public async void BtnConfirmUserDelete_ClickAsync(bool isDeleteConfirmed)
{
if (!isDeleteConfirmed)
{
SetButtonStates(ButtonState.Enabled);
_userWaitingForDeleteConfirmation = null;
StateHasChanged();
return;
}
var editResponse = await AdminService.DeleteUserAsync(_userWaitingForDeleteConfirmation);
var usersToEditbyAdminResponse = await AdminService.GetAllUsersAsync();
Users = usersToEditbyAdminResponse.Result;
if (editResponse.IsError || usersToEditbyAdminResponse.IsError)
{
SetButtonStates(ButtonState.Enabled);
await Main.PromptMessageAsync(PromptType.Error, editResponse.Message ?? usersToEditbyAdminResponse.Message);
_userWaitingForDeleteConfirmation = null;
StateHasChanged();
return;
}
SetButtonStates(ButtonState.Enabled);
await Main.PromptMessageAsync(PromptType.Success, editResponse.Message);
_userWaitingForDeleteConfirmation = null;
StateHasChanged();
}
public void BtnDeleteUser_ClickAsync(FindUserVM userToDelete)
{
SetButtonStates(ButtonState.Disabled);
_btnDeleteUserStates[userToDelete.Id] = ButtonState.Loading;
ConfirmationDialog_DeleteUser.Show($"Are you sure you want to delete User \"{userToDelete.UserName}\"?");
_userWaitingForDeleteConfirmation = Mapper.Map(userToDelete, new AdminEditUserVM());
}
public void EditUser(AdminEditUserVM model)
{
Student student = this.Context.Students.Find(model.Id);
student.User.Name = model.Name;
student.User.Birthdate = model.BirthDate;
student.User.Email = model.Email;
this.Context.SaveChanges();
}
public ActionResult EditUser(AdminEditUserVM model)
{
if (ModelState.IsValid)
{
this.service.EditUser(model);
return(this.RedirectToAction("Index"));
}
AdminEditUserVM vm = service.GetEditUserVM(model.Id);
return(this.View(vm));
}
public AdminEditUserVM GetEditUserVM(int id)
{
Student student = this.Context.Students.Find(id);
//AdminEditUserVM vm = Mapper.Map<Student, AdminEditUserVM>(student);
AdminEditUserVM vm = new AdminEditUserVM();
vm.Id = student.Id;
vm.Name = student.User.Name;
vm.Email = student.User.Email;
vm.BirthDate = student.User.Birthdate;
return(vm);
}
public async Task <ApiResponse <AdminEditUserVM> > DeleteUserAsync(AdminEditUserVM userToDelete)
{
try
{
var authUser = (await _accountService.GetAuthenticatedUserAsync())?.Result;
return(await _httpClient.PostJTokenAsync <ApiResponse <AdminEditUserVM> >("api/admin/deleteuser", new
{
AuthenticatedUser = authUser,
UserToDelete = userToDelete
}));
}
catch (Exception ex)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status500InternalServerError, "API threw an exception while deleting User", null, null, ex));
}
}
public async Task <IActionResult> EditUser(AdminEditUserVM userVM)
{
try
{
if (!ModelState.IsValid)
{
throw new Exception("Please check all fields and then try again.");
}
var result = await _service.EditUser(userVM);
if (result.ErrorMessage == null)
{
return(Ok(result));
}
throw new Exception(result.ErrorMessage);
}
catch (Exception ex)
{
return(BadRequest(ex.Message));
}
}
public async Task <ApiResponse <AdminEditUserVM> > EditUserAsync(AdminEditUserVM userToEdit)
{
try
{
var authUser = (await _accountService.GetAuthenticatedUserAsync())?.Result;
var editUserResp = await _httpClient.PostJTokenAsync <ApiResponse <AdminEditUserVM> >("api/admin/edituser", new
{
AuthenticatedUser = authUser,
UserToEdit = userToEdit
});
if (editUserResp.IsError || editUserResp.Result?.Ticket == null)
{
return(editUserResp);
}
if (authUser?.RememberMe == true)
{
await _jsRuntime.InvokeVoidAsync("Cookies.set", "Ticket", editUserResp.Result.Ticket, new { expires = 365 * 24 * 60 * 60 });
await _localStorage.SetItemAsync("Ticket", editUserResp.Result.Ticket);
}
else
{
await _jsRuntime.InvokeVoidAsync("Cookies.set", "Ticket", editUserResp.Result.Ticket);
await _localStorage.RemoveItemAsync("Ticket");
}
return(editUserResp);
}
catch (Exception ex)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status500InternalServerError, "API threw an exception while editing User", null, null, ex));
}
}
public async Task <AdminUserDetailsVM> EditUser(AdminEditUserVM user)
{
try
{
var admin = await _userManager.FindByIdAsync(user.AdminId);
if (admin == null)
{
throw new Exception("Cannot find the active user.");
}
var adminResult = await _userManager.VerifyUserTokenAsync(admin, "Default", "authentication-backend", user.AdminToken);
if (!adminResult)
{
throw new Exception("Cannot verify the active user.");
}
var original = await _userManager.FindByIdAsync(user.User.UserId);
if (original == null)
{
throw new Exception("User does not exist in database.");
}
original.UserName = user.User.UserName;
original.FirstName = user.User.FirstName;
original.LastName = user.User.LastName;
original.Age = user.User.Age;
original.Email = user.User.Email;
// This checks whether the IsAdmin was changed or not, and if it was it changes the role corresponding to the change.
_ = user.User.IsAdmin != original.IsAdmin && user.User.IsAdmin == true
? await _userManager.AddToRoleAsync(original, "Administrator")
: user.User.IsAdmin != original.IsAdmin && user.User.IsAdmin == false
? await _userManager.RemoveFromRoleAsync(original, "Administrator") : null;
original.IsAdmin = user.User.IsAdmin;
var result = await _userManager.UpdateAsync(original);
if (result.Succeeded)
{
AdminUserDetailsVM resultVM = new AdminUserDetailsVM
{
AdminId = admin.Id,
User = user.User,
FrontEndToken = VerificationToken(),
AdminToken = await UserToken(admin)
};
return(resultVM);
}
else
{
throw new Exception(result.Errors.ToString());
}
}
catch (Exception ex)
{
AdminUserDetailsVM resultVM = new AdminUserDetailsVM
{
ErrorMessage = ex.Message
};
return(resultVM);
}
}
public async Task <ApiResponse <AdminEditUserVM> > DeleteUserAsync(AuthenticateUserVM authenticatedUser, AdminEditUserVM userToDelete)
{
try
{
if (authenticatedUser == null || !authenticatedUser.IsAuthenticated || !authenticatedUser.HasRole("Admin"))
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status401Unauthorized, "You are not Authorized to Delete Users", null));
}
if (authenticatedUser.Id == userToDelete.Id)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status401Unauthorized, "You can't Delete yourself", null));
}
if (userToDelete.Id == default)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, "Id for the User was not supplied, as it is done automatically it should never happen", null));
}
var user = await _userManager.FindByIdAsync(userToDelete.Id.ToString());
if (user == null)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"User with Id: \"{userToDelete.Id}\" was not found, it should never happen", null));
}
var deleteUserResponse = await _userManager.DeleteAsync(user);
if (!deleteUserResponse.Succeeded)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Deleting User with Id: \"{userToDelete.Id}\" Failed. ({deleteUserResponse.FirstError()})", null));
}
userToDelete.IsDeleted = true;
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status201Created, $"Successfully Deleted User: \"{userToDelete.UserName}\"", null, userToDelete));
}
catch (Exception ex)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status500InternalServerError, "Deleting User Failed", null, null, ex));
}
}
public async Task <ApiResponse <AdminEditUserVM> > AddUserAsync(AuthenticateUserVM authUser, AdminEditUserVM userToAdd)
{
try
{
if (authUser == null || !authUser.IsAuthenticated || !authUser.HasRole("Admin"))
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status401Unauthorized, "You are not Authorized to Add Users", null));
}
var user = new User
{
UserName = userToAdd.UserName,
Email = userToAdd.Email,
EmailConfirmed = userToAdd.IsConfirmed,
};
var addUserResp = await _userManager.CreateAsync(user);
if (!addUserResp.Succeeded)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Adding User \"{userToAdd.UserName}\" Failed. ({addUserResp.FirstError()})", null));
}
if (!userToAdd.Password.IsNullOrWhiteSpace())
{
user = await _db.Users.SingleOrDefaultAsync(u => u.UserName.ToLower() == userToAdd.UserName.ToLower());
user.PasswordHash = _passwordHasher.HashPassword(user, userToAdd.Password); // use db directly to override identity constraints, we are admin after all here
await _db.SaveChangesAsync();
}
var addRolesResp = await _userManager.AddToRolesAsync(user, userToAdd.Roles.Select(r => r.Name));
if (!addRolesResp.Succeeded)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Adding User \"{userToAdd.UserName}\" Succeeded, but modifying Roles Failed. ({addRolesResp.FirstError()})", null));
}
var addClaimsResp = await _userManager.AddClaimsAsync(user, userToAdd.Claims.Select(c => new Claim(c.Name, c.Values.First().Value))); // we don't consider values for simplicity sake so we can tak any (first) available
if (!addClaimsResp.Succeeded)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Editing User with Id: \"{userToAdd.Id}\" Succeeded, but modifying Claims Failed. ({addClaimsResp.FirstError()})", null));
}
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status201Created, $"Successfully Added User: \"{userToAdd.UserName}\"", null, userToAdd));
}
catch (Exception ex)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status500InternalServerError, "Adding User Failed", null, null, ex));
}
}
public async Task <ApiResponse <AdminEditUserVM> > EditUserAsync(AuthenticateUserVM authenticatedUser, AdminEditUserVM userToEdit)
{
try
{
if (authenticatedUser == null || !authenticatedUser.IsAuthenticated || !authenticatedUser.HasRole("Admin"))
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status401Unauthorized, "You are not Authorized to Edit Users", null));
}
if (userToEdit.Id == authenticatedUser.Id && !userToEdit.HasRole("Admin"))
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status401Unauthorized, "You can't remove \"Admin\" Role from your own Account", null));
}
if (userToEdit.Id == default)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, "Id for the User was not supplied, as it is done automatically it should never happen", null));
}
var user = await _db.Users.SingleOrDefaultAsync(u => u.Id == userToEdit.Id);
if (user == null)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"User with Id: \"{userToEdit.Id}\" was not found, it should never happen", null));
}
user.Email = userToEdit.Email.IsNullOrWhiteSpace() ? user.Email : userToEdit.Email;
user.UserName = userToEdit.UserName.IsNullOrWhiteSpace() ? user.UserName : userToEdit.UserName;
user.EmailConfirmed = userToEdit.IsConfirmed;
var updateuserResp = await _userManager.UpdateAsync(user);
if (!updateuserResp.Succeeded)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Editing User with Id: \"{userToEdit.Id}\" Failed", updateuserResp.Errors.ToLookup(userToEdit.GetPropertyNames())));
}
if (!userToEdit.Password.IsNullOrWhiteSpace() && _passwordHasher.VerifyHashedPassword(user, user.PasswordHash, userToEdit.Password) != PasswordVerificationResult.Success) // if admin changed password to a new one
{
user.PasswordHash = _passwordHasher.HashPassword(user, userToEdit.Password);
await _db.SaveChangesAsync();
if (userToEdit.Id == authenticatedUser.Id)
{
userToEdit.Ticket = await _accountManager.GenerateLoginTicketAsync(user.Id, user.PasswordHash, authenticatedUser.RememberMe);
}
}
var removeRolesResp = await _userManager.RemoveFromRolesAsync(user, await _userManager.GetRolesAsync(user));
var editRolesResp = await _userManager.AddToRolesAsync(user, userToEdit.Roles.Select(r => r.Name));
if (!removeRolesResp.Succeeded || !editRolesResp.Succeeded)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Editing User with Id: \"{userToEdit.Id}\" Succeeded, but modifying Roles Failed. ({(!removeRolesResp.Succeeded ? removeRolesResp.FirstError() : editRolesResp.FirstError())})", null));
}
var removeClaimsResp = await _userManager.RemoveClaimsAsync(user, await _userManager.GetClaimsAsync(user));
var editClaimsResp = await _userManager.AddClaimsAsync(user, userToEdit.Claims.Select(c => new Claim(c.Name, c.Values.First().Value))); // we don't consider values for simplicity sake so we can tak any (first) available
if (!removeClaimsResp.Succeeded || !editClaimsResp.Succeeded)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status400BadRequest, $"Editing User with Id: \"{userToEdit.Id}\" Succeeded, but modifying Claims Failed. ({(!removeClaimsResp.Succeeded ? removeClaimsResp.FirstError() : editClaimsResp.FirstError())})", null));
}
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status201Created, $"Successfully Modified User: \"{userToEdit.UserName}\"", null, userToEdit));
}
catch (Exception ex)
{
return(new ApiResponse <AdminEditUserVM>(StatusCodeType.Status500InternalServerError, "Updating User Failed", null, null, ex));
}
}
public ActionResult EditUser(int id)
{
AdminEditUserVM vm = service.GetEditUserVM(id);
return(this.View(vm));
}
