func Update(c *echo.Context) error { u := users.User{} err := utils.ParseJSONBody(c, &u) if err != nil { return nil } user, err := users.GetUser(u.GetID()) if err != nil { return apiErrors.UserNotFound } if u.Password == "" { return apiErrors.InvalidRequest.Detail("The password field is missing.") } err = users.UpdateUserPassword(user.GetID(), u.Password) if err != nil { log.Error(err) return apiErrors.InternalError.Detail("Unable to update the password.") } return utils.JSON(c, http.StatusOK, user) }
func Update(c *echo.Context) error { updatedUser := users.User{} user := c.Get("user").(*users.User) err := utils.ParseJSONBody(c, &updatedUser) if err != nil { return apiErrors.InvalidRequest } currentUser, err := users.GetUser(updatedUser.GetID()) if err != nil { return apiErrors.UserNotFound } if !user.IsAdmin && (updatedUser.GetID() != user.GetID()) { return apiErrors.Unauthorized.Detail("You can only update your account") } if updatedUser.IsAdmin != currentUser.IsAdmin { if currentUser.Id == user.GetID() { return apiErrors.Unauthorized.Detail("You cannot grant administration rights") } err = users.UpdateUserPrivilege(updatedUser.GetID(), updatedUser.IsAdmin) if err != nil { log.Error(err) return apiErrors.InternalError.Detail("Unable to update the rank") } } else if updatedUser.Password != "" { err = users.UpdateUserPassword(updatedUser.GetID(), updatedUser.Password) if err != nil { log.Error(err) return apiErrors.InternalError.Detail("Unable to update the password") } } else if updatedUser.Email != currentUser.Email { err = users.UpdateUserEmail(updatedUser.GetID(), updatedUser.Email) if err != nil { log.Error(err) return apiErrors.InternalError.Detail("Unable to update the email") } } else if updatedUser.FirstName != currentUser.FirstName { err = users.UpdateUserFirstName(updatedUser.GetID(), updatedUser.FirstName) if err != nil { log.Error(err) return apiErrors.InternalError.Detail("Unable to update the first name") } } else if updatedUser.LastName != currentUser.LastName { err = users.UpdateUserLastName(updatedUser.GetID(), updatedUser.LastName) if err != nil { log.Error(err) return apiErrors.InternalError.Detail("Unable to update the last name") } } else { return apiErrors.InvalidRequest.Detail("No field sent") } return utils.JSON(c, http.StatusOK, &updatedUser) }