public async Task <IActionResult> UpdateUserAsAdmin(UserForUpdateAsAdminDto userForUpdate)
        {
            User user = await _repo.GetUser(userForUpdate.Id);

            //check if password is not null and between <5, 15>
            if (!String.IsNullOrEmpty(userForUpdate.Password) && (userForUpdate.Password.Length < 5 || userForUpdate.Password.Length > 15))
            {
                return(BadRequest("Password needs to be between 5 and 15 characters"));
            }
            //if email is not same check if newe mail already exists
            if (user.Email != userForUpdate.Email.ToLower())
            {
                if (await _auth.EmailExists(userForUpdate.Email.ToLower()))
                {
                    return(BadRequest("Email already in use"));
                }
            }
            //if username is not same check if new username already exists
            if (user.Username != userForUpdate.Username.ToLower())
            {
                if (await _auth.UserExists(userForUpdate.Username.ToLower()))
                {
                    return(BadRequest("Username already in use"));
                }
            }

            if (await _repo.UpdateUserAsAdmin(userForUpdate))
            {
                userForUpdate.Password = "";
                return(Ok(userForUpdate));
            }

            return(Unauthorized());
        }
Beispiel #2
0
        /// <summary>
        /// Updates more info for user
        /// </summary>
        /// <param name="user"> User for update</param>
        /// <returns></returns>
        public async Task <bool> UpdateUserAsAdmin(UserForUpdateAsAdminDto user)
        {
            SqlParameter[] parameters = new SqlParameter[]
            {
                new SqlParameter {
                    ParameterName = "@userId", DbType = DbType.Int32, Direction = ParameterDirection.Input, Value = user.Id
                },
                new SqlParameter {
                    ParameterName = "@username", DbType = DbType.String, Direction = ParameterDirection.Input, Value = user.Username.ToLower()
                },
                new SqlParameter {
                    ParameterName = "@password", DbType = DbType.String, Direction = ParameterDirection.Input, Value = user.Password
                },
                new SqlParameter {
                    ParameterName = "@email", DbType = DbType.String, Direction = ParameterDirection.Input, Value = user.Email.ToLower()
                },
                new SqlParameter {
                    ParameterName = "@firstName", DbType = DbType.String, Direction = ParameterDirection.Input, Value = user.FirstName
                },
                new SqlParameter {
                    ParameterName = "@lastName ", DbType = DbType.String, Direction = ParameterDirection.Input, Value = user.LastName
                },
                new SqlParameter {
                    ParameterName = "@response", DbType = DbType.Boolean, Direction = ParameterDirection.Output
                }
            };

            await _context.Database.ExecuteSqlCommandAsync("EXECUTE UpdateUserAsAdmin @userId, @username, @password, @email, @firstName, @lastName, @response OUT", parameters);

            return((bool)parameters[parameters.Length - 1].Value);
        }