private async Task <bool> UpdateRoleAsync(UserDAO user) { var currentUserName = _requestContext.GetCurrentUserName(); var newRoles = Input.Roles .Where(role => role.HasRole) .Select(role => role.Name) .ToList(); var currentRoles = await _userManager.GetRolesAsync(user); var rolesToRemove = currentRoles.Where(r => !newRoles.Contains(r)).ToList(); var rolesToAdd = newRoles.Where(r => !currentRoles.Contains(r)).ToList(); if (rolesToRemove.Count > 0) { // don't allow remove super users from Admin role if (_identityLogic.IsSuperAdminUser(user.UserName) && rolesToRemove.Contains(RoleType.Administrator)) { ModelState.AddModelError(string.Empty, $"User {user.UserName} is super admin, you don't have permission to remove it from {RoleType.Administrator} role."); return(false); } var removeRolesResult = await _userManager.RemoveFromRolesAsync(user, rolesToRemove); if (!removeRolesResult.Succeeded) { var errors = AddToModelStateErrors(removeRolesResult); _logger.LogInformation("{@User} failed when removed {@UserName} from role(s) {@Roles}, Errors {@Errors}.", currentUserName, user.UserName, string.Join(',', rolesToRemove), errors); return(false); } } if (rolesToAdd.Count > 0) { var addRolesResult = await _userManager.AddToRolesAsync(user, rolesToAdd); if (!addRolesResult.Succeeded) { var errors = AddToModelStateErrors(addRolesResult); _logger.LogInformation("{@User} failed when added {@UserName} to role(s) {@Roles}, Errors {@Errors}.", currentUserName, user.UserName, string.Join(',', rolesToAdd), errors); return(false); } } return(true); }