Skip to content

Commit

Permalink
feat(check): add OPERATOR and confirmed status check (#1075)
Browse files Browse the repository at this point in the history
* Additional checks for OPERATOR and confirmed status added for endpoint `GET: /api/registration/documents/{documentId}`
----------
Refs: #1070
Reviewed-By: Phil Schneider <[email protected]>
  • Loading branch information
AnuragNagpure authored Oct 16, 2024
1 parent c9a1f2f commit 0067372
Show file tree
Hide file tree
Showing 5 changed files with 80 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -82,10 +82,10 @@ public Document CreateDocument(string documentName, byte[] documentContent, byte
.SingleOrDefaultAsync();

/// <inheritdoc />
public Task<(Guid DocumentId, bool IsSameUser)> GetDocumentIdWithCompanyUserCheckAsync(Guid documentId, Guid companyUserId) =>
public Task<(Guid DocumentId, bool IsSameUser, bool IsRoleOperator, bool IsStatusConfirmed)> GetDocumentIdWithCompanyUserCheckAsync(Guid documentId, Guid companyUserId) =>
dbContext.Documents
.Where(x => x.Id == documentId)
.Select(x => new ValueTuple<Guid, bool>(x.Id, x.CompanyUserId == companyUserId))
.Select(x => new ValueTuple<Guid, bool, bool, bool>(x.Id, x.CompanyUserId == companyUserId, x.CompanyUser!.Identity!.Company!.CompanyAssignedRoles.Any(x => x.CompanyRoleId == CompanyRoleId.OPERATOR), x.CompanyUser.Identity.Company.CompanyApplications.Any(x => x.ApplicationStatusId == CompanyApplicationStatusId.CONFIRMED)))
.SingleOrDefaultAsync();

/// <inheritdoc />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ public interface IDocumentRepository
/// <param name="documentId">id of the document the user id should be selected for</param>
/// <param name="companyUserId"></param>
/// <returns>Returns the user id if a document is found for the given id, otherwise null</returns>
Task<(Guid DocumentId, bool IsSameUser)> GetDocumentIdWithCompanyUserCheckAsync(Guid documentId, Guid companyUserId);
Task<(Guid DocumentId, bool IsSameUser, bool IsRoleOperator, bool IsStatusConfirmed)> GetDocumentIdWithCompanyUserCheckAsync(Guid documentId, Guid companyUserId);

/// <summary>
/// Get the document data and checks if the user
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -168,11 +168,16 @@ public async Task UploadDocumentAsync(Guid applicationId, IFormFile document, Do
throw new NotFoundException($"document {documentId} does not exist.");
}

if (!documentDetails.IsSameUser)
if (!documentDetails.IsSameUser && !documentDetails.IsRoleOperator)
{
throw new ForbiddenException($"The user is not permitted to access document {documentId}.");
}

if (documentDetails.IsStatusConfirmed)
{
throw new ForbiddenException($"Documents not accessible as onboarding process finished {documentId}.");
}

var document = await documentRepository.GetDocumentByIdAsync(documentId).ConfigureAwait(ConfigureAwaitOptions.None);
if (document is null)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,57 @@ public async Task GetDocumentDataAndIsCompanyUserAsync_WithNotExistingDocument_R

#endregion

#region GetDocumentIdWithCompanyUserCheckAsync

[Fact]
public async Task GetDocumentIdWithCompanyUserCheckAsync_With_ReturnsExpected()
{
// Arrange
var (sut, _) = await CreateSut();

// Act
var result = await sut.GetDocumentIdWithCompanyUserCheckAsync(new Guid("00000000-0000-0000-0000-000000000001"), new("ac1cf001-7fbc-1f2f-817f-bce058020006"));

// Assert
result.Should().NotBe(default);
result.IsSameUser.Should().BeTrue();
result.IsRoleOperator.Should().BeTrue();
result.IsStatusConfirmed.Should().BeFalse();
}

[Fact]
public async Task GetDocumentIdWithCompanyUserCheckAsync_WithWrongUserData_ReturnsIsRoleOperatorFalse()
{
// Arrange
var (sut, _) = await CreateSut();

// Act
var result = await sut.GetDocumentIdWithCompanyUserCheckAsync(new Guid("5adbdf90-c6ef-47a5-b596-2f00a731c39a"), new("ac1cf001-7fbc-1f2f-817f-bce058019992"));

// Assert
result.Should().NotBe(default);
result.IsSameUser.Should().BeTrue();
result.IsRoleOperator.Should().BeFalse();
}

[Fact]
public async Task GetDocumentIdWithCompanyUserCheckAsync_WithCompanyApplicationIsStatusConfirmed()
{
// Arrange
var (sut, _) = await CreateSut();

// Act
var result = await sut.GetDocumentIdWithCompanyUserCheckAsync(new Guid("ec12dc7e-a8fa-4aa5-945a-f7e64be30841"), new("8b42e6de-7b59-4217-a63c-198e83d93776"));

// Assert
result.Should().NotBe(default);
result.IsSameUser.Should().BeTrue();
result.IsStatusConfirmed.Should().BeTrue();

}

#endregion

#region GetDocumentDataAndIsCompanyUserAsync_ReturnsExpectedDocuments

[Fact]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2870,7 +2870,7 @@ public async Task GetDocumentAsync_WithValidData_ReturnsExpected()
var documentId = Guid.NewGuid();
var content = new byte[7];
A.CallTo(() => _documentRepository.GetDocumentIdWithCompanyUserCheckAsync(documentId, _identity.IdentityId))
.Returns((documentId, true));
.Returns((documentId, true, true, false));
A.CallTo(() => _documentRepository.GetDocumentByIdAsync(documentId))
.Returns(new Document(documentId, content, content, "test.pdf", MediaTypeId.PDF, DateTimeOffset.UtcNow, DocumentStatusId.LOCKED, DocumentTypeId.APP_CONTRACT));
var sut = new RegistrationBusinessLogic(Options.Create(new RegistrationSettings()), null!, null!, null!, _portalRepositories, null!, _identityService, _dateTimeProvider, _mailingProcessCreation);
Expand All @@ -2890,7 +2890,7 @@ public async Task GetDocumentAsync_WithoutDocument_ThrowsNotFoundException()
// Arrange
var documentId = Guid.NewGuid();
A.CallTo(() => _documentRepository.GetDocumentIdWithCompanyUserCheckAsync(documentId, _identity.IdentityId))
.Returns((Guid.Empty, false));
.Returns((Guid.Empty, false, false, false));
var sut = new RegistrationBusinessLogic(Options.Create(new RegistrationSettings()), null!, null!, null!, _portalRepositories, null!, _identityService, _dateTimeProvider, _mailingProcessCreation);

// Act
Expand All @@ -2907,7 +2907,7 @@ public async Task GetDocumentAsync_WithWrongUser_ThrowsForbiddenException()
// Arrange
var documentId = Guid.NewGuid();
A.CallTo(() => _documentRepository.GetDocumentIdWithCompanyUserCheckAsync(documentId, _identity.IdentityId))
.Returns((documentId, false));
.Returns((documentId, false, false, false));
var sut = new RegistrationBusinessLogic(Options.Create(new RegistrationSettings()), null!, null!, null!, _portalRepositories, null!, _identityService, _dateTimeProvider, _mailingProcessCreation);

// Act
Expand All @@ -2918,6 +2918,23 @@ public async Task GetDocumentAsync_WithWrongUser_ThrowsForbiddenException()
ex.Message.Should().Be($"The user is not permitted to access document {documentId}.");
}

[Fact]
public async Task GetDocumentAsync_WithConfirmedApplicationStatus_ThrowsForbiddenException()
{
// Arrange
var documentId = Guid.NewGuid();
A.CallTo(() => _documentRepository.GetDocumentIdWithCompanyUserCheckAsync(documentId, _identity.IdentityId))
.Returns((documentId, true, true, true));
var sut = new RegistrationBusinessLogic(Options.Create(new RegistrationSettings()), null!, null!, null!, _portalRepositories, null!, _identityService, _dateTimeProvider, _mailingProcessCreation);

// Act
Task Act() => sut.GetDocumentContentAsync(documentId);

// Assert
var ex = await Assert.ThrowsAsync<ForbiddenException>(Act);
ex.Message.Should().Be($"Documents not accessible as onboarding process finished {documentId}.");
}

#endregion

#region SetInvitationStatus
Expand Down

0 comments on commit 0067372

Please sign in to comment.