[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks public async Task <IActionResult> Edit(string id, PutUserModel putUserModel) { try { AuthorizeHelper.Authorize(this.HttpContext, "Administrator", this.GetType().Name, "Edit", "user"); var userId = HttpContext.Session.GetString("_Id"); var user = await _moviemindAPIService.GetModel <GetUserModel>(userId, "users"); if (user.Id == Guid.Parse(id) || HttpContext.User.IsInRole("Editor")) { if (ModelState.IsValid) { await _moviemindAPIService.PutModel <PutUserModel>(id, putUserModel, "users"); return(RedirectToRoute(new { action = "Index", controller = "Users" })); } return(View(putUserModel)); } else { return(RedirectToRoute(new { action = "Index", controller = "Users" })); } } catch (MovieMindException e) { return(ErrorHelper.HandleError(e, this.View(putUserModel))); } }
public void PutAUserWithExistingUserPasses() { var mock = new Mock <IUserRepository>(); var username = "******"; var email = "*****@*****.**"; var id = 1; var putUserModel = new PutUserModel { Username = username, Active = true, EmailAddress = email }; var userModel = new UserModel { Id = id, PassWord = "******", UserName = "******", Active = true, Created = new DateTime(), EmailAddress = "*****@*****.**", Updated = new DateTime() }; mock.Setup(e => e.CheckIfIdExists(id)).Returns(true); mock.Setup(e => e.CheckIfUserExists(username)).Returns(false); mock.Setup(e => e.CheckIfEmailExists(email)).Returns(false); mock.Setup(e => e.GetSingleUser(id)).Returns(userModel); var service = new UsersLogic(mock.Object); service.UpdateAUser(id, putUserModel); mock.Verify(x => x.Update(It.IsAny <UserModel>()), Times.Exactly(1)); }
public void UpdateAUser(int id, PutUserModel user) { var userExists = _userRepository.CheckIfIdExists(id); if (!userExists) { throw new HttpNotFoundException( $"Unable to patch user because it does not exist, id provided was: {id}"); } var userToUpdate = _userRepository.GetSingleUser(id); if (user.EmailAddress != null) { CheckIfEmailExists(user.EmailAddress); userToUpdate.EmailAddress = user.EmailAddress; } if (user.Username != null) { CheckIfUserExists(user.Username); userToUpdate.UserName = user.Username; } if (!user.Active) { userToUpdate.Active = false; } userToUpdate.Updated = DateTime.UtcNow; _userRepository.Update(userToUpdate); }
public async Task <IActionResult> Edit(string id) { try { AuthorizeHelper.Authorize(this.HttpContext, "Administrator", this.GetType().Name, "Edit", "user"); GetUserModel getUserModel = await _moviemindAPIService.GetModel <GetUserModel>(id, "users"); PutUserModel putUserModel = new PutUserModel { FirstName = getUserModel.FirstName, LastName = getUserModel.LastName, Email = getUserModel.Email, Roles = getUserModel.Roles }; return(View(putUserModel)); } catch (MovieMindException e) { return(ErrorHelper.HandleError(e)); } }
public async Task <IActionResult> PutUser(string id, PutUserModel putUserModel) { try { if (!Guid.TryParse(id, out Guid userId)) { throw new GuidException("Invalid id", this.GetType().Name, "PutUser", "400"); } await _userRepository.PutUser(id, putUserModel); return(NoContent()); } catch (MovieMindException e) { if (e.MovieMindError.Status.Equals("404")) { return(NotFound(e.MovieMindError)); } else { return(BadRequest(e.MovieMindError)); } } }
public IActionResult Update([FromQuery] int id, [FromBody] PutUserModel user) { _usersLogic.UpdateAUser(id, user); return(new NoContentResult()); }
public async Task PutUser(string id, PutUserModel putUserModel) { if (_user.Claims.Where(x => x.Type.Contains("role")).Count() == 1 && _user.IsInRole("Guest") && _user.Identity.Name != id.ToString()) { throw new ForbiddenException("No access to change this users data", this.GetType().Name, "PutUser", "403"); } try { if (putUserModel.Roles == null) { throw new IdentityException("User must have at least one role", this.GetType().Name, "PutUser", "400"); } User user = await _context.Users.FirstOrDefaultAsync(x => x.Id == Guid.Parse(id)); if (user == null) { throw new EntityException("User not found", this.GetType().Name, "PutUser", "404"); } user.FirstName = putUserModel.FirstName; user.LastName = putUserModel.LastName; user.Email = putUserModel.Email; IdentityResult result = await _userManager.UpdateAsync(user); if (!result.Succeeded) { string description = result.Errors.First().Description; if (description.Contains("is already taken")) { description = "This email is already registered"; } throw new IdentityException(description, this.GetType().Name, "PutUser", "400"); } else { await _userManager.RemoveFromRolesAsync(user, await _userManager.GetRolesAsync(user)); await _userManager.AddToRolesAsync(user, putUserModel.Roles); } } catch (MovieMindException) { throw; } catch (Exception e) { if (e.GetType().Name.Equals("InvalidOperationException")) { throw new IdentityException(e.Message, this.GetType().Name, "PutUser", "400"); } throw new DatabaseException(e.InnerException.Message, this.GetType().Name, "PutUser", "400"); } }