public async Task AlterUserRole(AlterUserRoleData data) { if (data == null) { throw new MissingArgumentsException(nameof(data)); } var authenticatedUser = await _db.User.FindAsync(data.AuthenticatedUser); if (authenticatedUser == null) { throw new NotFoundException(typeof(User), "Authenticated user not found"); } if (authenticatedUser.Role != UserRole.Admin) { throw new PermissionException("The authenticated user has no rights to alter user's role."); } var targetUser = await _db.User.FindAsync(data.TargetUser); if (targetUser == null) { throw new NotFoundException(typeof(User), "Target user not found"); } authenticatedUser.AlterUserRole(targetUser, data.NewRole); }
public async Task <IActionResult> AlterUserRole(Guid targetUserid, [FromBody] UserRole targetUserNewRole) { try { var data = new AlterUserRoleData() { AuthenticatedUser = authenticatedUser.Id, TargetUser = targetUserid, NewRole = targetUserNewRole }; await repo.AlterUserRole(data); await repo.SaveChangesAsync(); } catch (MissingArgumentsException missingArgumentsException) { return(BadRequest(missingArgumentsException)); } catch (NotFoundException notFoundException) { return(NotFound(notFoundException)); } catch (PermissionException permissionException) { return(StatusCode(StatusCodes.Status403Forbidden, permissionException)); } catch (RuleException ruleException) { return(Conflict(ruleException)); } catch (Exception exception) { return(StatusCode(StatusCodes.Status500InternalServerError, exception)); } return(NoContent()); }