Admin can delete user(s)

src/Core/Application/Identity/Users/IUserService.cs

@@ -28,8 +28,8 @@ public interface IUserService : ITransientService
 
     Task<string> GetOrCreateFromPrincipalAsync(ClaimsPrincipal principal);
     Task<string> CreateAsync(CreateUserRequest request, string origin);
-    Task UpdateAsync(UpdateUserRequest request, string userId);
-
+    Task UpdateAsync(UpdateUserRequest request, string userId, CancellationToken cancellationToken);
+    Task<string> DeleteAsync(string userId, CancellationToken cancellationToken);
     Task<string> ConfirmEmailAsync(string userId, string code, string tenant, CancellationToken cancellationToken);
     Task<string> ConfirmPhoneNumberAsync(string userId, string code);
 

src/Core/Application/Identity/Users/UpdateUserRequest.cs

@@ -3,10 +3,12 @@ namespace FSH.WebApi.Application.Identity.Users;
 public class UpdateUserRequest
 {
     public string Id { get; set; } = default!;
+    public string? UserName { get; set; }
     public string? FirstName { get; set; }
     public string? LastName { get; set; }
     public string? PhoneNumber { get; set; }
     public string? Email { get; set; }
+    public string? Password { get; set; }
     public FileUploadRequest? Image { get; set; }
     public bool DeleteCurrentImage { get; set; } = false;
 }

src/Core/Domain/Identity/ApplicationUserEvents.cs

@@ -22,4 +22,12 @@ public class ApplicationUserUpdatedEvent : ApplicationUserEvent
     public ApplicationUserUpdatedEvent(string userId, bool rolesUpdated = false)
         : base(userId) =>
         RolesUpdated = rolesUpdated;
+}
+
+public class ApplicationUserDeletedEvent : ApplicationUserEvent
+{
+    public ApplicationUserDeletedEvent(string userId)
+        : base(userId)
+    {
+    }
 }

src/Host/Controllers/Identity/UsersController.cs

@@ -25,6 +25,23 @@ public Task<UserDetailsDto> GetByIdAsync(string id, CancellationToken cancellati
         return _userService.GetAsync(id, cancellationToken);
     }
 
+    [HttpPut("{id}")]
+    [MustHavePermission(FSHAction.Update, FSHResource.Users)]
+    [OpenApiOperation("Update profile details of an user.", "")]
+    public async Task<ActionResult> UpdateUserAsync(string id, UpdateUserRequest request, CancellationToken cancellationToken)
+    {
+        await _userService.UpdateAsync(request, id, cancellationToken);
+        return Ok();
+    }
+
+    [HttpDelete("{id}")]
+    [MustHavePermission(FSHAction.Delete, FSHResource.Users)]
+    [OpenApiOperation("Delete a user.", "")]
+    public Task<string> DeleteAsync(string id, CancellationToken cancellationToken)
+    {
+        return _userService.DeleteAsync(id, cancellationToken);
+    }
+
     [HttpGet("{id}/roles")]
     [MustHavePermission(FSHAction.View, FSHResource.UserRoles)]
     [OpenApiOperation("Get a user's roles.", "")]

src/Host/Controllers/Personal/PersonalController.cs

@@ -22,14 +22,14 @@ public async Task<ActionResult<UserDetailsDto>> GetProfileAsync(CancellationToke
 
     [HttpPut("profile")]
     [OpenApiOperation("Update profile details of currently logged in user.", "")]
-    public async Task<ActionResult> UpdateProfileAsync(UpdateUserRequest request)
+    public async Task<ActionResult> UpdateProfileAsync(UpdateUserRequest request, CancellationToken cancellationToken)
     {
         if (User.GetUserId() is not { } userId || string.IsNullOrEmpty(userId))
         {
             return Unauthorized();
         }
 
-        await _userService.UpdateAsync(request, userId);
+        await _userService.UpdateAsync(request, userId, cancellationToken);
         return Ok();
     }
 

src/Infrastructure/Identity/UserService.CreateUpdate.cs

@@ -146,7 +146,7 @@ public async Task<string> CreateAsync(CreateUserRequest request, string origin)
         return string.Join(Environment.NewLine, messages);
     }
 
-    public async Task UpdateAsync(UpdateUserRequest request, string userId)
+    public async Task UpdateAsync(UpdateUserRequest request, string userId, CancellationToken cancellationToken)
     {
         var user = await _userManager.FindByIdAsync(userId);
 
@@ -155,7 +155,7 @@ public async Task UpdateAsync(UpdateUserRequest request, string userId)
         string currentImage = user.ImageUrl ?? string.Empty;
         if (request.Image != null || request.DeleteCurrentImage)
         {
-            user.ImageUrl = await _fileStorage.UploadAsync<ApplicationUser>(request.Image, FileType.Image);
+            user.ImageUrl = await _fileStorage.UploadAsync<ApplicationUser>(request.Image, FileType.Image, cancellationToken);
             if (request.DeleteCurrentImage && !string.IsNullOrEmpty(currentImage))
             {
                 string root = Directory.GetCurrentDirectory();
@@ -172,6 +172,17 @@ public async Task UpdateAsync(UpdateUserRequest request, string userId)
             await _userManager.SetPhoneNumberAsync(user, request.PhoneNumber);
         }
 
+        if (!string.IsNullOrEmpty(request.Password) && await HasPermissionAsync(user.Id, FSHPermission.NameFor(nameof(FSHAction.Update), nameof(FSHResource.Users)), cancellationToken))
+        {
+            string token = await _userManager.GeneratePasswordResetTokenAsync(user);
+            var changePasswordResult = await _userManager.ResetPasswordAsync(user, token, request.Password);
+
+            if (!changePasswordResult.Succeeded)
+            {
+                throw new InternalServerException(_t["Change password failed"], changePasswordResult.GetErrors(_t));
+            }
+        }
+
         var result = await _userManager.UpdateAsync(user);
 
         await _signInManager.RefreshSignInAsync(user);

src/Infrastructure/Identity/UserService.Delete.cs

@@ -0,0 +1,38 @@
+using FSH.WebApi.Application.Common.Exceptions;
+using FSH.WebApi.Domain.Identity;
+
+namespace FSH.WebApi.Infrastructure.Identity;
+
+internal partial class UserService
+{
+    public async Task<string> DeleteAsync(string userId, CancellationToken cancellationToken)
+    {
+        var user = await _userManager.FindByIdAsync(userId);
+
+        _ = user ?? throw new NotFoundException(_t["User Not Found."]);
+
+        string currentImage = user.ImageUrl ?? string.Empty;
+        if (!string.IsNullOrEmpty(currentImage))
+        {
+            string root = Directory.GetCurrentDirectory();
+            _fileStorage.Remove(Path.Combine(root, currentImage));
+        }
+
+        var userRoles = await _userManager.GetRolesAsync(user);
+        var result = await _userManager.RemoveFromRolesAsync(user, userRoles);
+
+        if (!result.Succeeded)
+        {
+            throw new InternalServerException(_t["Remove role(s) failed."], result.GetErrors(_t));
+        }
+
+        result = await _userManager.DeleteAsync(user);
+        if (!result.Succeeded)
+        {
+            throw new InternalServerException(_t["Remove user failed."], result.GetErrors(_t));
+        }
+
+        await _events.PublishAsync(new ApplicationUserDeletedEvent(user.Id));
+        return string.Format(_t["{0} succesfully deleted."], user.UserName);
+    }
+}

src/Infrastructure/Infrastructure.csproj

@@ -42,6 +42,10 @@
         <PackageReference Include="MimeKit" Version="3.3.0" />
         <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="6.0.4" />
         <PackageReference Include="NSwag.AspNetCore" Version="13.16.1" />
+        <PackageReference Include="NSwag.CodeGeneration" Version="13.16.1" />
+        <PackageReference Include="NSwag.CodeGeneration.CSharp" Version="13.16.1" />
+        <PackageReference Include="NSwag.CodeGeneration.TypeScript" Version="13.16.1" />
+        <PackageReference Include="NSwag.Generation.WebApi" Version="13.16.1" />
         <PackageReference Include="RazorEngineCore" Version="2022.1.2" />
         <PackageReference Include="ZymLabs.NSwag.FluentValidation.AspNetCore" Version="0.5.1" />
         <PackageReference Include="Oracle.EntityFrameworkCore" Version="6.21.61" />