public async Task CheckValidityAsync(CallContext callContext)
{
if (LoggedUserId != UserToDeleteId)
{
await QueryValidationHelper.CheckUserExistsAndIsAdminAsync(callContext.DbContext, LoggedUserId, callContext.RoleChecker);
}
await QueryValidationHelper.CheckUserExistsAsync(callContext.DbContext, UserToDeleteId);
var userToDelete = await callContext.DbContext.Users.AsNoTracking().SingleAsync(user => user.Id == UserToDeleteId);
if (await callContext.RoleChecker.UserIsAdminAsync(userToDelete))
{
//Additional security: forbid deleting an admin account
throw new InvalidOperationException("User to delete is admin");
}
}
public async Task CheckValidityAsync(CallContext callContext)
{
await QueryValidationHelper.CheckUserExistsAndIsAdminAsync(callContext.DbContext, UserId, callContext.RoleChecker);
}
