Fixed NullReference in cloud, CommentEditingWebModel, PromotionToAdmin, Posts violate key in db

3 files changed, 30 insertions, 23 deletions

diff --git a/src/DevHive.Services/Interfaces/IUserService.cs b/src/DevHive.Services/Interfaces/IUserService.cs
index 700010c..b701e4a 100644
--- a/src/DevHive.Services/Interfaces/IUserService.cs
+++ b/src/DevHive.Services/Interfaces/IUserService.cs
@@ -19,6 +19,6 @@ namespace DevHive.Services.Interfaces
 
 		Task<bool> ValidJWT(Guid id, string rawTokenData);
 
-		Task<Guid> SuperSecretPromotionToAdmin(Guid userId);
+		Task<TokenModel> SuperSecretPromotionToAdmin(Guid userId);
 	}
 }
diff --git a/src/DevHive.Services/Models/Cloud/CloudinaryService.cs b/src/DevHive.Services/Models/Cloud/CloudinaryService.cs
index a9bc9bd..bbf9606 100644
--- a/src/DevHive.Services/Models/Cloud/CloudinaryService.cs
+++ b/src/DevHive.Services/Models/Cloud/CloudinaryService.cs
@@ -4,6 +4,7 @@ using System.IO;
 using System.Threading.Tasks;
 using CloudinaryDotNet;
 using CloudinaryDotNet.Actions;
+using DevHive.Data.Migrations;
 using DevHive.Services.Interfaces;
 using Microsoft.AspNetCore.Http;
 
@@ -25,22 +26,19 @@ namespace DevHive.Services.Services
 			{
 				string formFileId = Guid.NewGuid().ToString();
 
-				if (formFile.Length > 0)
+				using (var ms = new MemoryStream())
 				{
-					using (var ms = new MemoryStream())
+					formFile.CopyTo(ms);
+					byte[] formBytes = ms.ToArray();
+
+					RawUploadParams rawUploadParams = new()
 					{
-						formFile.CopyTo(ms);
-						byte[] formBytes = ms.ToArray();
-
-						ImageUploadParams imageUploadParams = new()
-						{
-							File = new FileDescription(formFileId, new MemoryStream(formBytes)),
-							PublicId = formFileId
-						};
-
-						ImageUploadResult uploadResult = await this._cloudinary.UploadAsync(imageUploadParams);
-						fileUrls.Add(uploadResult.Url.AbsoluteUri);
-					}
+						File = new FileDescription(formFileId, new MemoryStream(formBytes)),
+						PublicId = formFileId
+					};
+
+					RawUploadResult rawUploadResult = await this._cloudinary.UploadAsync(rawUploadParams);
+					fileUrls.Add(rawUploadResult.Url.AbsoluteUri);
 				}
 			}
 
diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs
index c2c42e0..c8624ee 100644
--- a/src/DevHive.Services/Services/UserService.cs
+++ b/src/DevHive.Services/Services/UserService.cs
@@ -241,7 +241,7 @@ namespace DevHive.Services.Services
 
 			User newUser = await this._userRepository.GetByIdAsync(userId);
 
-			return new TokenModel(WriteJWTSecurityToken(newUser.Id, newUser.UserName, newUser.Roles);
+			return new TokenModel(WriteJWTSecurityToken(newUser.Id, newUser.UserName, newUser.Roles));
 		}
 
 		private async Task<User> PopulateModel(UpdateUserServiceModel updateUserServiceModel)
@@ -249,16 +249,25 @@ namespace DevHive.Services.Services
 			User user = this._userMapper.Map<User>(updateUserServiceModel);
 
 			/* Fetch Roles and replace model's*/
-			HashSet<Role> roles = new();
-			int rolesCount = updateUserServiceModel.Roles.Count;
-			for (int i = 0; i < rolesCount; i++)
+			//Do NOT allow a user to change his roles, unless he is an Admin
+			bool isAdmin = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id))
+				.Roles.Any(r => r.Name == Role.AdminRole);
+
+			if (isAdmin)
 			{
-				Role role = await this._roleRepository.GetByNameAsync(updateUserServiceModel.Roles.ElementAt(i).Name) ??
-					throw new ArgumentException("Invalid role name!");
+				HashSet<Role> roles = new();
+				foreach (var role in updateUserServiceModel.Roles)
+				{
+					Role returnedRole = await this._roleRepository.GetByNameAsync(role.Name) ??
+						throw new ArgumentException($"Role {role.Name} does not exist!");
 
-				roles.Add(role);
+					roles.Add(returnedRole);
+				}
+				user.Roles = roles;
 			}
-			user.Roles = roles;
+			//Preserve original user roles
+			else
+				user.Roles = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id)).Roles;
 
 			/* Fetch Friends and replace model's*/
 			HashSet<UserFriends> friends = new();