public async Task <IActionResult> PatchUser(string username, UserDTO userDTO)
{
if (username != userDTO.UserName)
{
return(BadRequest());
}
if (!UserExists(username))
{
return(NotFound());
}
User authenticatedUser = await userManager.FindByNameAsync(User.Identity.Name);
if (!(await userManager.IsInRoleAsync(authenticatedUser, UserRoles.Admin)) && !(authenticatedUser.UserName == userDTO.UserName))
{
return(Unauthorized("Cannot edit the details of another user unless admin"));
}
var user = await userManager.FindByNameAsync(username);
user.Email = userDTO.Email;
user.PhoneNumber = userDTO.PhoneNumber;
user.FirstName = userDTO.FirstName;
user.LastName = userDTO.LastName;
_context.Update(user);
await _context.SaveChangesAsync();
return(AcceptedAtAction("PatchUser", new { UserName = userDTO.UserName }, userDTO));
}
public async Task <IActionResult> PatchCompany(long id, CompanyDTO companyDTO)
{
Company sanitizedCompany = DTOToCompany(companyDTO);
if (id != sanitizedCompany.CompanyId)
{
return(BadRequest());
}
if (!CompanyExists(id))
{
return(NotFound());
}
_context.Update(sanitizedCompany);
await _context.SaveChangesAsync();
return(AcceptedAtAction("PatchCompany", new { id = sanitizedCompany.CompanyId }, companyDTO));
}
