public static ActionResult <UserModel> Execute(Guid webSessionId, PostUpdateUserRoleType data, string connectionString)
{
try
{
using (var connection = new SqlConnection(connectionString))
{
// create command object
var command = new SqlCommand();
command.Connection = connection;
command.Connection.Open();
// authenticate web session
if (!WebSessionCheck.Check(webSessionId, connection, command))
{
return(new UnauthorizedResult());
}
// update user with given username to be new role
command.CommandText = @$ "
UPDATE users
SET user_role = '{data.newUserRole}'
WHERE users.username = '******'
";
var rowsAffected = command.ExecuteNonQuery();
// if no rows affected, user was not sucessfully updated
if (rowsAffected != 1)
{
return(new BadRequestResult());
}
// get updated user
command.CommandText = @$ "
SELECT *
FROM users
WHERE username = '******'
public ActionResult <UserModel> PostUpdateUserRole([FromHeader(Name = "X-websession")] Guid webSessionId, [FromBody] PostUpdateUserRoleType data)
{
return(postUpdateUserRole.Execute(webSessionId, data, _configuration["ConnectionStrings:DefaultConnection"]));
}
