MVC planning poker-implementing security-part 4

I figured a way to see how to implement security.  When the Moderator creates a table, the factory does not return a Table – but a combination of Table and ModeratorKey. Now the Moderator must maintain his ModeratorKey .The function that boots a participant requires passing this ModeratorKey – and , if it is correct, it boots the participant. The codes are the following:

?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[TestMethod]
       public void UseCase3BootTemporary()
       {
           var td = createdTable();
           td.Table.BootParticipant(td.ModeratorKey, newParticipantName);
           Assert.AreEqual(0,td.Table.Participants.Count);
           td.Table.AddParticipant(newParticipantName);
           Assert.AreEqual(1, td.Table.Participants.Count);
            
       }
 
       [TestMethod]
       public void UseCase3BootPermanently()
       {
           var td = createdTable();
           td.Table.BootParticipant(td.ModeratorKey, newParticipantName,true);
           Assert.AreEqual(0, td.Table.Participants.Count);
           try
           {
               td.Table.AddParticipant(newParticipantName);
           }
           catch (PPBannedUserException)
           {
               return;//expecting this exception   
           }
           Assert.IsTrue(false,"the add participant should be throwing an error");
       }

Now, as you can see , anyone could boot a participant from the table – with the condition, of course, to know the Moderator key.
Next time we will implement cards.