public async Task UpdatePatrolUser(PatrolUserDto dto)
{
var newEmailUser = await _userRepository.GetUser(dto.Email);
if (newEmailUser == null || newEmailUser.Id == dto.Id)
{
var user = await _userRepository.GetUser(dto.Id);
//user.Email = dto.Email;
user.FirstName = dto.FirstName;
user.LastName = dto.LastName;
await _userRepository.UpdateUser(user);
//note admins cannot change notification preferences for users, on purpose
var patrolUser = await _patrolRepository.GetPatrolUser(dto.Id, dto.PatrolId);
patrolUser.Role = dto.Role;
await _patrolRepository.UpdatePatrolUser(patrolUser);
var existingGroupUsers = await _groupRepository.GetGroupUsersForUser(dto.PatrolId, dto.Id);
await existingGroupUsers.DifferenceWith(dto.Groups
, (e, c) => e.GroupId == c.Id
, c => _groupRepository.InsertGroupUser(new GroupUser()
{
UserId = dto.Id, GroupId = c.Id
})
, e => _groupRepository.DeleteGroupUser(e));
}
else
{
throw new InvalidOperationException("Email in use");
}
}
public async Task <IActionResult> Save(PatrolUserDto dto)
{
//users can update some things themselves
if (dto.Id == User.UserId() && !dto.Role.HasValue && dto.Groups == null && dto.PatrolUserId == default(int))
{
var newEmailUser = await _userRepository.GetUser(dto.Email);
if (newEmailUser == null || newEmailUser.Id == dto.Id)
{
var user = await _userRepository.GetUser(dto.Id);
user.FirstName = dto.FirstName;
user.LastName = dto.LastName;
//user.Email = dto.Email;
user.AllowEmailNotifications = dto.AllowEmailNotifications;
user.NspNumber = dto.NspNumber;
user.ProfileImageUrl = dto.ProfileImageUrl;
await _userRepository.UpdateUser(user);
}
else
{
throw new InvalidOperationException("Email in use");
}
return(Ok());
}
//admins can update some things for people in their patrol
else if (User.RoleInPatrol(dto.PatrolId).CanMaintainUsers())
{
//ensure the groups specified match the specified patrol
var validGroups = await _groupRepository.GetGroupsForPatrol(dto.PatrolId);
if (dto.Groups.All(x => validGroups.Any(y => y.Id == x.Id)))
{
if (dto.Id == default(int))
{
var user = await _userService.AddUserToPatrol(dto.PatrolId, dto.Role, dto.FirstName, dto.LastName, dto.Email);
dto.Id = user.Id;
}
await _userService.UpdatePatrolUser(dto);
//if it's the current user, send them a refreshed token
if (dto.Id == User.UserId())
{
Response.SendNewToken(await _authenticationService.IssueJwtToUser(User.UserId(), User.TokenGuid()));
}
else
{
await _tokenRepository.SupersedeActiveTokensForUsers(new List <int>() { dto.Id }, _systemClock.UtcNow.UtcDateTime);
}
return(Ok());
}
else
{
return(Forbid());
}
}
else
{
return(Forbid());
}
}
