public async Task CheckValidityAsync(CallContext callContext) { if (LoggedUserId != UserToDeleteId) { await QueryValidationHelper.CheckUserExistsAndIsAdminAsync(callContext.DbContext, LoggedUserId, callContext.RoleChecker); } await QueryValidationHelper.CheckUserExistsAsync(callContext.DbContext, UserToDeleteId); var userToDelete = await callContext.DbContext.Users.AsNoTracking().SingleAsync(user => user.Id == UserToDeleteId); if (await callContext.RoleChecker.UserIsAdminAsync(userToDelete)) { //Additional security: forbid deleting an admin account throw new InvalidOperationException("User to delete is admin"); } }
public async Task CheckValidityAsync(CallContext callContext) { await QueryValidationHelper.CheckUserExistsAndIsAdminAsync(callContext.DbContext, UserId, callContext.RoleChecker); }