cesnimda/jobtrackingapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
jobtrackingapp/JobTrackerApi.Tests/JobApplicationsAuthorizationTests.cs
T

64 lines
2.3 KiB
C#
Raw Permalink Blame History

using JobTrackerApi.Controllers;
using JobTrackerApi.Data;
using JobTrackerApi.Models;
using JobTrackerApi.Services;
using JobTrackerApi.Tests.TestSupport;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging.Abstractions;
using Moq;
using Xunit;
namespace JobTrackerApi.Tests;
public sealed class JobApplicationsAuthorizationTests
{
[Fact]
public async Task GetHistory_returns_not_found_for_other_users_job()
{
var dbName = Guid.NewGuid().ToString();
await using var ownerDb = CreateDb(dbName, "owner-1");
var company = new Company { Name = "Acme", OwnerUserId = "owner-1" };
ownerDb.Companies.Add(company);
await ownerDb.SaveChangesAsync();
var job = new JobApplication { JobTitle = "Secret Job", CompanyId = company.Id, OwnerUserId = "owner-1" };
ownerDb.JobApplications.Add(job);
await ownerDb.SaveChangesAsync();
ownerDb.JobEvents.Add(new JobEvent { JobApplicationId = job.Id, Type = "Created", Note = "owner only" });
await ownerDb.SaveChangesAsync();
await using var attackerDb = CreateDb(dbName, "other-user");
var controller = CreateController(attackerDb);
var result = await controller.GetHistory(job.Id, CancellationToken.None);
Assert.IsType<NotFoundResult>(result.Result);
}
private static JobTrackerContext CreateDb(string dbName, string? userId)
{
var options = new DbContextOptionsBuilder<JobTrackerContext>()
.UseInMemoryDatabase(dbName)
.Options;
var currentUser = new Mock<ICurrentUserService>();
currentUser.SetupGet(service => service.UserId).Returns(userId);
return new JobTrackerContext(options, currentUser.Object);
}
private static JobApplicationsController CreateController(JobTrackerContext db)
{
var summarizer = new Mock<ISummarizerService>();
var users = TestHostFactory.CreateUserManager();
return new JobApplicationsController(db, summarizer.Object, Mock.Of<IAppEmailSender>(), users.Object, NullLogger<JobApplicationsController>.Instance)
{
ControllerContext = new ControllerContext
{
HttpContext = new DefaultHttpContext()
}
};
}
}
Reference in New Issue View Git Blame Copy Permalink