public ActionResult <AccountResponseViewModel> Update(int id, UpdateRequestViewModel model)
{
// users can update their own account and admins can update any account
if (id != Account.Id && Account.Role != Role.Admin)
{
return(Unauthorized(new { message = "Unauthorized" }));
}
// only admins can update role
if (Account.Role != Role.Admin)
{
model.Role = null;
}
var account = _accountService.UpdateUser(id, model);
return(Ok(account));
}
