public async Task UpdatePatrolUser(PatrolUserDto dto) { var newEmailUser = await _userRepository.GetUser(dto.Email); if (newEmailUser == null || newEmailUser.Id == dto.Id) { var user = await _userRepository.GetUser(dto.Id); //user.Email = dto.Email; user.FirstName = dto.FirstName; user.LastName = dto.LastName; await _userRepository.UpdateUser(user); //note admins cannot change notification preferences for users, on purpose var patrolUser = await _patrolRepository.GetPatrolUser(dto.Id, dto.PatrolId); patrolUser.Role = dto.Role; await _patrolRepository.UpdatePatrolUser(patrolUser); var existingGroupUsers = await _groupRepository.GetGroupUsersForUser(dto.PatrolId, dto.Id); await existingGroupUsers.DifferenceWith(dto.Groups , (e, c) => e.GroupId == c.Id , c => _groupRepository.InsertGroupUser(new GroupUser() { UserId = dto.Id, GroupId = c.Id }) , e => _groupRepository.DeleteGroupUser(e)); } else { throw new InvalidOperationException("Email in use"); } }
public async Task <IActionResult> Save(PatrolUserDto dto) { //users can update some things themselves if (dto.Id == User.UserId() && !dto.Role.HasValue && dto.Groups == null && dto.PatrolUserId == default(int)) { var newEmailUser = await _userRepository.GetUser(dto.Email); if (newEmailUser == null || newEmailUser.Id == dto.Id) { var user = await _userRepository.GetUser(dto.Id); user.FirstName = dto.FirstName; user.LastName = dto.LastName; //user.Email = dto.Email; user.AllowEmailNotifications = dto.AllowEmailNotifications; user.NspNumber = dto.NspNumber; user.ProfileImageUrl = dto.ProfileImageUrl; await _userRepository.UpdateUser(user); } else { throw new InvalidOperationException("Email in use"); } return(Ok()); } //admins can update some things for people in their patrol else if (User.RoleInPatrol(dto.PatrolId).CanMaintainUsers()) { //ensure the groups specified match the specified patrol var validGroups = await _groupRepository.GetGroupsForPatrol(dto.PatrolId); if (dto.Groups.All(x => validGroups.Any(y => y.Id == x.Id))) { if (dto.Id == default(int)) { var user = await _userService.AddUserToPatrol(dto.PatrolId, dto.Role, dto.FirstName, dto.LastName, dto.Email); dto.Id = user.Id; } await _userService.UpdatePatrolUser(dto); //if it's the current user, send them a refreshed token if (dto.Id == User.UserId()) { Response.SendNewToken(await _authenticationService.IssueJwtToUser(User.UserId(), User.TokenGuid())); } else { await _tokenRepository.SupersedeActiveTokensForUsers(new List <int>() { dto.Id }, _systemClock.UtcNow.UtcDateTime); } return(Ok()); } else { return(Forbid()); } } else { return(Forbid()); } }