public Setup()
{
RegularUserId = HttpHostFixture.GetUserId("paul");
ManagerUserId = HttpHostFixture.GetUserId("manager");
AdminUserId = HttpHostFixture.GetUserId("admin");
AuthorizationToken = HttpHostFixture.GetTokenFor("manager", "manager123$");
}
public void User_is_forbidden_to_access_meals_of_others()
{
var userId = HttpHostFixture.GetUserId("paul");
var token = HttpHostFixture.GetTokenFor("saul", "saul123$");
var request = new HttpRequestMessage(HttpMethod.Get, new Uri(HttpHostFixture.UrlBase + $"/users/{userId}/meals"));
HttpHostFixture.AppendAuthentication(request, token);
var result = HttpHostFixture.HttpClient.SendAsync(request).Result;
Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
}
public void Administrator_can_access_meals_of_every_user()
{
var userId = HttpHostFixture.GetUserId("saul");
var token = HttpHostFixture.GetTokenFor("admin", "admin123$");
var request = new HttpRequestMessage(HttpMethod.Get, new Uri(HttpHostFixture.UrlBase + $"/users/{userId}/meals"));
HttpHostFixture.AppendAuthentication(request, token);
var result = HttpHostFixture.HttpClient.SendAsync(request).Result;
Assert.Equal(HttpStatusCode.OK, result.StatusCode);
}
public static long GetUserId(string userName)
{
var token = HttpHostFixture.GetTokenFor("admin", "admin123$");
var requestUri = QueryHelpers.AddQueryString(new Uri(HttpHostFixture.UrlBase + "/users").ToString(), new Dictionary <string, string>()
{
});
var request = new HttpRequestMessage(HttpMethod.Get, requestUri);
HttpHostFixture.AppendAuthentication(request, token);
var result = HttpClient.SendAsync(request).Result;
var json = result.Content.ReadAsStringAsync().Result;
var userList = JsonConvert.DeserializeObject <List <UserDetailsDto> >(json);
return(userList.First(u => u.Name == userName).Id);
}
public Setup()
{
RegularUserId = HttpHostFixture.GetUserId("paul");
AuthorizationToken = HttpHostFixture.GetTokenFor("admin", "admin123$");
}