public async Task <IActionResult> PatchUser(
[FromServices] IUserRepository userRepository,
[FromServices] IEntityRepository entityRepository,
string id,
[FromBody] JsonPatchDocument <User> userPatch)
{
var currentUser = HttpContext.User;
var userEntity = currentUser.Claims.FirstOrDefault(c => c.Type == ClaimTypes.PrimaryGroupSid).Value;
var user = await userRepository.FindByIdAsync(id);
if (user == null)
{
return(BadRequest());
}
if (!currentUser.IsInRole("root") && !currentUser.IsInRole("admin") ||
(currentUser.IsInRole("admin") && userEntity != user.EntityList[0]))
{
return(Unauthorized());
}
var oldRole = user.Role;
userPatch.ApplyTo(user);
if (!_validation.Validate(user))
{
return(BadRequest());
}
if (oldRole != user.Role)
{
if (user.Role == "admin")
{
await entityRepository.AddAdminToAdminList(user.Email, user.EntityList[0]);
}
if (oldRole == "admin")
{
await entityRepository.RemoveAdminFromAdminList(user.Email, user.EntityList[0]);
}
}
await userRepository.ReplaceOneAsync(id, user);
return(NoContent());
}
