public ActionResult OrderDetails(long ID)
{
ActionResult response = null;
try
{
OrderDO orderDO = _orderDAO.GetOrderByID(ID);
if (orderDO != null) // If that order exists
{
// Map the orderDO we got earlier to a orderPO
OrderPO orderPO = Mapping.OrderMapper.OrderDOtoOrderPO(orderDO);
// -- Allow the Driver's and Admins to view other person's order details but
// -- don't allow the other users to view other user's order details.
if (orderPO.UserID != GetSessionUserID() && GetSessionRole() == 3)
{
response = RedirectingPage("You don't have permissions to view this page.", "../../Account/Login");
}
else
{
// Get all the pizzas associtated with this order
List <PizzaPO> pizzaPOList =
Mapping
.PizzaMapper
.PizzaDOListToPizzaPOList(_pizzaDAO.GetPizzasByOrderID(ID));
// Create the view model for 1 order and a list of pizzas
PizzaOrderVM pizzaOrderVM = new PizzaOrderVM();
pizzaOrderVM.Order = orderPO;
pizzaOrderVM.Pizzas = pizzaPOList;
// Pass in the view model to the View.
response = View(pizzaOrderVM);
}
}
else
{ // The order couldn't be found.
// If the current user is an Admin then show that the order doesn't exist
if (GetSessionRole() == 1)
{
response = RedirectingPage("Order does not exist", "../");
}
else // Don't show anyone else that the order doesn't exist.
{
response = RedirectToAction("Home", "Index");
}
}
}
catch (Exception exception)
{
Logger.LogExceptionNoRepeats(exception);
}
finally
{
if (response == null)
{
response = RedirectToAction("Index", "Home");
}
}
return(response);
}
public ActionResult UpdatePizzaInOrder(PizzaPO form)
{
// Give response a default value.
ActionResult response = RedirectToAction("Index", "Home");
OrderDO pizzasOrder = _orderDAO.GetOrderByID((long)form.OrderID);
if (pizzasOrder.Paid) // If the order has already been paid for.
{
TempData["ErrorMessage"] = "You cannot update a pizza on an order that has already been paid for.";
response = RedirectToAction("OrderDetails", "Order", new { ID = pizzasOrder.OrderID });
}
else if (ModelState.IsValid)
{
if (pizzasOrder != null) // If that order exists
{
// Check if the pizza form is associated with this user OR if the user is an admin
if (pizzasOrder.UserID == GetSessionUserID() || GetSessionRole() == 1)
{
// Get the new price for the pizza.
form.Price = _pizzaBLO.GetPizzaCost(Mapping.PizzaMapper.PizzaPOtoPizzaBO(form));
if (_pizzaDAO.UpdatePizza(Mapping.PizzaMapper.PizzaPOtoPizzaDO(form)) > 0)
{
// If the pizza was able to update then try to update the Order.
// First get all the pizzas associated with this order.
List <PizzaDO> pizzas = _pizzaDAO.GetPizzasByOrderID((long)form.OrderID);
// Get the total cost for the pizzas that are linked to the orderID
decimal newTotal = _pizzaBLO.GetCostOfPizzas(Mapping.PizzaMapper.PizzaDOListToPizzaBOList(pizzas));
// Update the orders total cost.
if (_orderDAO.UpdateOrderTotal((long)form.OrderID, newTotal)) // If updated the price
{
response = RedirectToAction("OrderDetails", "Order", new { ID = form.OrderID });
}
else // Otherwise the order is now out of sync
{
Logger.Log("WARNING", "PizzaController", "UpdatePizzaInOrder",
"After trying to update a pizza in orderID: " + form.OrderID +
" the total was not updated.");
}
}
else // Otherwise the pizza couldn't update.
{
TempData["ErrorMessage"] = "Could not update the pizza, please try again later.";
response = RedirectToAction("OrderDetails", "Order", new { ID = form.OrderID });
}
}
else // Otherwise the user shouldn't be trying to change this order.
{
Logger.Log("WARNING", "PizzaController", "UpdatePizzaInOrder",
"UserID: " + GetSessionUserID() + " tried to update someone elses pizza.");
}
}
else
{
// That pizza doesn't exist.
TempData["ErrorMessage"] = "That pizza doesn't exist.";
response = RedirectToAction("OrderDetails", "Order", new { ID = form.OrderID });
}
}
else
{
// The form is not valid.
TempData["ErrorMessage"] = "Please fix the errors shown below.";
FillPizzaSelectItems(form);
response = View(form);
}
return(response);
}