public IHttpActionResult EditAccount(int id,UserDetailDTO Account) { if (Account == null) { return BadRequest(ModelState); } var currentUser = Db.Users.SingleOrDefault(u => u.Username.Equals(User.Identity.Name, StringComparison.OrdinalIgnoreCase)); if (User.Identity == null || !User.Identity.IsAuthenticated) { return ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "User are not login!")); } else if (currentUser.Id != id || currentUser.Id != Account.Id) { return ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Not permision to modify")); } var updateUser = Db.Users.SingleOrDefault(u => u.Id == id); if (updateUser == null) { return ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User not found!")); } updateUser.FirstName = Account.FirstName; updateUser.LastName = Account.LastName; updateUser.Gender = Account.Gender; updateUser.PhoneNumber = Account.PhoneNumber; updateUser.Address = Account.Address; Db.SaveChanges(); return Ok("Your Profile has been updated!"); }
public IHttpActionResult GetCurrentAccount() { if (User.Identity == null || !User.Identity.IsAuthenticated) { return ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "User are not login!")); } var currentUser = Db.Users.SingleOrDefault(u => u.Username.Equals(User.Identity.Name, StringComparison.OrdinalIgnoreCase)); if (currentUser == null) { return ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Some thing fail!")); } var userDTO = new UserDetailDTO { Id = currentUser.Id, Username = currentUser.Username, FirstName = currentUser.FirstName, LastName = currentUser.LastName, Gender = currentUser.Gender, Email = currentUser.Email, PhoneNumber = currentUser.PhoneNumber, Address = currentUser.Address }; return Ok(userDTO); }