EduardoDev
/
line-gestao-api
mirror of https://github.com/eduardolopesx03/line-gestao-api.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add admin-managed user editing and role validation

This commit is contained in:
Eduardo Lopes 2026-01-26 10:46:32 -03:00
parent bdb952c0e5
commit 0d1305bdbe
2 changed files with 108 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
Controllers/UsersController.cs
View File

@ -14,6 +14,12 @@ namespace line_gestao_api.Controllers;
[Authorize] [Authorize]
public class UsersController : ControllerBase public class UsersController : ControllerBase
{ {
private static readonly HashSet<string> AllowedRoles = new(StringComparer.OrdinalIgnoreCase)
{
"admin",
"gestor"
};
private readonly AppDbContext _db; private readonly AppDbContext _db;
private readonly UserManager<ApplicationUser> _userManager; private readonly UserManager<ApplicationUser> _userManager;
private readonly RoleManager<IdentityRole<Guid>> _roleManager; private readonly RoleManager<IdentityRole<Guid>> _roleManager;
@ -65,7 +71,7 @@ public class UsersController : ControllerBase
} }
var role = req.Permissao.Trim().ToLowerInvariant(); var role = req.Permissao.Trim().ToLowerInvariant();
if (!await _roleManager.RoleExistsAsync(role)) if (!AllowedRoles.Contains(role) || !await _roleManager.RoleExistsAsync(role))
{ {
return BadRequest(new ValidationErrorResponse return BadRequest(new ValidationErrorResponse
{ {
@ -211,12 +217,33 @@ public class UsersController : ControllerBase
[Authorize(Roles = "admin")] [Authorize(Roles = "admin")]
public async Task<IActionResult> Update(Guid id, [FromBody] UserUpdateRequest req) public async Task<IActionResult> Update(Guid id, [FromBody] UserUpdateRequest req)
{ {
var errors = await ValidateUpdateAsync(id, req);
if (errors.Count > 0)
{
return BadRequest(new ValidationErrorResponse { Errors = errors });
}
var user = await _userManager.Users.FirstOrDefaultAsync(u => u.Id == id); var user = await _userManager.Users.FirstOrDefaultAsync(u => u.Id == id);
if (user == null) if (user == null)
{ {
return NotFound(); return NotFound();
} }
if (!string.IsNullOrWhiteSpace(req.Nome))
{
user.Name = req.Nome.Trim();
}
if (!string.IsNullOrWhiteSpace(req.Email))
{
var email = req.Email.Trim().ToLowerInvariant();
if (!string.Equals(user.Email, email, StringComparison.OrdinalIgnoreCase))
{
await _userManager.SetEmailAsync(user, email);
await _userManager.SetUserNameAsync(user, email);
}
}
if (req.Ativo.HasValue) if (req.Ativo.HasValue)
{ {
user.IsActive = req.Ativo.Value; user.IsActive = req.Ativo.Value;
@ -225,7 +252,7 @@ public class UsersController : ControllerBase
if (!string.IsNullOrWhiteSpace(req.Permissao)) if (!string.IsNullOrWhiteSpace(req.Permissao))
{ {
var roleName = req.Permissao.Trim().ToLowerInvariant(); var roleName = req.Permissao.Trim().ToLowerInvariant();
if (!await _roleManager.RoleExistsAsync(roleName)) if (!AllowedRoles.Contains(roleName) || !await _roleManager.RoleExistsAsync(roleName))
{ {
return BadRequest(new ValidationErrorResponse return BadRequest(new ValidationErrorResponse
{ {
@ -245,6 +272,23 @@ public class UsersController : ControllerBase
await _userManager.AddToRoleAsync(user, roleName); await _userManager.AddToRoleAsync(user, roleName);
} }
if (!string.IsNullOrWhiteSpace(req.Senha))
{
var token = await _userManager.GeneratePasswordResetTokenAsync(user);
var resetResult = await _userManager.ResetPasswordAsync(user, token, req.Senha);
if (!resetResult.Succeeded)
{
return BadRequest(new ValidationErrorResponse
{
Errors = resetResult.Errors.Select(e => new ValidationErrorDto
{
Field = "senha",
Message = e.Description
}).ToList()
});
}
}
await _userManager.UpdateAsync(user); await _userManager.UpdateAsync(user);
return NoContent(); return NoContent();
} }
@ -277,6 +321,64 @@ public class UsersController : ControllerBase
{ {
errors.Add(new ValidationErrorDto { Field = "permissao", Message = "Permissão é obrigatória." }); errors.Add(new ValidationErrorDto { Field = "permissao", Message = "Permissão é obrigatória." });
} }
else if (!AllowedRoles.Contains(req.Permissao.Trim()))
{
errors.Add(new ValidationErrorDto { Field = "permissao", Message = "Permissão inválida." });
}
return errors;
}
private async Task<List<ValidationErrorDto>> ValidateUpdateAsync(Guid userId, UserUpdateRequest req)
{
var errors = new List<ValidationErrorDto>();
if (!string.IsNullOrWhiteSpace(req.Nome) && req.Nome.Trim().Length < 2)
{
errors.Add(new ValidationErrorDto { Field = "nome", Message = "Nome inválido." });
}
if (!string.IsNullOrWhiteSpace(req.Email))
{
var email = req.Email.Trim().ToLowerInvariant();
var normalized = _userManager.NormalizeEmail(email);
var tenantId = _tenantProvider.TenantId;
if (tenantId == null)
{
errors.Add(new ValidationErrorDto { Field = "email", Message = "Tenant inválido." });
}
else
{
var exists = await _userManager.Users.AnyAsync(u =>
u.Id != userId &&
u.TenantId == tenantId &&
u.NormalizedEmail == normalized);
if (exists)
{
errors.Add(new ValidationErrorDto { Field = "email", Message = "E-mail já cadastrado." });
}
}
}
if (!string.IsNullOrWhiteSpace(req.Senha))
{
if (req.Senha.Length < 6)
{
errors.Add(new ValidationErrorDto { Field = "senha", Message = "Senha deve ter pelo menos 6 caracteres." });
}
if (req.Senha != req.ConfirmarSenha)
{
errors.Add(new ValidationErrorDto { Field = "confirmarSenha", Message = "Confirmação de senha inválida." });
}
}
if (!string.IsNullOrWhiteSpace(req.Permissao) && !AllowedRoles.Contains(req.Permissao.Trim()))
{
errors.Add(new ValidationErrorDto { Field = "permissao", Message = "Permissão inválida." });
}
return errors; return errors;
} }

4
Dtos/UserDtos.cs
View File

@ -11,6 +11,10 @@ public class UserCreateRequest
public class UserUpdateRequest public class UserUpdateRequest
{ {
public string? Nome { get; set; }
public string? Email { get; set; }
public string? Senha { get; set; }
public string? ConfirmarSenha { get; set; }
public string? Permissao { get; set; } public string? Permissao { get; set; }
public bool? Ativo { get; set; } public bool? Ativo { get; set; }
} }