public IActionResult User_EditAccountDesc(int id, int account_id, [FromBody] string description)
{
// attempt to edit the description
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV))
{
ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information.");
return(new UnauthorizedObjectResult(error));
}
// validate ownership of said account
if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id))
{
ErrorMessage error = new ErrorMessage("Invalid account", "User does not have an account matching that ID.");
return(new BadRequestObjectResult(error));
}
// get account and modify
Account accToEdit = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id);
accToEdit.Description = HelperMethods.HexStringToByteArray(description);
accToEdit.LastModified = DateTime.Now.ToString();
_context.SaveChanges();
return(Ok());
}
public IActionResult User_EditAccount(int id, int acc_id, [FromBody] NewAccount acc)
{
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV))
{
ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information.");
return(new UnauthorizedObjectResult(error));
}
// validate ownership of said account
if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == acc_id))
{
ErrorMessage error = new ErrorMessage("Failed to edit account", "User does not have an account matching that ID.");
return(new BadRequestObjectResult(error));
}
// get account and modify
Account accToEdit = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == acc_id);
accToEdit.Title = HelperMethods.HexStringToByteArray(acc.Title);
accToEdit.Login = HelperMethods.HexStringToByteArray(acc.Login);
accToEdit.Password = HelperMethods.HexStringToByteArray(acc.Password);
accToEdit.Url = HelperMethods.HexStringToByteArray(acc.Url);
accToEdit.Description = HelperMethods.HexStringToByteArray(acc.Description);
accToEdit.LastModified = DateTime.Now.ToString();
_context.SaveChanges();
// return the new object to easily update on frontend without making another api call
return(new OkObjectResult(new ReturnableAccount(accToEdit)));
}
public IActionResult User_EditFolderName(int id, int folder_id, [FromBody] string name)
{
// attempt to edit the title
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV))
{
ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information.");
return(new UnauthorizedObjectResult(error));
}
// validate ownership of said folder
if (!_context.Users.Single(a => a.ID == id).Folders.Exists(b => b.ID == folder_id))
{
ErrorMessage error = new ErrorMessage("Invalid Folder", "User does not have a folder matching that ID.");
return(new BadRequestObjectResult(error));
}
// modify
_context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == folder_id).FolderName = HelperMethods.HexStringToByteArray(name);
_context.SaveChanges();
return(Ok());
}
