Jonas
847ac119d8
Update API/Controllers/Auth/AppUserController.cs: change route attribute to [HttpPatch("{id:guid}")] (fixing verb and missing bracket), correct German error message to indicate the user was deactivated, and remove the redundant existing-username conflict check before SetUserNameAsync. These changes clarify intent and rely on userManager to handle username validation.
92 lines
3.4 KiB
C#
92 lines
3.4 KiB
C#
using API.Contracts.Auth;
|
|
using API.Models;
|
|
using API.Security;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.EntityFrameworkCore;
|
|
|
|
namespace API.Controllers.Auth
|
|
{
|
|
[ApiController]
|
|
[Authorize(Policy = PolicyNames.AdminOnly)]
|
|
[Route("auth/user")]
|
|
public class AppUserController(UserManager<AppUser> userManager) : ControllerBase
|
|
{
|
|
[HttpGet]
|
|
public async Task<ActionResult<IReadOnlyList<CurrentUserResponse>>> GetAppUsers()
|
|
{
|
|
var users = await userManager.Users
|
|
.OrderBy(x => x.UserName)
|
|
.ToListAsync();
|
|
|
|
var tasks = users.Select(user => user.ToCurrentUserResponseAsync(userManager));
|
|
return Ok(await Task.WhenAll(tasks));
|
|
}
|
|
|
|
[HttpGet("{id:guid}")]
|
|
public async Task<ActionResult<CurrentUserResponse>> GetAppUserById([FromRoute] Guid id)
|
|
{
|
|
var user = await userManager.Users.FirstOrDefaultAsync(x => x.Id == id);
|
|
if (user is null)
|
|
{
|
|
return NotFound(new { message = "Benutzer wurde nicht gefunden." });
|
|
}
|
|
|
|
return Ok(await user.ToCurrentUserResponseAsync(userManager));
|
|
}
|
|
|
|
[HttpPatch("{id:guid}")]
|
|
public async Task<IActionResult> UpdateAppUser([FromRoute] Guid id, [FromBody] ChangeUserRequest changeDto)
|
|
{
|
|
var user = await userManager.Users.FirstOrDefaultAsync(x => x.Id == id);
|
|
|
|
if (user is null)
|
|
{
|
|
return NotFound(new { message = "Benutzer wurde nicht gefunden." });
|
|
}
|
|
|
|
if (changeDto.IsActive != null)
|
|
{
|
|
user.IsActive = changeDto.IsActive.Value;
|
|
|
|
if (!changeDto.IsActive.Value)
|
|
{
|
|
var stampResult = await userManager.UpdateSecurityStampAsync(user);
|
|
if (!stampResult.Succeeded)
|
|
{
|
|
return StatusCode(500, new { message = "Benutzer wurde deaktiviert, aber Sessions konnten nicht invalidiert werden. " +
|
|
"Er könnte also immer noch Angemeldet sein!" });
|
|
}
|
|
}
|
|
}
|
|
|
|
if (changeDto.UserName != null)
|
|
{
|
|
var newUserName = changeDto.UserName.Trim();
|
|
|
|
if (string.IsNullOrEmpty(newUserName))
|
|
{
|
|
return BadRequest(new { message = "Benutzername darf nicht leer sein." });
|
|
}
|
|
|
|
if (!string.Equals(newUserName, user.UserName, StringComparison.OrdinalIgnoreCase))
|
|
{
|
|
var setNameResult = await userManager.SetUserNameAsync(user, newUserName);
|
|
if (!setNameResult.Succeeded)
|
|
{
|
|
if (setNameResult.Errors.Any(e => e.Code == nameof(IdentityErrorDescriber.DuplicateUserName)))
|
|
{
|
|
return Conflict(new { message = "Benutzername ist bereits vergeben." });
|
|
}
|
|
|
|
return BadRequest(new { message = "Benutzername konnte nicht geändert werden.", errors = setNameResult.Errors.Select(e => e.Description) });
|
|
}
|
|
}
|
|
}
|
|
|
|
return Ok(await user.ToCurrentUserResponseAsync(userManager));
|
|
}
|
|
}
|
|
}
|