public IHandlerBuilder Create(Account account, IRequest request)
{
EnsureAdmin(request);
using var context = Database.Create();
account.Password = AccessControl.Hash(account.Password);
account.Active = true;
account.Created = DateTime.UtcNow;
account.Modified = DateTime.UtcNow;
context.Accounts.Add(account);
context.SaveChanges();
return(Redirect.To($"/accounts/", true));
}
public IHandlerBuilder?Edit([FromPath] int id, Account account, IRequest request)
{
var user = AccessControl.GetAccount(request);
if (!user.Admin && !(user.ID == id))
{
throw new ProviderException(ResponseStatus.Forbidden, "Your are not allowed to edit this user.");
}
using var context = Database.Create();
var existing = context.Accounts
.Where(c => c.ID == id)
.FirstOrDefault();
if (existing == null)
{
return(null);
}
existing.Name = account.Name.Trim();
existing.DisplayName = account.DisplayName.Trim();
if (user.Admin)
{
existing.Admin = account.Admin;
}
if (!string.IsNullOrEmpty(account.Password))
{
existing.Password = AccessControl.Hash(account.Password);
}
existing.Modified = DateTime.UtcNow;
context.SaveChanges();
return(Redirect.To($"{{controller}}/details/{id}/", true));
}