetAccountForCurrentUser(); Assert.NotEqual(account1.id, account2.id); Assert.Equal(user2.accountid, account2.id); // *** as user 2, try to access license applications of account 1 tmp = await SecurityHelper.GetLicenceApplication(_client, application1.id, false); Assert.Null(tmp); // test access to the application's attachment List <ViewModels.FileSystemItem> file2s = await SecurityHelper.GetFileListForApplication(_client, application1.id, "TestFileSecurity", false); Assert.Null(file2s); //string _data2 = await SecurityHelper.DownloadFileForApplication(_client, application1.id, file1s[0].id, true); // *** // logout and cleanup second test user await LogoutAndCleanupTestUser(strId2); await GetCurrentUserIsUnauthorized(); // login again as the same user as above ^^^ await Login(loginUser1, businessName1); user1 = await GetCurrentUser(); Assert.Equal(user1.name, loginUser1 + " TestUser"); Assert.Equal(user1.businessname, businessName1 + " TestBusiness"); account1 = await GetAccountForCurrentUser(); // *** delete license applications of account 1 // delete the application's attachments //await SecurityHelper.DeleteFileForApplication(_client, application1.id, file1s[0].id); await SecurityHelper.DeleteLicenceApplication(_client, application1.id); // *** // logout and cleanup (deletes the account and contact created above ^^^) await LogoutAndCleanupTestUser(strId1); await GetCurrentUserIsUnauthorized(); }