public static ActionResult <UserModel> Execute(Guid webSessionId, PostUpdateUserRoleType data, string connectionString) { try { using (var connection = new SqlConnection(connectionString)) { // create command object var command = new SqlCommand(); command.Connection = connection; command.Connection.Open(); // authenticate web session if (!WebSessionCheck.Check(webSessionId, connection, command)) { return(new UnauthorizedResult()); } // update user with given username to be new role command.CommandText = @$ " UPDATE users SET user_role = '{data.newUserRole}' WHERE users.username = '******' "; var rowsAffected = command.ExecuteNonQuery(); // if no rows affected, user was not sucessfully updated if (rowsAffected != 1) { return(new BadRequestResult()); } // get updated user command.CommandText = @$ " SELECT * FROM users WHERE username = '******'
public ActionResult <UserModel> PostUpdateUserRole([FromHeader(Name = "X-websession")] Guid webSessionId, [FromBody] PostUpdateUserRoleType data) { return(postUpdateUserRole.Execute(webSessionId, data, _configuration["ConnectionStrings:DefaultConnection"])); }