Beispiel #1
0
        public ActionResult Edit(UserEditModel model)
        {
            if (User.Id() != model.Id && !User.IsInRole(Definitions.Roles.Administrator))
            {
                return(RedirectToAction("Unauthorized", "Home"));
            }

            if (AuthenticationSettings.DemoModeActive && User.IsInRole(Definitions.Roles.Administrator) && User.Id() == model.Id)
            {
                // Don't allow the admin user to be changed in demo mode
                return(RedirectToAction("Unauthorized", "Home"));
            }

            if (ModelState.IsValid)
            {
                bool valid = true;

                if (!User.IsInRole(Definitions.Roles.Administrator) && (model.OldPassword == null && model.NewPassword != null))
                {
                    ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordEmpty);
                    valid = false;
                }

                if (model.OldPassword != null && MembershipService.ValidateUser(model.Username, model.OldPassword) != ValidationResult.Success)
                {
                    ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordIncorrect);
                    valid = false;
                }

                if (User.IsInRole(Definitions.Roles.Administrator) && model.Id == User.Id() && !(model.PostedSelectedRoles != null && model.PostedSelectedRoles.Contains(Definitions.Roles.Administrator)))
                {
                    ModelState.AddModelError("Roles", Resources.Account_Edit_CannotRemoveYourselfFromAdminRole);
                    valid = false;
                }

                if (valid)
                {
                    MembershipService.UpdateUser(model.Id, model.Username, model.Name, model.Surname, model.Email, model.NewPassword);
                    // Only Administrators can make any changes to roles
                    if (User.IsInRole(Definitions.Roles.Administrator))
                    {
                        RoleProvider.RemoveUserFromRoles(model.Id, RoleProvider.GetAllRoles());
                        if (model.PostedSelectedRoles != null)
                        {
                            RoleProvider.AddUserToRoles(model.Id, model.PostedSelectedRoles);
                        }
                    }
                    ViewBag.UpdateSuccess = true;
                }
            }

            model.Roles         = RoleProvider.GetAllRoles();
            model.SelectedRoles = model.PostedSelectedRoles;

            return(View(model));
        }
        public ActionResult Edit(UserEditModel model)
        {
            if (!User.Id().Equals(model.Username, StringComparison.OrdinalIgnoreCase) && !User.IsInRole(Definitions.Roles.Administrator))
            {
                return(RedirectToAction("Unauthorized", "Home"));
            }

            if (ModelState.IsValid)
            {
                bool valid = true;

                if (!User.IsInRole(Definitions.Roles.Administrator) && (model.OldPassword == null && model.NewPassword != null))
                {
                    ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordEmpty);
                    valid = false;
                }

                if (model.OldPassword != null && MembershipService.ValidateUser(model.Username, model.OldPassword) != ValidationResult.Success)
                {
                    ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordIncorrect);
                    valid = false;
                }

                if (User.IsInRole(Definitions.Roles.Administrator) && model.Username.Equals(User.Id(), StringComparison.OrdinalIgnoreCase) && !(model.Roles != null && model.Roles.Contains(Definitions.Roles.Administrator)))
                {
                    ModelState.AddModelError("Roles", Resources.Account_Edit_CannotRemoveYourselfFromAdminRole);
                    valid = false;
                }

                if (valid)
                {
                    MembershipService.UpdateUser(model.Username, model.Name, model.Surname, model.Email, model.NewPassword);
                    RoleProvider.RemoveUserFromRoles(model.Username, RoleProvider.GetAllRoles());
                    if (model.Roles != null)
                    {
                        RoleProvider.AddUserToRoles(model.Username, model.Roles);
                    }
                    ViewBag.UpdateSuccess = true;
                }
            }

            PopulateRoles();
            return(View(model));
        }