diff options
| author | transtrike <transtrike@gmail.com> | 2021-01-31 13:38:15 +0200 |
|---|---|---|
| committer | transtrike <transtrike@gmail.com> | 2021-01-31 13:38:15 +0200 |
| commit | 5a8c7d92216bb7fafc649056a00c11682b82a279 (patch) | |
| tree | c6b308f1b971b46f4ca750108a1371bb7cd13b5c /src/DevHive.Services/Services | |
| parent | 505bc41720cbcd02d65e17a6440931c87abcdeda (diff) | |
| download | DevHive-5a8c7d92216bb7fafc649056a00c11682b82a279.tar DevHive-5a8c7d92216bb7fafc649056a00c11682b82a279.tar.gz DevHive-5a8c7d92216bb7fafc649056a00c11682b82a279.zip | |
Fixed NullReference in cloud, CommentEditingWebModel, PromotionToAdmin, Posts violate key in db
Diffstat (limited to 'src/DevHive.Services/Services')
| -rw-r--r-- | src/DevHive.Services/Services/UserService.cs | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs index c2c42e0..c8624ee 100644 --- a/src/DevHive.Services/Services/UserService.cs +++ b/src/DevHive.Services/Services/UserService.cs @@ -241,7 +241,7 @@ namespace DevHive.Services.Services User newUser = await this._userRepository.GetByIdAsync(userId); - return new TokenModel(WriteJWTSecurityToken(newUser.Id, newUser.UserName, newUser.Roles); + return new TokenModel(WriteJWTSecurityToken(newUser.Id, newUser.UserName, newUser.Roles)); } private async Task<User> PopulateModel(UpdateUserServiceModel updateUserServiceModel) @@ -249,16 +249,25 @@ namespace DevHive.Services.Services User user = this._userMapper.Map<User>(updateUserServiceModel); /* Fetch Roles and replace model's*/ - HashSet<Role> roles = new(); - int rolesCount = updateUserServiceModel.Roles.Count; - for (int i = 0; i < rolesCount; i++) + //Do NOT allow a user to change his roles, unless he is an Admin + bool isAdmin = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id)) + .Roles.Any(r => r.Name == Role.AdminRole); + + if (isAdmin) { - Role role = await this._roleRepository.GetByNameAsync(updateUserServiceModel.Roles.ElementAt(i).Name) ?? - throw new ArgumentException("Invalid role name!"); + HashSet<Role> roles = new(); + foreach (var role in updateUserServiceModel.Roles) + { + Role returnedRole = await this._roleRepository.GetByNameAsync(role.Name) ?? + throw new ArgumentException($"Role {role.Name} does not exist!"); - roles.Add(role); + roles.Add(returnedRole); + } + user.Roles = roles; } - user.Roles = roles; + //Preserve original user roles + else + user.Roles = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id)).Roles; /* Fetch Friends and replace model's*/ HashSet<UserFriends> friends = new(); |