Example #1
0
        public JsonResult Update([FromBody] Models.User data, [RequiredFromQuery] int status)
        {
            using (var context = new Data.ApplicationDbContext()) {
                String      authUserId = User.GetClaim(OpenIdConnectConstants.Claims.Subject);
                Models.User authUser   = context.Users.AsNoTracking().FirstOrDefault(u => u.Id.ToString() == authUserId);
                if (authUser == null)
                {
                    return(Json(new { status_code = 2, status = "User '" + authUserId + "' does not exist" }));
                }

                if (!Helpers.PermissionChecker.CanModifyUser(authUser) && authUser.Id != data.Id)
                {
                    return(Json(new { status_code = 1, status = "User '" + authUser.UserName + "' does not have permission to edit user" }));
                }

                Models.User dbUser = context.Users.FirstOrDefault(u => u.Id == data.Id);
                if (dbUser == null)
                {
                    return(Json(new { status_code = 2, status = "User '" + data.Id + "' does not exist" }));
                }

                // Changes made to user object to be logged
                String changes = "";

                // Id cannot be changed and LastLogin is handled elsewhere
                if (status == 0)
                {
                    // Compares given user (data) to row stored in database (dbUser)
                    List <Models.Log.Variance> variances = dbUser.Compare(data, false);
                    if (variances.Count == 0)
                    {
                        return(Json(new { status_code = 0, status = "No changes made (given object same as database row)" }));
                    }

                    dbUser.Copy(data, false);

                    // Logs each change in format: [(KEY=VALUE)][(KEY=VALUE)]
                    // note: this format was chosen so values may contain commas or other symbols otherwise used to separate lists
                    foreach (Models.Log.Variance var in variances)
                    {
                        changes += "[(" + var.Property + "=" + (var.New != null ? var.New.ToString() : "null") + ")]";
                    }
                }
                else if (status == 1)
                {
                    dbUser.Password = data.Password;
                    changes         = "[(Password)]";
                }
                else
                {
                    return(Json(new { status_code = 4, status = "Unknown status code '" + status + "' when updating user info" }));
                }

                context.SaveChanges();

                String description = "";
                if (authUser.Id == dbUser.Id)
                {
                    description = String.Format("{0} (id: {1}) changed his/her info", authUser.UserName, authUser.Id);
                }
                else
                {
                    description = String.Format("{0} (id: {1}) changed {2}'s (id: {3}) info", authUser.UserName, authUser.Id, dbUser.UserName, dbUser.Id);
                }

                Helpers.LogHelper.LogAction(Models.Log.ActionType.ModifyUser, authUser.Id, dbUser.Id, description, changes);

                return(Json(new { status_code = 0 }));
            }
        }