public void Edit_NonExistingUser_ThrowsNonExistingUserException()
{
var user = new User {
Id = 1
};
var getUserData = new Mock <IGetUserData>();
getUserData.Setup(x => x.GetDataWithoutArtworks(user.Id)).Returns((User)null);
var sut = new PatchUser(getUserData.Object, _sqlBuilder.Object, _sqlQuery.Object);
Assert.That(() => sut.Edit(user), Throws.Exception.TypeOf <NonExistingUserException>());
}
public void Edit_NoChangesToUser_ReturnsSameUser()
{
var user = new User {
Id = 1
};
var getUserData = new Mock <IGetUserData>();
getUserData.Setup(x => x.GetDataWithoutArtworks(user.Id)).Returns(user);
var sut = new PatchUser(getUserData.Object, _sqlBuilder.Object, _sqlQuery.Object);
var result = sut.Edit(user);
Assert.That(result, Is.EqualTo(user));
}
public async Task <IHttpActionResult> Patch(string id, PatchUser patchUser)
{
var userId = User.Identity.GetUserId();
var roles = await _usrMgr.GetRolesAsync(userId);
if (!(roles.Contains(Roles.UserManager) ||
roles.Contains(Roles.Admin)))
{
// User can only update themselves
if (userId != id)
{
ModelState.AddModelError("userId", "Permission denied");
}
// Users cannot change their roles
if (patchUser.Roles != null)
{
patchUser.Roles = new List <string>
{
"User"
};
}
}
var targetRoles = await _usrMgr.GetRolesAsync(id);
if (roles.Contains(Roles.UserManager))
{
// User manager cannot change admin
// User manager cannot upgrade anybody to admin
if (targetRoles.Contains(Roles.Admin) ||
patchUser.Roles != null && patchUser.Roles.Contains(Roles.Admin))
{
ModelState.AddModelError("userId", "Permission denied");
}
}
IdentityResult result = null;
if (ModelState.IsValid)
{
var usr = await _usrMgr.FindByIdAsync(id);
if (!string.IsNullOrEmpty(patchUser.Password))
{
result = await _usrMgr.RemovePasswordAsync(id);
if (result.Succeeded)
{
result = await _usrMgr.AddPasswordAsync(id, patchUser.Password);
}
}
if (result == null || result.Succeeded)
{
if (patchUser.Roles != null)
{
var currRoles = await _usrMgr.GetRolesAsync(id);
result = await _usrMgr.RemoveFromRolesAsync(id, currRoles.ToArray());
if (result.Succeeded)
{
result = await _usrMgr.AddToRolesAsync(id, patchUser.Roles.ToArray());
}
}
}
if (result == null || result.Succeeded)
{
return(Ok(
new UserWithId
{
Id = id,
UserName = usr.UserName,
Roles = _usrMgr.GetRoles(id).ToList()
}));
}
}
if (result != null)
{
foreach (var err in result.Errors)
{
if (err.IndexOf("password", StringComparison.OrdinalIgnoreCase) >= 0)
{
ModelState.AddModelError("user.Password", err);
}
else if (err.IndexOf("username", StringComparison.OrdinalIgnoreCase) >= 0)
{
ModelState.AddModelError("user.UserName", err);
}
else
{
ModelState.AddModelError("user", err);
}
}
}
return(BadRequest(ModelState));
}
