public IActionResult Edit(string id) { UserAccount selfUser = ProfileBuilder.FromPrincipal(User); UserAccount inspectedUser = ProfileBuilder.FromId(id); if (inspectedUser == null) { return(NotFound()); } if (!selfUser.Permissions.HasFlag(GlobalPermissions.ManageUsers) && selfUser.ID != inspectedUser.ID) { return(Forbid()); } return(View(inspectedUser)); }
/// <summary> /// Returns the currently authenticated user. Returns a guest user if the no one is logged in. /// </summary> public UserAccount GetCurrentUser() => ProfileBuilder.FromPrincipal(User);