public async void BtnConfirmUserDelete_ClickAsync(bool isDeleteConfirmed) { if (!isDeleteConfirmed) { SetButtonStates(ButtonState.Enabled); _userWaitingForDeleteConfirmation = null; StateHasChanged(); return; } var editResponse = await AdminService.DeleteUserAsync(_userWaitingForDeleteConfirmation); var usersToEditbyAdminResponse = await AdminService.GetAllUsersAsync(); Users = usersToEditbyAdminResponse.Result; if (editResponse.IsError || usersToEditbyAdminResponse.IsError) { SetButtonStates(ButtonState.Enabled); await Main.PromptMessageAsync(PromptType.Error, editResponse.Message ?? usersToEditbyAdminResponse.Message); _userWaitingForDeleteConfirmation = null; StateHasChanged(); return; } SetButtonStates(ButtonState.Enabled); await Main.PromptMessageAsync(PromptType.Success, editResponse.Message); _userWaitingForDeleteConfirmation = null; StateHasChanged(); }
public void BtnDeleteUser_ClickAsync(FindUserVM userToDelete) { SetButtonStates(ButtonState.Disabled); _btnDeleteUserStates[userToDelete.Id] = ButtonState.Loading; ConfirmationDialog_DeleteUser.Show($"Are you sure you want to delete User \"{userToDelete.UserName}\"?"); _userWaitingForDeleteConfirmation = Mapper.Map(userToDelete, new AdminEditUserVM()); }
public void EditUser(AdminEditUserVM model) { Student student = this.Context.Students.Find(model.Id); student.User.Name = model.Name; student.User.Birthdate = model.BirthDate; student.User.Email = model.Email; this.Context.SaveChanges(); }
public ActionResult EditUser(AdminEditUserVM model) { if (ModelState.IsValid) { this.service.EditUser(model); return(this.RedirectToAction("Index")); } AdminEditUserVM vm = service.GetEditUserVM(model.Id); return(this.View(vm)); }
public AdminEditUserVM GetEditUserVM(int id) { Student student = this.Context.Students.Find(id); //AdminEditUserVM vm = Mapper.Map<Student, AdminEditUserVM>(student); AdminEditUserVM vm = new AdminEditUserVM(); vm.Id = student.Id; vm.Name = student.User.Name; vm.Email = student.User.Email; vm.BirthDate = student.User.Birthdate; return(vm); }
public async Task <ApiResponse <AdminEditUserVM> > DeleteUserAsync(AdminEditUserVM userToDelete) { try { var authUser = (await _accountService.GetAuthenticatedUserAsync())?.Result; return(await _httpClient.PostJTokenAsync <ApiResponse <AdminEditUserVM> >("api/admin/deleteuser", new { AuthenticatedUser = authUser, UserToDelete = userToDelete })); } catch (Exception ex) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status500InternalServerError, "API threw an exception while deleting User", null, null, ex)); } }
public async Task <IActionResult> EditUser(AdminEditUserVM userVM) { try { if (!ModelState.IsValid) { throw new Exception("Please check all fields and then try again."); } var result = await _service.EditUser(userVM); if (result.ErrorMessage == null) { return(Ok(result)); } throw new Exception(result.ErrorMessage); } catch (Exception ex) { return(BadRequest(ex.Message)); } }
public async Task <ApiResponse <AdminEditUserVM> > EditUserAsync(AdminEditUserVM userToEdit) { try { var authUser = (await _accountService.GetAuthenticatedUserAsync())?.Result; var editUserResp = await _httpClient.PostJTokenAsync <ApiResponse <AdminEditUserVM> >("api/admin/edituser", new { AuthenticatedUser = authUser, UserToEdit = userToEdit }); if (editUserResp.IsError || editUserResp.Result?.Ticket == null) { return(editUserResp); } if (authUser?.RememberMe == true) { await _jsRuntime.InvokeVoidAsync("Cookies.set", "Ticket", editUserResp.Result.Ticket, new { expires = 365 * 24 * 60 * 60 }); await _localStorage.SetItemAsync("Ticket", editUserResp.Result.Ticket); } else { await _jsRuntime.InvokeVoidAsync("Cookies.set", "Ticket", editUserResp.Result.Ticket); await _localStorage.RemoveItemAsync("Ticket"); } return(editUserResp); } catch (Exception ex) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status500InternalServerError, "API threw an exception while editing User", null, null, ex)); } }
public async Task <AdminUserDetailsVM> EditUser(AdminEditUserVM user) { try { var admin = await _userManager.FindByIdAsync(user.AdminId); if (admin == null) { throw new Exception("Cannot find the active user."); } var adminResult = await _userManager.VerifyUserTokenAsync(admin, "Default", "authentication-backend", user.AdminToken); if (!adminResult) { throw new Exception("Cannot verify the active user."); } var original = await _userManager.FindByIdAsync(user.User.UserId); if (original == null) { throw new Exception("User does not exist in database."); } original.UserName = user.User.UserName; original.FirstName = user.User.FirstName; original.LastName = user.User.LastName; original.Age = user.User.Age; original.Email = user.User.Email; // This checks whether the IsAdmin was changed or not, and if it was it changes the role corresponding to the change. _ = user.User.IsAdmin != original.IsAdmin && user.User.IsAdmin == true ? await _userManager.AddToRoleAsync(original, "Administrator") : user.User.IsAdmin != original.IsAdmin && user.User.IsAdmin == false ? await _userManager.RemoveFromRoleAsync(original, "Administrator") : null; original.IsAdmin = user.User.IsAdmin; var result = await _userManager.UpdateAsync(original); if (result.Succeeded) { AdminUserDetailsVM resultVM = new AdminUserDetailsVM { AdminId = admin.Id, User = user.User, FrontEndToken = VerificationToken(), AdminToken = await UserToken(admin) }; return(resultVM); } else { throw new Exception(result.Errors.ToString()); } } catch (Exception ex) { AdminUserDetailsVM resultVM = new AdminUserDetailsVM { ErrorMessage = ex.Message }; return(resultVM); } }
public async Task <ApiResponse <AdminEditUserVM> > DeleteUserAsync(AuthenticateUserVM authenticatedUser, AdminEditUserVM userToDelete) { try { if (authenticatedUser == null || !authenticatedUser.IsAuthenticated || !authenticatedUser.HasRole("Admin")) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status401Unauthorized, "You are not Authorized to Delete Users", null)); } if (authenticatedUser.Id == userToDelete.Id) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status401Unauthorized, "You can't Delete yourself", null)); } if (userToDelete.Id == default) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, "Id for the User was not supplied, as it is done automatically it should never happen", null)); } var user = await _userManager.FindByIdAsync(userToDelete.Id.ToString()); if (user == null) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"User with Id: \"{userToDelete.Id}\" was not found, it should never happen", null)); } var deleteUserResponse = await _userManager.DeleteAsync(user); if (!deleteUserResponse.Succeeded) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Deleting User with Id: \"{userToDelete.Id}\" Failed. ({deleteUserResponse.FirstError()})", null)); } userToDelete.IsDeleted = true; return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status201Created, $"Successfully Deleted User: \"{userToDelete.UserName}\"", null, userToDelete)); } catch (Exception ex) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status500InternalServerError, "Deleting User Failed", null, null, ex)); } }
public async Task <ApiResponse <AdminEditUserVM> > AddUserAsync(AuthenticateUserVM authUser, AdminEditUserVM userToAdd) { try { if (authUser == null || !authUser.IsAuthenticated || !authUser.HasRole("Admin")) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status401Unauthorized, "You are not Authorized to Add Users", null)); } var user = new User { UserName = userToAdd.UserName, Email = userToAdd.Email, EmailConfirmed = userToAdd.IsConfirmed, }; var addUserResp = await _userManager.CreateAsync(user); if (!addUserResp.Succeeded) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Adding User \"{userToAdd.UserName}\" Failed. ({addUserResp.FirstError()})", null)); } if (!userToAdd.Password.IsNullOrWhiteSpace()) { user = await _db.Users.SingleOrDefaultAsync(u => u.UserName.ToLower() == userToAdd.UserName.ToLower()); user.PasswordHash = _passwordHasher.HashPassword(user, userToAdd.Password); // use db directly to override identity constraints, we are admin after all here await _db.SaveChangesAsync(); } var addRolesResp = await _userManager.AddToRolesAsync(user, userToAdd.Roles.Select(r => r.Name)); if (!addRolesResp.Succeeded) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Adding User \"{userToAdd.UserName}\" Succeeded, but modifying Roles Failed. ({addRolesResp.FirstError()})", null)); } var addClaimsResp = await _userManager.AddClaimsAsync(user, userToAdd.Claims.Select(c => new Claim(c.Name, c.Values.First().Value))); // we don't consider values for simplicity sake so we can tak any (first) available if (!addClaimsResp.Succeeded) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Editing User with Id: \"{userToAdd.Id}\" Succeeded, but modifying Claims Failed. ({addClaimsResp.FirstError()})", null)); } return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status201Created, $"Successfully Added User: \"{userToAdd.UserName}\"", null, userToAdd)); } catch (Exception ex) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status500InternalServerError, "Adding User Failed", null, null, ex)); } }
public async Task <ApiResponse <AdminEditUserVM> > EditUserAsync(AuthenticateUserVM authenticatedUser, AdminEditUserVM userToEdit) { try { if (authenticatedUser == null || !authenticatedUser.IsAuthenticated || !authenticatedUser.HasRole("Admin")) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status401Unauthorized, "You are not Authorized to Edit Users", null)); } if (userToEdit.Id == authenticatedUser.Id && !userToEdit.HasRole("Admin")) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status401Unauthorized, "You can't remove \"Admin\" Role from your own Account", null)); } if (userToEdit.Id == default) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, "Id for the User was not supplied, as it is done automatically it should never happen", null)); } var user = await _db.Users.SingleOrDefaultAsync(u => u.Id == userToEdit.Id); if (user == null) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"User with Id: \"{userToEdit.Id}\" was not found, it should never happen", null)); } user.Email = userToEdit.Email.IsNullOrWhiteSpace() ? user.Email : userToEdit.Email; user.UserName = userToEdit.UserName.IsNullOrWhiteSpace() ? user.UserName : userToEdit.UserName; user.EmailConfirmed = userToEdit.IsConfirmed; var updateuserResp = await _userManager.UpdateAsync(user); if (!updateuserResp.Succeeded) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Editing User with Id: \"{userToEdit.Id}\" Failed", updateuserResp.Errors.ToLookup(userToEdit.GetPropertyNames()))); } if (!userToEdit.Password.IsNullOrWhiteSpace() && _passwordHasher.VerifyHashedPassword(user, user.PasswordHash, userToEdit.Password) != PasswordVerificationResult.Success) // if admin changed password to a new one { user.PasswordHash = _passwordHasher.HashPassword(user, userToEdit.Password); await _db.SaveChangesAsync(); if (userToEdit.Id == authenticatedUser.Id) { userToEdit.Ticket = await _accountManager.GenerateLoginTicketAsync(user.Id, user.PasswordHash, authenticatedUser.RememberMe); } } var removeRolesResp = await _userManager.RemoveFromRolesAsync(user, await _userManager.GetRolesAsync(user)); var editRolesResp = await _userManager.AddToRolesAsync(user, userToEdit.Roles.Select(r => r.Name)); if (!removeRolesResp.Succeeded || !editRolesResp.Succeeded) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Editing User with Id: \"{userToEdit.Id}\" Succeeded, but modifying Roles Failed. ({(!removeRolesResp.Succeeded ? removeRolesResp.FirstError() : editRolesResp.FirstError())})", null)); } var removeClaimsResp = await _userManager.RemoveClaimsAsync(user, await _userManager.GetClaimsAsync(user)); var editClaimsResp = await _userManager.AddClaimsAsync(user, userToEdit.Claims.Select(c => new Claim(c.Name, c.Values.First().Value))); // we don't consider values for simplicity sake so we can tak any (first) available if (!removeClaimsResp.Succeeded || !editClaimsResp.Succeeded) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Editing User with Id: \"{userToEdit.Id}\" Succeeded, but modifying Claims Failed. ({(!removeClaimsResp.Succeeded ? removeClaimsResp.FirstError() : editClaimsResp.FirstError())})", null)); } return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status201Created, $"Successfully Modified User: \"{userToEdit.UserName}\"", null, userToEdit)); } catch (Exception ex) { return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status500InternalServerError, "Updating User Failed", null, null, ex)); } }
public ActionResult EditUser(int id) { AdminEditUserVM vm = service.GetEditUserVM(id); return(this.View(vm)); }