public async Task <IActionResult> PatchUser( [FromServices] IUserRepository userRepository, [FromServices] IEntityRepository entityRepository, string id, [FromBody] JsonPatchDocument <User> userPatch) { var currentUser = HttpContext.User; var userEntity = currentUser.Claims.FirstOrDefault(c => c.Type == ClaimTypes.PrimaryGroupSid).Value; var user = await userRepository.FindByIdAsync(id); if (user == null) { return(BadRequest()); } if (!currentUser.IsInRole("root") && !currentUser.IsInRole("admin") || (currentUser.IsInRole("admin") && userEntity != user.EntityList[0])) { return(Unauthorized()); } var oldRole = user.Role; userPatch.ApplyTo(user); if (!_validation.Validate(user)) { return(BadRequest()); } if (oldRole != user.Role) { if (user.Role == "admin") { await entityRepository.AddAdminToAdminList(user.Email, user.EntityList[0]); } if (oldRole == "admin") { await entityRepository.RemoveAdminFromAdminList(user.Email, user.EntityList[0]); } } await userRepository.ReplaceOneAsync(id, user); return(NoContent()); }