public ActionResult Create(NotificationCreateViewModel data)
            Order order = null;
            if (data.OrderId.HasValue)
                //verify user has access to the order
                StoreFrontConfiguration storeFrontConfig = CurrentStoreFrontConfigOrThrow;
                StoreFront storeFront = storeFrontConfig.StoreFront;

                UserProfile profile = CurrentUserProfileOrNull;
                string trimmedEmail = (string.IsNullOrWhiteSpace(data.OrderEmail) ? "" : data.OrderEmail.Trim().ToLower());
                if (profile == null)
                    order = storeFront.Orders.SingleOrDefault(o => o.OrderId == data.OrderId.Value && o.Email.ToLower() == trimmedEmail && o.UserProfileId == null);
                    if (order == null)
                        return HttpBadRequest("Anonymous order not found or not authorized for order id " + data.OrderId.Value + " with email: " + data.OrderEmail);
                    if (profile.AspNetIdentityUserIsInRoleSystemAdmin())
                        order = storeFront.Orders.SingleOrDefault(o => o.OrderId == data.OrderId.Value);
                        if (order == null)
                            return HttpBadRequest("Sys Admin order not found order id " + data.OrderId.Value);
                    else if (storeFrontConfig.OrderAdmin_UserProfileId == profile.UserProfileId)
                        order = storeFront.Orders.SingleOrDefault(o => o.OrderId == data.OrderId.Value);
                        if (order == null)
                            return HttpBadRequest("Order Admin order not found order id " + data.OrderId.Value);
                        order = storeFront.Orders.SingleOrDefault(o => o.OrderId == data.OrderId.Value && o.UserProfileId == profile.UserProfileId);
                        if (order == null)
                            return HttpBadRequest("Logged in order not found or no access order id " + data.OrderId.Value);

            UserProfile target = GStoreDb.UserProfiles.SingleOrDefault(prof => prof.UserProfileId == data.ToUserProfileId);
            if (target == null)
                ModelState.AddModelError("", "Target recipient is not found. Please email the system administrator if you think this is an error.");
            if (!User.IsInRole("SystemAdmin"))
                if (!target.AllowUsersToSendSiteMessages)
                    ModelState.AddModelError("", "You are not authorized to send a message to the selected user. Please email the system administrator if you think this is an error.");
            if (!ModelState.IsValid)
                ViewBag.Importance = ImportanceItems();
                ViewBag.ToUserProfileId = AllowedToProfiles();
                return View(data);

            Notification notification = GStoreDb.Notifications.Create();
            UserProfile sender = CurrentUserProfileOrThrow;
            notification.FromUserProfileId = sender.UserProfileId;
            notification.From = sender.FullName;
            notification.To = target.FullName;
            notification.Subject = data.Subject;
            notification.ToUserProfileId = data.ToUserProfileId;
            notification.Importance = data.Importance;
            notification.Message = data.Message;
            notification.UrlHost = Request.Url.Host;
            notification.Client = CurrentClientOrThrow;
            notification.StoreFront = CurrentStoreFrontOrThrow;
            notification.OrderId = data.OrderId;
            if (!Request.Url.IsDefaultPort)
                notification.UrlHost += ":" + Request.Url.Port;

            notification.BaseUrl = Url.Action("Details", "Notifications", new { id = "" });

            List<NotificationLink> linkCollection = new List<NotificationLink>();
            if (!string.IsNullOrWhiteSpace(data.Link1Url))
                if (string.IsNullOrWhiteSpace(data.Link1Text))
                    data.Link1Text = data.Link1Url;
                NotificationLink newLink1 = GStoreDb.NotificationLinks.Create();
                newLink1.Order = 1;
                newLink1.LinkText = data.Link1Text;
                newLink1.Url = data.Link1Url;
                if (data.Link1Url.StartsWith("/") || data.Link1Url.StartsWith("~/"))
                    newLink1.IsExternal = false;
                    newLink1.IsExternal = true;
            if (!string.IsNullOrWhiteSpace(data.Link2Url))
                if (string.IsNullOrWhiteSpace(data.Link2Text))
                    data.Link2Text = data.Link2Url;
                NotificationLink newLink2 = GStoreDb.NotificationLinks.Create();
                newLink2.Order = 2;
                newLink2.LinkText = data.Link2Text;
                newLink2.Url = data.Link2Url;
                if (data.Link2Url.StartsWith("/") || data.Link2Url.StartsWith("~/"))
                    newLink2.IsExternal = false;
                    newLink2.IsExternal = true;
            if (!string.IsNullOrWhiteSpace(data.Link3Url))
                if (string.IsNullOrWhiteSpace(data.Link3Text))
                    data.Link3Text = data.Link3Url;
                NotificationLink newLink3 = GStoreDb.NotificationLinks.Create();
                newLink3.Order = 3;
                newLink3.LinkText = data.Link3Text;
                newLink3.Url = data.Link3Url;
                if (data.Link3Url.StartsWith("/") || data.Link3Url.StartsWith("~/"))
                    newLink3.IsExternal = false;
                    newLink3.IsExternal = true;
            if (!string.IsNullOrWhiteSpace(data.Link4Url))
                if (string.IsNullOrWhiteSpace(data.Link4Text))
                    data.Link4Text = data.Link4Url;
                NotificationLink newLink4 = GStoreDb.NotificationLinks.Create();
                newLink4.Order = 4;
                newLink4.LinkText = data.Link4Text;
                newLink4.Url = data.Link4Url;
                if (data.Link4Url.StartsWith("/") || data.Link4Url.StartsWith("~/"))
                    newLink4.IsExternal = false;
                    newLink4.IsExternal = true;

            if (linkCollection.Count != 0)
                notification.NotificationLinks = linkCollection;

            notification.IsPending = false;
            notification.StartDateTimeUtc = DateTime.UtcNow;
            notification.EndDateTimeUtc = DateTime.UtcNow;

            AddUserMessage("Message sent!", "Message sent to " + notification.To.ToHtml(), UserMessageType.Success);

            return RedirectToAction("Index");
        // GET: Notifications/Create
        public ActionResult Create(string orderNumber, string orderEmail)
            NotificationCreateViewModel viewModel = new NotificationCreateViewModel();

            if (!string.IsNullOrWhiteSpace(orderNumber))
                //verify user has access to the order
                StoreFrontConfiguration storeFrontConfig = CurrentStoreFrontConfigOrThrow;
                StoreFront storeFront = storeFrontConfig.StoreFront;
                UserProfile profile = CurrentUserProfileOrNull;
                string trimmedOrderNumber = orderNumber.Trim().ToLower();
                string trimmedEmail = orderEmail.Trim().ToLower();

                Order order = null;

                if (profile == null)
                    order = storeFront.Orders.SingleOrDefault(o => o.OrderNumber.ToLower() == trimmedOrderNumber && o.Email.ToLower() == trimmedEmail && o.UserProfileId == null);
                    if (order == null)
                        return HttpBadRequest("Anonymous order not found or not authorized for order #" + orderNumber + " with email: " + orderEmail);
                    if (profile.AspNetIdentityUserIsInRoleSystemAdmin())
                        order = storeFront.Orders.SingleOrDefault(o => o.OrderNumber.ToLower() == trimmedOrderNumber);
                        if (order == null)
                            return HttpBadRequest("Sys Admin order not found order #" + orderNumber);
                    else if (storeFrontConfig.OrderAdmin_UserProfileId == profile.UserProfileId)
                        order = storeFront.Orders.SingleOrDefault(o => o.OrderNumber.ToLower() == trimmedOrderNumber);
                        if (order == null)
                            return HttpBadRequest("Order Admin order not found order id " + orderNumber);
                        order = storeFront.Orders.SingleOrDefault(o => o.OrderNumber.ToLower() == trimmedOrderNumber && o.UserProfileId == profile.UserProfileId);
                        if (order == null)
                            return HttpBadRequest("Logged in order not found or no access order #" + orderNumber);
                if (order != null)
                    viewModel.OrderEmail = trimmedEmail;
                    viewModel.Subject = "Question about order " + order.OrderNumber + " placed " + order.CreateDateTimeUtc.ToUserDateTimeString(profile, storeFrontConfig, storeFront.Client);

            ViewBag.Importance = ImportanceItems();
            ViewBag.ToUserProfileId = AllowedToProfiles();

            return View(viewModel);