public ActionResult Modify(ModifyRequestDto request) { if (!ModelState.IsValid) { return(BadRequest("Invalid Request")); } //检查token权限 var isAdmin = false; var user = _authService.ParsingClaims(HttpContext.User.Claims, out var roles); if (roles.Contains("admin")) { isAdmin = true; } if ((request.UserName != user || request.Role.ToLower().Contains("admin")) && !isAdmin) { return(BadRequest("非授权用户,无法修改")); } if (_authService.ModifyUserData(request, isAdmin) is null) { return(BadRequest("修改失败,检查修改信息")); } return(Ok("修改成功")); }
public UserModel ModifyUserData(ModifyRequestDto requestDto, bool isAdmin) { //rsa解密 var oldCode = SecurityRsa.Decrypt(requestDto.OldPassword); var code = SecurityRsa.Decrypt(requestDto.Password); if (oldCode is null || code is null) { return(null); } //查找用户 var user = _context.User.Find(requestDto.UserName); if (user is null || (user.Password != SecurityAes.Encrypt(oldCode) && !isAdmin)) { return(null); } user.Email = requestDto.Email; user.Password = SecurityAes.Encrypt(code); user.Role = requestDto.Role.ToLower(); _context.User.Update(user); _context.SaveChanges(); return(user); }