From 43dd6f71ecb2c741e50b7d42a7708150765ca9c5 Mon Sep 17 00:00:00 2001 From: romandykyi Date: Mon, 25 Mar 2024 20:31:10 +0100 Subject: [PATCH] Refactor `TodoListMembersService.AddMemberAsync` Now the method checks if user has a permission to add members first --- .../Services/TodoListMembersService.cs | 12 ++++++-- .../Services/TodoListMembersServiceTests.cs | 30 +++++++++++-------- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/AdvancedTodoList.Infrastructure/Services/TodoListMembersService.cs b/AdvancedTodoList.Infrastructure/Services/TodoListMembersService.cs index c1b7112..92270d5 100644 --- a/AdvancedTodoList.Infrastructure/Services/TodoListMembersService.cs +++ b/AdvancedTodoList.Infrastructure/Services/TodoListMembersService.cs @@ -3,6 +3,7 @@ using AdvancedTodoList.Core.Pagination; using AdvancedTodoList.Core.Repositories; using AdvancedTodoList.Core.Services; +using AdvancedTodoList.Core.Services.Auth; using AdvancedTodoList.Core.Specifications; using AdvancedTodoList.Infrastructure.Specifications; using Mapster; @@ -15,12 +16,14 @@ namespace AdvancedTodoList.Infrastructure.Services; public class TodoListMembersService( ITodoListDependantEntitiesService helperService, ITodoListMembersRepository membersRepository, - IRepository rolesRepository) : + IRepository rolesRepository, + IPermissionsChecker permissionsChecker) : ITodoListMembersService { private readonly ITodoListDependantEntitiesService _helperService = helperService; private readonly ITodoListMembersRepository _membersRepository = membersRepository; private readonly IRepository _rolesRepository = rolesRepository; + private readonly IPermissionsChecker _permissionsChecker = permissionsChecker; /// /// Gets a page with members of a to-do list asynchronously. @@ -50,6 +53,10 @@ public Task>> GetMembersAsync(Tod /// public async Task AddMemberAsync(TodoListContext context, TodoListMemberAddDto dto) { + // Check if user has the permission + if (!await _permissionsChecker.HasPermissionAsync(context, x => x.AddMembers)) + return new(TodoListMemberServiceResultStatus.Forbidden); + // Try to find already existing member var member = await _membersRepository.FindAsync(context.TodoListId, dto.UserId); // Return error if it exists @@ -57,13 +64,12 @@ public async Task AddMemberAsync(TodoListContext // Add member var response = await _helperService - .CreateAsync(context, dto, x => x.AddMembers); + .CreateAsync(context, dto); return response.Status switch { ServiceResponseStatus.Success => new(TodoListMemberServiceResultStatus.Success, response.Result), ServiceResponseStatus.NotFound => new(TodoListMemberServiceResultStatus.NotFound), - ServiceResponseStatus.Forbidden => new(TodoListMemberServiceResultStatus.Forbidden), _ => throw new InvalidOperationException("Invalid to-do lists dependant entities (members) service response.") }; } diff --git a/AdvancedTodoList.IntegrationTests/Services/TodoListMembersServiceTests.cs b/AdvancedTodoList.IntegrationTests/Services/TodoListMembersServiceTests.cs index 9842ae1..7daeef9 100644 --- a/AdvancedTodoList.IntegrationTests/Services/TodoListMembersServiceTests.cs +++ b/AdvancedTodoList.IntegrationTests/Services/TodoListMembersServiceTests.cs @@ -65,9 +65,12 @@ public async Task AddMemberAsync_MemberDoesNotExist_IndicatesSuccess() WebApplicationFactory.TodoListMembersRepository .FindAsync(todoListId, userId) .ReturnsNull(); + WebApplicationFactory.PermissionsChecker + .HasPermissionAsync(TestContext, Arg.Any>()) + .Returns(true); WebApplicationFactory.TodoMembersHelperService .CreateAsync( - TestContext, inputDto, Arg.Any>()) + TestContext, inputDto, null) .Returns(new ServiceResponse( ServiceResponseStatus.Success, outputDto)); @@ -86,7 +89,10 @@ public async Task AddMemberAsync_MemberDoesNotExist_IndicatesSuccess() await WebApplicationFactory.TodoMembersHelperService .Received() .CreateAsync( - TestContext, inputDto, Arg.Is>(x => x(addMembers))); + TestContext, inputDto, null); + await WebApplicationFactory.PermissionsChecker + .Received() + .HasPermissionAsync(TestContext, Arg.Is>(x => x(addMembers))); } [Test] @@ -102,6 +108,9 @@ public async Task AddMemberAsync_MemberExists_ReturnsUserAlreadyAddedStatus() TodoListId = TestContext.TodoListId, UserId = userId }); + WebApplicationFactory.PermissionsChecker + .HasPermissionAsync(TestContext, Arg.Any>()) + .Returns(true); // Act var result = await _service.AddMemberAsync(TestContext, inputDto); @@ -117,12 +126,14 @@ public async Task AddMemberAsync_TodoListDoesNotExist_ReturnsNotFoundStatus() string todoListId = "Id"; string userId = "UserId"; TodoListMemberAddDto inputDto = new(userId); + WebApplicationFactory.PermissionsChecker + .HasPermissionAsync(TestContext, Arg.Any>()) + .Returns(true); WebApplicationFactory.TodoListMembersRepository .FindAsync(todoListId, userId) .ReturnsNull(); WebApplicationFactory.TodoMembersHelperService - .CreateAsync(TestContext, inputDto, - Arg.Any>()) + .CreateAsync(TestContext, inputDto, null) .Returns(new ServiceResponse(ServiceResponseStatus.NotFound)); // Act @@ -136,16 +147,11 @@ public async Task AddMemberAsync_TodoListDoesNotExist_ReturnsNotFoundStatus() public async Task AddMemberAsync_UserHasNoPermission_ReturnsForbiddenStatus() { // Arrange - string todoListId = "Id"; string userId = "UserId"; TodoListMemberAddDto inputDto = new(userId); - WebApplicationFactory.TodoListMembersRepository - .FindAsync(todoListId, userId) - .ReturnsNull(); - WebApplicationFactory.TodoMembersHelperService - .CreateAsync(TestContext, inputDto, - Arg.Any>()) - .Returns(new ServiceResponse(ServiceResponseStatus.Forbidden)); + WebApplicationFactory.PermissionsChecker + .HasPermissionAsync(TestContext, Arg.Any>()) + .Returns(false); // Act var result = await _service.AddMemberAsync(TestContext, inputDto);