/// <summary> /// only super user and admin can rolled change role , contaccess via access policy set in controller /// </summary> /// <param name="user"></param> /// <param name="loggedInUserRoleId"></param> /// <param name="userId"></param> /// <returns></returns> public UserModel UpdateUser(UserModel user, string loggedInUserRoleId, string userId) { if (Convert.ToInt32(loggedInUserRoleId) != 0) { if (Convert.ToInt32(loggedInUserRoleId) >= user.RoleId) { user.UserId = -2; return(user); } } return(dal.UpdateUser(user)); }