public ActionResult Modify(ModifyRequestDto request)
{
if (!ModelState.IsValid)
{
return(BadRequest("Invalid Request"));
}
//检查token权限
var isAdmin = false;
var user = _authService.ParsingClaims(HttpContext.User.Claims, out var roles);
if (roles.Contains("admin"))
{
isAdmin = true;
}
if ((request.UserName != user || request.Role.ToLower().Contains("admin")) && !isAdmin)
{
return(BadRequest("非授权用户,无法修改"));
}
if (_authService.ModifyUserData(request, isAdmin) is null)
{
return(BadRequest("修改失败,检查修改信息"));
}
return(Ok("修改成功"));
}
public UserModel ModifyUserData(ModifyRequestDto requestDto, bool isAdmin)
{
//rsa解密
var oldCode = SecurityRsa.Decrypt(requestDto.OldPassword);
var code = SecurityRsa.Decrypt(requestDto.Password);
if (oldCode is null || code is null)
{
return(null);
}
//查找用户
var user = _context.User.Find(requestDto.UserName);
if (user is null || (user.Password != SecurityAes.Encrypt(oldCode) && !isAdmin))
{
return(null);
}
user.Email = requestDto.Email;
user.Password = SecurityAes.Encrypt(code);
user.Role = requestDto.Role.ToLower();
_context.User.Update(user);
_context.SaveChanges();
return(user);
}
