public async Task <User> createUser(Int64 tokenId, string email, string displayName, string password, int role) { var token = await quickGetToken(tokenId); var userRole = new UserRole(token.User.RawRole); if (!userRole.IsAdmin) { throw AutoApiError.Unauthorised(); } if (string.IsNullOrWhiteSpace(email)) { throw AutoApiError.InvalidParam("email"); } if (string.IsNullOrWhiteSpace(password)) { throw AutoApiError.InvalidParam("password"); } if (!UserRole.RoleIsValid(role)) { throw AutoApiError.InvalidParam("role"); } try { var user = await UserTasks.CreateUserAsync(_context, token, email, displayName, password, role); if (user == null) { throw AutoApiError.ServerError("Create user failed unexpectedly."); } return(user.CloneForExport()); } catch (Exception ex) { if (ex.Message == "Unauthorised") { throw AutoApiError.Unauthorised(); } throw; } }
private async Task <Post> ChangePostAsync(Int64 tokenId, int postId, Action <Post, bool> callback) { var token = await quickGetToken(tokenId); var role = new UserRole(token.User.RawRole); var post = await(from p in _context.posts where p.Id == postId select p).FirstOrDefaultAsync(); if (post == null) { throw AutoApiError.NotFound(); } bool mayChange = (post.UserId != null && post.UserId == token.UserId) || role.IsAdmin; if (!mayChange) { throw AutoApiError.Unauthorised(); } try { callback(post, role.IsAdmin); } catch (Exception ex) { if (ex is AutoApiError) { throw; } throw AutoApiError.ServerError(ex.Message); } post.Modified = DateTime.Now; _context.Update(post); await _context.SaveChangesAsync(); return(post.CloneForExport()); }