public async Task <ActionResult> UpdateUserAsync(string userId, UserWithRolesUpdateRequest request)
{
var isCurrentUserAdmin = HttpContext.IsCurrentUserAdmin();
var result = await _userService.UpdateUserAsync(userId, request, isCurrentUserAdmin);
return(StatusCode(StatusCodes.Status200OK, result));
}
public async Task <UserWithRolesDto> UpdateUserAsync(string userId,
UserWithRolesUpdateRequest request,
bool isCurrentUserAdmin)
{
if (!isCurrentUserAdmin && request.Roles != null && request.Roles.Contains(UserRoles.Admin))
{
throw new JoggingTrackerForbiddenException(ErrorMessages.Forbidden);
}
await UpdateUserAsync(userId, request, request.Roles);
return(await GetUserWithRolesAsync(userId, isCurrentUserAdmin));
}
public void UpdateUser_AdminUserIsUpdated_UserMangerRequests_ThrowException()
{
var seedUsers = FakeDbUtilities.SeedUsers;
var token = GetUserManagerAuthToken();
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
UserWithRolesUpdateRequest request = new UserWithRolesUpdateRequest()
{
UserName = "******"
};
var httpResponse = _client.PutAsync($"{_baseUri}/{FakeDbUtilities.adminUser.Id}", ContentHelper.GetStringContent(request)).Result;
httpResponse.StatusCode.Should().Be(StatusCodes.Status403Forbidden);
}
public void UpdateUser_PromotesRegularUserToUserManager_ReturnsOk()
{
var seedUsers = FakeDbUtilities.SeedUsers;
var token = GetUserManagerAuthToken();
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
UserWithRolesUpdateRequest request = new UserWithRolesUpdateRequest()
{
UserName = FakeDbUtilities.regularUser.UserName,
Roles = new [] { UserRoles.RegularUser, UserRoles.UserManager }
};
var httpResponse = _client.PutAsync($"{_baseUri}/{FakeDbUtilities.regularUser.Id}", ContentHelper.GetStringContent(request)).Result;
httpResponse.StatusCode.Should().Be(StatusCodes.Status200OK);
}
