public async Task <IActionResult> PatchUser(string username, UserDTO userDTO) { if (username != userDTO.UserName) { return(BadRequest()); } if (!UserExists(username)) { return(NotFound()); } User authenticatedUser = await userManager.FindByNameAsync(User.Identity.Name); if (!(await userManager.IsInRoleAsync(authenticatedUser, UserRoles.Admin)) && !(authenticatedUser.UserName == userDTO.UserName)) { return(Unauthorized("Cannot edit the details of another user unless admin")); } var user = await userManager.FindByNameAsync(username); user.Email = userDTO.Email; user.PhoneNumber = userDTO.PhoneNumber; user.FirstName = userDTO.FirstName; user.LastName = userDTO.LastName; _context.Update(user); await _context.SaveChangesAsync(); return(AcceptedAtAction("PatchUser", new { UserName = userDTO.UserName }, userDTO)); }
public async Task <IActionResult> PatchCompany(long id, CompanyDTO companyDTO) { Company sanitizedCompany = DTOToCompany(companyDTO); if (id != sanitizedCompany.CompanyId) { return(BadRequest()); } if (!CompanyExists(id)) { return(NotFound()); } _context.Update(sanitizedCompany); await _context.SaveChangesAsync(); return(AcceptedAtAction("PatchCompany", new { id = sanitizedCompany.CompanyId }, companyDTO)); }