public async Task <IActionResult> UpdateUserAsUser(UserForUpdateAsUserDto userForUpdate)
{
User user = await _repo.GetUser(userForUpdate.Id);
//check if password is not null and between <5, 15>
if (!String.IsNullOrEmpty(userForUpdate.Password) && (userForUpdate.Password.Length < 5 || userForUpdate.Password.Length > 15))
{
return(BadRequest("Password needs to be between 5 and 15 characters"));
}
//if email is not same check if new email already exists
if (user.Email != userForUpdate.Email.ToLower())
{
if (await _auth.EmailExists(userForUpdate.Email.ToLower()))
{
return(BadRequest("Email already in use"));
}
}
if (await _repo.UpdateUserAsUser(userForUpdate))
{
userForUpdate.Password = "";
return(Ok(userForUpdate));
}
return(Unauthorized());
}
/// <summary>
/// Updates less info for user
/// </summary>
/// <param name="user"> User for update</param>
/// <returns></returns>
public async Task <bool> UpdateUserAsUser(UserForUpdateAsUserDto user)
{
SqlParameter[] parameters = new SqlParameter[]
{
new SqlParameter {
ParameterName = "@userId", DbType = DbType.Int32, Direction = ParameterDirection.Input, Value = user.Id
},
new SqlParameter {
ParameterName = "@password", DbType = DbType.String, Direction = ParameterDirection.Input, Value = user.Password
},
new SqlParameter {
ParameterName = "@email", DbType = DbType.String, Direction = ParameterDirection.Input, Value = user.Email.ToLower()
},
new SqlParameter {
ParameterName = "@response", DbType = DbType.Boolean, Direction = ParameterDirection.Output
}
};
await _context.Database.ExecuteSqlCommandAsync("EXECUTE UpdateUserAsUser @userId, @password, @email, @response OUT", parameters);
return((bool)parameters[parameters.Length - 1].Value);
}
