public async Task <ActionResult> Edit(string id, EditMemberViewModel model)
{
if (!ModelState.IsValid)
{
return(View("Error"));
}
// TODO: add security (user with lower rank cannot change user with higher rank)
string clubRankName = ClubRolesFactory.GetName(ClubRolesFactory.GetId(model.ClubRank)); // verify if rank from form is "real"
ApplicationUser user = await _userManager.FindByIdAsync(id);
#region GetUserClubRank
IList <Claim> claim = await _userManager.GetClaimsAsync(user);
Claim[] userClaim = claim.Where(u => u.Type == "ClubRank").ToArray();
if (userClaim != null && userClaim.Length > 0 && userClaim[0].Value.Length > 0)
{
await _userManager.ReplaceClaimAsync(user, userClaim[0], new Claim("ClubRank", clubRankName));
}
else
{
await _userManager.AddClaimAsync(user, new Claim("ClubRank", clubRankName));
}
#endregion
return(RedirectToAction("Index"));
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MinimumClubRankRequirement requirement)
{
if (context.User.IsInRole("Administrator"))
{
context.Succeed(requirement);
}
if (!context.User.HasClaim(c => c.Type == "ClubRank"))
{
return(Task.CompletedTask);
}
try
{
string rankName = context.User.FindFirst(c => c.Type == "ClubRank").Value;
if (requirement.GetMinimumRank() == ClubRolesFactory.GetId(rankName) || (int)requirement.GetMinimumRank() >= (int)ClubRolesFactory.GetId(rankName))
{
context.Succeed(requirement);
}
} catch { }
return(Task.CompletedTask);
}