public async Task <UserWithRolesDto> GetUserWithRolesAsync(string userId, bool isCurrentUserAdmin)
{
UserWithRolesDto result = null;
var userDb = await _userManager.FindByIdAsync(userId);
await ValidateAdminAccessAsync(isCurrentUserAdmin, userDb);
if (userDb != null)
{
result = _mapper.Map <UserDb, UserWithRolesDto>(userDb);
result.Roles = await _userManager.GetRolesAsync(userDb);
}
return(result);
}
public async Task <IActionResult> GetUsersWithRoles()
{
if (User.Identity.Name.ToUpper() == "SYSTEMADMIN")
{
var users = await _context.Users.Where(x => x.NormalizedUserName != "SYSTEMADMIN" && x.Masked == false).ToListAsync();
var userList = new List <UserWithRolesDto>();
foreach (var user in users)
{
var userWithRole = new UserWithRolesDto();
userWithRole.Username = user.UserName;
userWithRole.FullName = user.FullName;
userWithRole.Initials = user.Initials;
userWithRole.Id = user.Id;
userWithRole.Roles = await _context.Roles.FromSql("SELECT * FROM AspNetRoles WHERE AspNetRoles.Id IN (SELECT AspNetUserRoles.RoleId FROM AspNetUserRoles WHERE AspNetUserRoles.UserId = {0})", user.Id).ToListAsync();
userList.Add(userWithRole);
}
return(Ok(userList));
}
else
{
var orgId = int.Parse(User.FindFirst("Organization").Value);
var users = await _context.Users.FromSql("SELECT * FROM AspNetUsers WHERE AspNetUsers.Masked = false AND AspNetUsers.Id IN (SELECT OrganizationUser.UserId FROM OrganizationUser WHERE OrganizationUser.OrganizationId = {0})", orgId).ToListAsync();
var userList = new List <UserWithRolesDto>();
foreach (var user in users)
{
var userWithRole = new UserWithRolesDto();
userWithRole.Username = user.UserName;
userWithRole.Id = user.Id;
userWithRole.FullName = user.FullName;
userWithRole.Initials = user.Initials;
userWithRole.Roles = await _context.Roles.FromSql("SELECT * FROM AspNetRoles WHERE AspNetRoles.Id IN (SELECT AspNetUserRoles.RoleId FROM AspNetUserRoles WHERE AspNetUserRoles.UserId = {0}) AND AspNetRoles.OrganizationId = {1}", user.Id, orgId).ToListAsync();
userList.Add(userWithRole);
}
return(Ok(userList));
}
}
public async Task <IActionResult> EditUserRoles(UserWithRolesDto userWithRoles)
{
var user = await _userManager.FindByNameAsync(userWithRoles.User.UserName);
if (user == null)
{
return(BadRequest($"No user with UserName {userWithRoles.User.UserName} found."));
}
var backupUserRoles = await _userManager.GetRolesAsync(user);
var roles = userWithRoles.Roles.ToList().Select(r => r.Name);
var resultRemove = await _userManager.RemoveFromRolesAsync(user, await _userManager.GetRolesAsync(user));
if (roles.Count() == 0)
{
if (!resultRemove.Succeeded)
{
return(BadRequest(resultRemove.Errors));
}
return(Ok($"User {user.UserName} from now on belongs to none of roles."));
}
try
{
var resultAdd = await _userManager.AddToRolesAsync(user, roles);
}
catch (InvalidOperationException ex)
{
// Backup previous roles of the user
await _userManager.RemoveFromRolesAsync(user, await _userManager.GetRolesAsync(user));
var result = await _userManager.AddToRolesAsync(user, backupUserRoles);
//
return(BadRequest(new { Error = ex.Message, User = await GetUserWithRoles(_mapper.Map <UsernameDto>(user)) }));
}
return(await GetUserWithRoles(_mapper.Map <UsernameDto>(user)));
}
