public Task <IResult> Patch(OwnUserSettings settings)
{
// The normal user can only update their own settings
return(UpdateUserAsync(Context.UserID, settings));
}
/// <summary>
/// Updates the user settings
/// </summary>
/// <param name="userid">The user to update</param>
/// <param name="settings">The settings to apply</param>
/// <returns>The request result</returns>
protected async Task <IResult> UpdateUserAsync(string userid, OwnUserSettings settings)
{
var requestuserid = Context.UserID;
// Only allow calls by logged in users
if (string.IsNullOrWhiteSpace(requestuserid))
{
return(Forbidden);
}
if (string.IsNullOrWhiteSpace(userid))
{
return(BadRequest);
}
var isself = IsSelfUser(userid);
if (settings == null)
{
return(Status(BadRequest, "Missing update information"));
}
try
{
Database.ChangeEmailRequest nx = null;
Database.User user = null;
string oldemail = null;
var res = await DB.RunInTransactionAsync(db =>
{
var isadmin = Services.AdminHelper.IsAdmin(db, requestuserid);
if (!isself && !isadmin)
{
return(Forbidden);
}
user = db.SelectItemById <Database.User>(userid);
if (!string.IsNullOrWhiteSpace(settings.Handle))
{
user.Handle = settings.Handle;
}
if (!string.IsNullOrWhiteSpace(settings.Name))
{
user.Name = settings.Name;
}
if (settings.InvoiceAddress != null)
{
user.InvoiceAddress = settings.InvoiceAddress;
}
if (settings.DeliveryAddress != null)
{
user.DeliveryAddress = settings.DeliveryAddress;
}
if (isadmin && settings.Disabled != null)
{
user.Disabled = settings.Disabled.Value;
}
if (isadmin && settings.Require2FA != null)
{
user.Require2FA = settings.Require2FA.Value;
}
// Register a new activation request
if (!string.IsNullOrWhiteSpace(settings.Email) && settings.Email != user.Email)
{
if (!Services.PasswordPolicy.IsValidEmail(settings.Email))
{
return(Status(BadRequest, "The new email address is not valid"));
}
oldemail = user.Email;
if (isadmin)
{
user.Email = settings.Email;
}
else
{
db.InsertItem(nx = new Database.ChangeEmailRequest()
{
UserID = user.ID,
NewEmail = settings.Email,
Token = Services.PasswordPolicy.GenerateActivationCode()
});
}
}
//TODO: The profile image?
db.UpdateItem(user);
// Toggle admin status
if (isadmin && settings.Admin != null)
{
if (settings.Admin.Value)
{
db.InsertOrIgnoreItem(new Database.UserGroupIndex()
{
UserID = user.ID,
GroupID = IDConstants.AdminGroupID
});
}
else
{
db.Delete <Database.UserGroupIndex>(x =>
x.UserID == user.ID
&&
x.GroupID == IDConstants.AdminGroupID
);
}
}
if (isadmin && !string.IsNullOrWhiteSpace(oldemail))
{
//TODO: Implement the change email notification
//Services.SendEmail.ChangeEmailNotification(oldemail, settings.Email);
}
return(OK);
});
if (user != null && nx != null)
{
await Queues.SendEmailChangeConfirmationEmailAsync(user.Name, nx.NewEmail, nx.ID, Services.LocaleHelper.GetBestLocale(Context.Request));
}
return(res);
}
catch (Exception ex)
{
var t = Ceen.Extras.CRUDExceptionHelper.WrapExceptionMessage(ex);
if (t != null)
{
return(t);
}
throw;
}
}
public Task <IResult> Patch(string userid, OwnUserSettings settings)
{
// Admin users can update all users
return(UpdateUserAsync(userid, settings));
}
