private async Task <bool> UpdateRoleAsync(UserDAO user)
{
var currentUserName = _requestContext.GetCurrentUserName();
var newRoles = Input.Roles
.Where(role => role.HasRole)
.Select(role => role.Name)
.ToList();
var currentRoles = await _userManager.GetRolesAsync(user);
var rolesToRemove = currentRoles.Where(r => !newRoles.Contains(r)).ToList();
var rolesToAdd = newRoles.Where(r => !currentRoles.Contains(r)).ToList();
if (rolesToRemove.Count > 0)
{
// don't allow remove super users from Admin role
if (_identityLogic.IsSuperAdminUser(user.UserName) && rolesToRemove.Contains(RoleType.Administrator))
{
ModelState.AddModelError(string.Empty, $"User {user.UserName} is super admin, you don't have permission to remove it from {RoleType.Administrator} role.");
return(false);
}
var removeRolesResult = await _userManager.RemoveFromRolesAsync(user, rolesToRemove);
if (!removeRolesResult.Succeeded)
{
var errors = AddToModelStateErrors(removeRolesResult);
_logger.LogInformation("{@User} failed when removed {@UserName} from role(s) {@Roles}, Errors {@Errors}.", currentUserName, user.UserName,
string.Join(',', rolesToRemove), errors);
return(false);
}
}
if (rolesToAdd.Count > 0)
{
var addRolesResult = await _userManager.AddToRolesAsync(user, rolesToAdd);
if (!addRolesResult.Succeeded)
{
var errors = AddToModelStateErrors(addRolesResult);
_logger.LogInformation("{@User} failed when added {@UserName} to role(s) {@Roles}, Errors {@Errors}.", currentUserName, user.UserName,
string.Join(',', rolesToAdd), errors);
return(false);
}
}
return(true);
}
