public JsonResult Update([FromBody] Models.User data, [RequiredFromQuery] int status)
{
using (var context = new Data.ApplicationDbContext()) {
String authUserId = User.GetClaim(OpenIdConnectConstants.Claims.Subject);
Models.User authUser = context.Users.AsNoTracking().FirstOrDefault(u => u.Id.ToString() == authUserId);
if (authUser == null)
{
return(Json(new { status_code = 2, status = "User '" + authUserId + "' does not exist" }));
}
if (!Helpers.PermissionChecker.CanModifyUser(authUser) && authUser.Id != data.Id)
{
return(Json(new { status_code = 1, status = "User '" + authUser.UserName + "' does not have permission to edit user" }));
}
Models.User dbUser = context.Users.FirstOrDefault(u => u.Id == data.Id);
if (dbUser == null)
{
return(Json(new { status_code = 2, status = "User '" + data.Id + "' does not exist" }));
}
// Changes made to user object to be logged
String changes = "";
// Id cannot be changed and LastLogin is handled elsewhere
if (status == 0)
{
// Compares given user (data) to row stored in database (dbUser)
List <Models.Log.Variance> variances = dbUser.Compare(data, false);
if (variances.Count == 0)
{
return(Json(new { status_code = 0, status = "No changes made (given object same as database row)" }));
}
dbUser.Copy(data, false);
// Logs each change in format: [(KEY=VALUE)][(KEY=VALUE)]
// note: this format was chosen so values may contain commas or other symbols otherwise used to separate lists
foreach (Models.Log.Variance var in variances)
{
changes += "[(" + var.Property + "=" + (var.New != null ? var.New.ToString() : "null") + ")]";
}
}
else if (status == 1)
{
dbUser.Password = data.Password;
changes = "[(Password)]";
}
else
{
return(Json(new { status_code = 4, status = "Unknown status code '" + status + "' when updating user info" }));
}
context.SaveChanges();
String description = "";
if (authUser.Id == dbUser.Id)
{
description = String.Format("{0} (id: {1}) changed his/her info", authUser.UserName, authUser.Id);
}
else
{
description = String.Format("{0} (id: {1}) changed {2}'s (id: {3}) info", authUser.UserName, authUser.Id, dbUser.UserName, dbUser.Id);
}
Helpers.LogHelper.LogAction(Models.Log.ActionType.ModifyUser, authUser.Id, dbUser.Id, description, changes);
return(Json(new { status_code = 0 }));
}
}