public async Task <ActionResult> UpdateUserAsync(string userId, UserWithRolesUpdateRequest request) { var isCurrentUserAdmin = HttpContext.IsCurrentUserAdmin(); var result = await _userService.UpdateUserAsync(userId, request, isCurrentUserAdmin); return(StatusCode(StatusCodes.Status200OK, result)); }
public async Task <UserWithRolesDto> UpdateUserAsync(string userId, UserWithRolesUpdateRequest request, bool isCurrentUserAdmin) { if (!isCurrentUserAdmin && request.Roles != null && request.Roles.Contains(UserRoles.Admin)) { throw new JoggingTrackerForbiddenException(ErrorMessages.Forbidden); } await UpdateUserAsync(userId, request, request.Roles); return(await GetUserWithRolesAsync(userId, isCurrentUserAdmin)); }
public void UpdateUser_AdminUserIsUpdated_UserMangerRequests_ThrowException() { var seedUsers = FakeDbUtilities.SeedUsers; var token = GetUserManagerAuthToken(); _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); UserWithRolesUpdateRequest request = new UserWithRolesUpdateRequest() { UserName = "******" }; var httpResponse = _client.PutAsync($"{_baseUri}/{FakeDbUtilities.adminUser.Id}", ContentHelper.GetStringContent(request)).Result; httpResponse.StatusCode.Should().Be(StatusCodes.Status403Forbidden); }
public void UpdateUser_PromotesRegularUserToUserManager_ReturnsOk() { var seedUsers = FakeDbUtilities.SeedUsers; var token = GetUserManagerAuthToken(); _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); UserWithRolesUpdateRequest request = new UserWithRolesUpdateRequest() { UserName = FakeDbUtilities.regularUser.UserName, Roles = new [] { UserRoles.RegularUser, UserRoles.UserManager } }; var httpResponse = _client.PutAsync($"{_baseUri}/{FakeDbUtilities.regularUser.Id}", ContentHelper.GetStringContent(request)).Result; httpResponse.StatusCode.Should().Be(StatusCodes.Status200OK); }