public ActionResult Delete_Post(int id) //int userId, string userName, string password, string phoneNumber, string userEmailAddress { var existingCompany = _usersContext.Companies.FirstOrDefault(x => x.CompanyId == id); _usersContext.DeleteObject(existingCompany); _usersContext.SaveChanges(); return(RedirectToAction("Index")); }
public ActionResult Delete_Post(int id) //int userId, string userName, string password, string phoneNumber, string userEmailAddress { var signedInUser = _usersContext.Users.First(u => u.UserName == User.Identity.Name); var existingUser = _usersContext.Users.First(x => x.UserId == id); if (!User.IsInRole("SuperAdmin") && existingUser.CompanyId != signedInUser.CompanyId) { return(RedirectToAction("NotAllowed", "Error")); } _usersContext.DeleteObject(existingUser); _usersContext.SaveChanges(); return(RedirectToAction("Index")); }