public IActionResult Display(string id)
{
UserAccount targetUser = ProfileBuilder.FromId(id);
UserAccount selfUser = GetCurrentUser();
if (targetUser == null)
{
return(NotFound());
}
if (targetUser.ID == selfUser.ID)
{
return(RedirectToAction("me"));
}
return(View("Display", targetUser));
}
public IActionResult Edit(string id)
{
UserAccount selfUser = ProfileBuilder.FromPrincipal(User);
UserAccount inspectedUser = ProfileBuilder.FromId(id);
if (inspectedUser == null)
{
return(NotFound());
}
if (!selfUser.Permissions.HasFlag(GlobalPermissions.ManageUsers) && selfUser.ID != inspectedUser.ID)
{
return(Forbid());
}
return(View(inspectedUser));
}
public IActionResult Edit(string id, [FromForm, Bind] UserAccount accountChanges, [FromForm] IFormFile avatar, [FromForm] bool clearAvatar)
{
UserAccount targetUser = ProfileBuilder.FromId(id);
UserAccount selfUser = GetCurrentUser();
bool isSelf = targetUser.ID == selfUser.ID;
bool canManageSelf = selfUser.Permissions.HasFlag(GlobalPermissions.ManageSelf);
bool canManageUsers = selfUser.Permissions.HasFlag(GlobalPermissions.ManageUsers);
if (!(isSelf && canManageSelf || canManageUsers))
{
return(Forbid());
}
// Collect the initial model errors
List <string> errorMessages = new List <string>();
if (!ModelState.IsValid)
{
errorMessages = ModelState.Values.SelectMany(value => value.Errors).Select(error => error.ErrorMessage).ToList();
}
// Perform additional validation
if (avatar != null)
{
if (avatar.ContentType != "image/png")
{
errorMessages.Add("You can only use PNG images as avatars.");
}
if (avatar.Length > 4194304)
{
errorMessages.Add("Avatar images can only be 4MB in size.");
}
using (var image = Image.Load(avatar.OpenReadStream()))
{
if (image.Width != image.Height)
{
errorMessages.Add("Avatar images must be in a square (1:1) aspect ratio.");
}
}
}
if (errorMessages.Count > 0)
{
// If validation errors occured, display them on the edit page.
ViewBag.ErrorMessages = errorMessages.ToArray();
return(Edit(id));
}
targetUser.Username = accountChanges.Username;
string userAvatarPath = System.IO.Path.Combine(Environment.WebRootPath, _avatarHelper.GetAbsoluteAvatarUrl(targetUser));
if (avatar != null)
{
using (var localFile = System.IO.File.OpenWrite(userAvatarPath))
using (var uploadedFile = avatar.OpenReadStream())
{
uploadedFile.CopyTo(localFile);
}
}
else
{
if (clearAvatar)
{
System.IO.File.Delete(userAvatarPath);
}
}
if (canManageUsers)
{
if (accountChanges.Permissions != targetUser.Permissions)
{
targetUser.Permissions = accountChanges.Permissions;
}
if (accountChanges.AccountBadge != targetUser.AccountBadge)
{
targetUser.AccountBadge = accountChanges.AccountBadge;
}
}
DatabaseHelpers.Context.UpdateAndSave(targetUser);
return(targetUser.ID == selfUser.ID
? RedirectToAction("me")
: RedirectToAction("display", new { id }));
}
