/// <summary>
/// Create new entity
/// </summary>
public User Post(User user)
{
using (var scope = Scope("Post"))
{
// authorize
AuthProvider.Authorize(Permission.User_Management); // throws UnauthenticatedException or we have CurrentUser after this
// prepare
Helper.Expect(user);
user.UserName = user.Email;
// only Admin can set roles other than User
if (!AuthProvider.HasPermission(Permission.User_Management_SetRole) && user.Role != RoleType.User)
{
throw new ValidationException("Role cannot be set.", false);
}
// validate
Helper.ValidateModel(user, true);
// process
var entity = user.ToEntity();
UserManager.Add(entity);
return(scope.Complete(
() => new User(entity),
t => $"User has been created with Id={t.UserId}."
));
}
}
/// <summary>
/// Since our Login page is an Angular template we are in an AJAX/REST call
/// Instead of ActionResult (Redirect/View) we will return WebApiSimpleResult and process on client side
/// </summary>
public void Post(RegisterData model)
{
// but we don't need transaction scope here, since we have an atomic operation only (CreateAsync)
using (var scope = Scope("Post"))
{
// prepare
Helper.Expect(model);
// validate
Helper.ValidateModel(model, true);
// process
var user = new BusinessEntities.Users.User(
null,
model.FirstName,
model.LastName,
model.Email,
model.Email,
model.Password,
BikeRentals.Security.Principals.RoleType.User,
false
);
UserManager.Add(user);
//await SignInManager.Value.SignInAsync(user, isPersistent: false, rememberBrowser: false); - do not login
scope.Complete(() => $"User created with Id={user.UserId}.");
}
}
