public ActionResult Edit([Bind(Exclude = "Account,Password")] User user) { ModelState.Remove("Account"); ModelState.Remove("Password"); if (!ModelState.IsValid) { return(View(user)); } if (!CanUseAction(user.UserID)) { return(RedirectToAction("AccessDenied", "Home")); } ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session); var existingUser = _db.Users.Find(user.UserID); if (existingUser == null) { return(RedirectToAction("AccessDenied", "Home")); } // update existing user (by first remapping excluded properties) user.Account = existingUser.Account; user.Password = existingUser.Password; Mapper.Map(user, existingUser); // update session AuthenticationManager.Reauthenticate(existingUser, Session); _db.Entry(existingUser).State = EntityState.Modified; _db.SaveChanges(); return(RedirectToAction("Index", "Home")); }
public ActionResult DeleteConfirmed(int id) { var user = _db.Users.Find(id); if (user != null) { if (!CanUseAction(id)) { return(RedirectToAction("AccessDenied", "Home")); } ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session); _db.Users.Remove(user); _db.SaveChanges(); } return(RedirectToAction("Index", "Home")); }
public ActionResult Edit(int?id) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } var user = _db.Users.Find(id); if (user == null) { return(HttpNotFound()); } if (!CanUseAction(id.Value)) { return(RedirectToAction("AccessDenied", "Home")); } ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session); return(View(Mapper.Map <User>(user))); }