public IActionResult Display(string id) { UserAccount targetUser = ProfileBuilder.FromId(id); UserAccount selfUser = GetCurrentUser(); if (targetUser == null) { return(NotFound()); } if (targetUser.ID == selfUser.ID) { return(RedirectToAction("me")); } return(View("Display", targetUser)); }
public IActionResult Edit(string id) { UserAccount selfUser = ProfileBuilder.FromPrincipal(User); UserAccount inspectedUser = ProfileBuilder.FromId(id); if (inspectedUser == null) { return(NotFound()); } if (!selfUser.Permissions.HasFlag(GlobalPermissions.ManageUsers) && selfUser.ID != inspectedUser.ID) { return(Forbid()); } return(View(inspectedUser)); }
public IActionResult Edit(string id, [FromForm, Bind] UserAccount accountChanges, [FromForm] IFormFile avatar, [FromForm] bool clearAvatar) { UserAccount targetUser = ProfileBuilder.FromId(id); UserAccount selfUser = GetCurrentUser(); bool isSelf = targetUser.ID == selfUser.ID; bool canManageSelf = selfUser.Permissions.HasFlag(GlobalPermissions.ManageSelf); bool canManageUsers = selfUser.Permissions.HasFlag(GlobalPermissions.ManageUsers); if (!(isSelf && canManageSelf || canManageUsers)) { return(Forbid()); } // Collect the initial model errors List <string> errorMessages = new List <string>(); if (!ModelState.IsValid) { errorMessages = ModelState.Values.SelectMany(value => value.Errors).Select(error => error.ErrorMessage).ToList(); } // Perform additional validation if (avatar != null) { if (avatar.ContentType != "image/png") { errorMessages.Add("You can only use PNG images as avatars."); } if (avatar.Length > 4194304) { errorMessages.Add("Avatar images can only be 4MB in size."); } using (var image = Image.Load(avatar.OpenReadStream())) { if (image.Width != image.Height) { errorMessages.Add("Avatar images must be in a square (1:1) aspect ratio."); } } } if (errorMessages.Count > 0) { // If validation errors occured, display them on the edit page. ViewBag.ErrorMessages = errorMessages.ToArray(); return(Edit(id)); } targetUser.Username = accountChanges.Username; string userAvatarPath = System.IO.Path.Combine(Environment.WebRootPath, _avatarHelper.GetAbsoluteAvatarUrl(targetUser)); if (avatar != null) { using (var localFile = System.IO.File.OpenWrite(userAvatarPath)) using (var uploadedFile = avatar.OpenReadStream()) { uploadedFile.CopyTo(localFile); } } else { if (clearAvatar) { System.IO.File.Delete(userAvatarPath); } } if (canManageUsers) { if (accountChanges.Permissions != targetUser.Permissions) { targetUser.Permissions = accountChanges.Permissions; } if (accountChanges.AccountBadge != targetUser.AccountBadge) { targetUser.AccountBadge = accountChanges.AccountBadge; } } DatabaseHelpers.Context.UpdateAndSave(targetUser); return(targetUser.ID == selfUser.ID ? RedirectToAction("me") : RedirectToAction("display", new { id })); }