behdad088
diff --git a/‎src/BuildingBlocks/BuildingBlocks/BuildingBlocks.csproj‎
Lines changed: 1 addition & 0 deletions b/‎src/BuildingBlocks/BuildingBlocks/BuildingBlocks.csproj‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/BuildingBlocks/BuildingBlocks/Exceptions/Handler/ExceptionHandlerMiddleware.cs‎
Lines changed: 16 additions & 2 deletions b/‎src/BuildingBlocks/BuildingBlocks/Exceptions/Handler/ExceptionHandlerMiddleware.cs‎
Lines changed: 16 additions & 2 deletions
diff --git a/‎src/Directory.Packages.props‎
Lines changed: 1 addition & 1 deletion b/‎src/Directory.Packages.props‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Services/Identity/Identity.API/Config.cs‎
Lines changed: 12 additions & 2 deletions b/‎src/Services/Identity/Identity.API/Config.cs‎
Lines changed: 12 additions & 2 deletions
diff --git a/‎src/Services/Order.Query/Order.Query.API.IntegrationTests/ApiFactory.cs‎
Lines changed: 67 additions & 2 deletions b/‎src/Services/Order.Query/Order.Query.API.IntegrationTests/ApiFactory.cs‎
Lines changed: 67 additions & 2 deletions
diff --git a/‎src/Services/Order.Query/Order.Query.API.IntegrationTests/Features/GetOrderById/GetOrderByIdTests.cs‎
Lines changed: 106 additions & 3 deletions b/‎src/Services/Order.Query/Order.Query.API.IntegrationTests/Features/GetOrderById/GetOrderByIdTests.cs‎
Lines changed: 106 additions & 3 deletions
diff --git a/‎src/Services/Order.Query/Order.Query.API.IntegrationTests/Given/DbGiven/DbGiven.cs‎
Lines changed: 17 additions & 0 deletions b/‎src/Services/Order.Query/Order.Query.API.IntegrationTests/Given/DbGiven/DbGiven.cs‎
Lines changed: 17 additions & 0 deletions
@@ -9,6 +9,7 @@
     <ItemGroup>
         <PackageReference Include="AspNetCore.HealthChecks.NpgSql"/>
         <PackageReference Include="AspNetCore.HealthChecks.UI.Client"/>
+        <PackageReference Include="FastEndpoints" />
         <PackageReference Include="FluentValidation"/>
         <PackageReference Include="FluentValidation.AspNetCore"/>
         <PackageReference Include="FluentValidation.DependencyInjectionExtensions"/>
 
@@ -1,9 +1,10 @@
-using FluentValidation;
+using FastEndpoints;
+using FluentValidation;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Diagnostics;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Mvc;
 using Serilog;
+using ProblemDetails = Microsoft.AspNetCore.Mvc.ProblemDetails;
 
 namespace BuildingBlocks.Exceptions.Handler;
 
@@ -55,6 +56,19 @@ IExceptionHandlerFeature exHandlerFeature
                 Title = error.GetType().Name,
                 Status = StatusCodes.Status500InternalServerError
             },
+            ValidationFailureException exception => new ProblemDetails
+            {
+                Detail = exception.Message,
+                Title = exception.GetType().Name,
+                Status = StatusCodes.Status400BadRequest,
+                Extensions = new Dictionary<string, object?>
+                {
+                    {
+                        "ValidationErrors", exception?.Failures?.Select(x =>
+                            new InvalidPropertyResponse(x.PropertyName, x.ErrorMessage)).ToArray() ?? []
+                    }
+                }
+            },
             ValidationException exception => new ProblemDetails()
             {
                 Detail = exception.Message,
 
@@ -42,7 +42,7 @@
     </PackageVersion>
     <PackageVersion Include="AspNetCore.HealthChecks.NpgSql" Version="8.0.0" />
     <PackageVersion Include="AspNetCore.HealthChecks.UI.Client" Version="8.0.0" />
-    <PackageVersion Include="FluentValidation" Version="11.9.0" />
+    <PackageVersion Include="FluentValidation" Version="12.0.0" />
     <PackageVersion Include="FluentValidation.AspNetCore" Version="11.3.0" />
     <PackageVersion Include="FluentValidation.DependencyInjectionExtensions" Version="11.9.0" />
     <PackageVersion Include="Serilog" Version="3.1.1" />
 
@@ -26,6 +26,11 @@ private static class Policies
         public const string OrdersCommandCanGetOrdersListsByOrderName = "orders_command:order:all-by-order-name";
         public const string OrdersCommandCanUpdateOrder = "orders_command:order:update";
 
+        // Define policies for orders query operations
+        public const string OrdersQueryCanGetOrder = "orders_query:order:get";
+        public const string OrdersQueryCanGetAllOrders = "orders_query:order:all";
+        public const string OrdersQueryCanGetOrdersListsByCustomerId = "orders_query:order:all-by-customer-id";
+        public const string OrdersQueryCanGetOrdersListsByOrderName = "orders_query:order:all-by-order-name";
     }
     public static class RolePolicyDefinitions
     {
@@ -41,11 +46,16 @@ public static class RolePolicyDefinitions
 
             { Policies.OrdersCommandCanCreateOrder, [ Roles.Customer] },
             { Policies.OrdersCommandCanDeleteOrder, [Roles.Admin] },
-            { Policies.OrdersCommandCanGetOrder, [Roles.Admin] },
+            { Policies.OrdersCommandCanGetOrder, [Roles.Admin, Roles.Customer] },
             { Policies.OrdersCommandCanGetAllOrders, [Roles.Admin] },
             { Policies.OrdersCommandCanGetOrdersListsByCustomerId, [Roles.Admin, Roles.Customer] },
             { Policies.OrdersCommandCanGetOrdersListsByOrderName, [Roles.Admin] },
-            { Policies.OrdersCommandCanUpdateOrder, [Roles.Admin, Roles.Customer] }
+            { Policies.OrdersCommandCanUpdateOrder, [Roles.Admin, Roles.Customer] },
+            
+            { Policies.OrdersQueryCanGetOrder, [Roles.Admin, Roles.Customer] },
+            { Policies.OrdersQueryCanGetAllOrders, [Roles.Admin] },
+            { Policies.OrdersQueryCanGetOrdersListsByCustomerId, [Roles.Admin, Roles.Customer] },
+            { Policies.OrdersQueryCanGetOrdersListsByOrderName, [Roles.Admin] },
         };
     }
 
 
@@ -1,7 +1,13 @@
+using Marten;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Mvc.Testing;
 using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
 using Order.Query.Api;
+using Order.Query.API.IntegrationTests.Given.DbGiven;
+using Order.Query.Events;
+using Order.Query.Features.OrderView;
+using WebMotions.Fake.Authentication.JwtBearer;
 
 namespace Order.Query.API.IntegrationTests;
 
@@ -11,16 +17,75 @@ public class TestCollection : ICollectionFixture<ApiFactory>
     public const string Name = "TestCollection";
 }
 
-public class ApiFactory : WebApplicationFactory<Program>
+public class ApiFactory : WebApplicationFactory<Program>, IAsyncLifetime
 {
     private readonly CancellationTokenSource _timeoutCancellationTokenSource = new(TimeSpan.FromSeconds(30));
+    private readonly WebApiContainerFactory _webApiContainerFactory = new();
     protected override void ConfigureWebHost(IWebHostBuilder builder)
     {
+        var postgresConnectionString = _webApiContainerFactory.PostgresConnectionString;
+        
         builder.ConfigureTestServices(services =>
         {
-
+            services.AddMarten(options =>
+            {
+                options.Connection(postgresConnectionString);
+                options.UseSystemTextJsonForSerialization(); 
+                options.Schema.For<OrderView>()
+                    .Index(x => x.CustomerId)
+                    .Index(x => x.OrderStatus)
+                    .Index(x => x.TotalPrice)
+                    .Index(x => x.CreatedAt)
+                    .FullTextIndex(x => x.OrderName!)
+                    .UniqueIndex(x => x.Id);
+    
+                options.Schema.For<EventStream>()
+                    .Index(x => x.Id)
+                    .Index(x => x.ViewId)
+                    .Index(x => x.EventType)
+                    .Index(x => x.CreatedAt)
+                    .UniqueIndex(x => x.Id);
+            }).UseLightweightSessions();
+            
+            services
+                .AddAuthentication(FakeJwtBearerDefaults.AuthenticationScheme)
+                .AddFakeJwtBearer();
         });
     }
 
+    private HttpClient? _httpClient;
+    internal HttpClient HttpClient
+    {
+        get
+        {
+            _httpClient ??= CreateClient();
+            return _httpClient;
+        }
+    }
+    
+    private DbGiven? _sqlGiven;
+    private IDocumentStore? _store;
+    
+    internal IDocumentStore GetDocumentStore
+    {
+        get
+        {
+            _store ??= Services.GetRequiredService<IDocumentStore>();
+            return _store;
+        }
+    }
+    
+    internal DbGiven DbGiven => _sqlGiven ??= new DbGiven(GetDocumentStore);
+    
     internal CancellationToken CancellationToken => _timeoutCancellationTokenSource.Token;
+    public async Task InitializeAsync()
+    {
+        await _webApiContainerFactory.InitializeAsync();
+    }
+
+    public new async Task DisposeAsync()
+    {
+       await _webApiContainerFactory.DisposeAsync();
+       HttpClient.Dispose();
+    }
 }
@@ -1,7 +1,11 @@
 using System.Net;
 using FastEndpoints;
+using IntegrationTests.Common;
+using Order.Query.Api.Authorization;
 using Order.Query.API.Features.GetOrderById;
 using Order.Query.API.IntegrationTests.AutoFixture;
+using Order.Query.API.IntegrationTests.Given.DbGiven;
+using ProblemDetails = Microsoft.AspNetCore.Mvc.ProblemDetails;
 using Shouldly;
 
 namespace Order.Query.API.IntegrationTests.Features.GetOrderById;
@@ -10,23 +14,122 @@ namespace Order.Query.API.IntegrationTests.Features.GetOrderById;
 public class GetOrderByIdTests(ApiFactory apiFactory) : IAsyncLifetime
 {
     private HttpClient _client = default!;
-    
+    private DbGiven _dbGiven;
     public async Task InitializeAsync()
     {
         _client = apiFactory.CreateClient();
+        _dbGiven = apiFactory.DbGiven;
+        
         await Task.CompletedTask;
     }
 
     [Theory]
     [DomainDataAuto]
-    public async Task GetOrderById_WhenNoTokenProvided_ReturnsUnauthorized(Request request)
+    public async Task GetOrderById_WhenInvalidOrderId_ShouldReturnBadRequest(Request request)
+    {
+        // Arrange
+        request = request with { OrderId = "invalid-order-id" };
+        
+        // Act
+        var (response, error) = await _client
+            .SetFakeBearerToken(FakePermission.GetPermissions(
+                [Policies.OrdersQueryCanGetOrderPermission]))
+            .GETAsync<Endpoint, Request, ProblemDetails>(request);
+
+        // Assert
+        response.ShouldNotBeNull();
+        response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
+        
+        error.Detail!.ShouldContain("invalid-order-id is not a valid Ulid");
+    }
+    
+    [Theory]
+    [DomainDataAuto]
+    public async Task GetOrderById_WhenInvalidCustomerId_ShouldReturnBadRequest(Request request)
+    {
+        // Arrange
+        request = request with { CustomerId = "invalid-customer-id" };
+        
+        // Act
+        var (response, error) = await _client
+            .SetFakeBearerToken(FakePermission.GetPermissions(
+                [Policies.OrdersQueryCanGetOrderPermission]))
+            .GETAsync<Endpoint, Request, ProblemDetails>(request);
+
+        // Assert
+        response.ShouldNotBeNull();
+        response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
+        
+        error.Detail!.ShouldContain("invalid-customer-id is not a valid UUID");
+    }
+    
+    [Theory]
+    [DomainDataAuto]
+    public async Task GetOrderById_WhenNoToken_ShouldReturnUnauthorized(Request request)
+    {
+        // Act
+        var response = await _client
+            .GETAsync<Endpoint, Request>(request);
+
+        // Assert
+        response.ShouldNotBeNull();
+        response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+    }
+    
+    [Theory]
+    [DomainDataAuto]
+    public async Task GetOrderById_WhenNoPermission_ShouldReturnForbidden(Request request)
+    {
+        // Act
+        var response = await _client
+            .SetFakeBearerToken(FakePermission.GetPermissions(
+                [], sub: request.CustomerId))
+            .GETAsync<Endpoint, Request>(request);
+
+        // Assert
+        response.ShouldNotBeNull();
+        response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+    }
+    
+    [Theory]
+    [DomainDataAuto]
+    public async Task GetOrderById_WhenHavingPermissionButWrongUser_ShouldReturnForbidden(Request request)
+    {
+        // Act
+        var response = await _client
+            .SetFakeBearerToken(FakePermission.GetPermissions(
+                [Policies.OrdersQueryCanGetOrderPermission]))
+            .GETAsync<Endpoint, Request>(request);
+
+        // Assert
+        response.ShouldNotBeNull();
+        response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+    }
+    
+    [Theory]
+    [DomainDataAuto]
+    public async Task GetOrderById_WhenExistingOrderId_ShouldReturnExpectedResponse(Request request)
     {
+        // Arrange
+        await _dbGiven.OrderViewConfigurationGiven(x =>
+        {
+            x.Id = request.OrderId!;
+            x.CustomerId = request.CustomerId!;
+        });
+        
         // Act
-        var response = await _client.GETAsync<Endpoint, Request>(request);
+        var (response, result) = await _client
+            .SetFakeBearerToken(FakePermission.GetPermissions(
+                [Policies.OrdersQueryCanGetOrderPermission], sub: request.CustomerId))
+            .GETAsync<Endpoint, Request, Response>(request);
 
         // Assert
         response.ShouldNotBeNull();
         response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        
+        result.ShouldNotBeNull();
+        result.Id.ShouldBe(result.Id);
+        result.CustomerId.ShouldBe(result.CustomerId);
     }
 
     public async Task DisposeAsync()
 
@@ -0,0 +1,17 @@
+using Marten;
+using Order.Query.Features.OrderView;
+
+namespace Order.Query.API.IntegrationTests.Given.DbGiven;
+
+public class DbGiven(IDocumentStore store)
+{
+    public async Task OrderViewConfigurationGiven(Action<OrderViewConfiguration>? configuration = null)
+    {
+        var orderView = new OrderViewConfiguration();
+        configuration?.Invoke(orderView);
+        
+        await using var session = store.LightweightSession();
+        session.Store<OrderView>(orderView.ToDbModel());
+        await session.SaveChangesAsync();
+    }
+}