public ActionResult Edit([Bind(Exclude = "Account,Password")] User user)
{
ModelState.Remove("Account");
ModelState.Remove("Password");
if (!ModelState.IsValid)
{
return(View(user));
}
if (!CanUseAction(user.UserID))
{
return(RedirectToAction("AccessDenied", "Home"));
}
ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session);
var existingUser = _db.Users.Find(user.UserID);
if (existingUser == null)
{
return(RedirectToAction("AccessDenied", "Home"));
}
// update existing user (by first remapping excluded properties)
user.Account = existingUser.Account;
user.Password = existingUser.Password;
Mapper.Map(user, existingUser);
// update session
AuthenticationManager.Reauthenticate(existingUser, Session);
_db.Entry(existingUser).State = EntityState.Modified;
_db.SaveChanges();
return(RedirectToAction("Index", "Home"));
}
public ActionResult Create([Bind(Exclude = "")] User user)
{
if (!ModelState.IsValid)
{
return(View(user));
}
// always default to a simple user.
var newUser = Mapper.Map <Models.User>(user);
_db.Users.Add(newUser);
_db.SaveChanges();
return(AuthenticationManager.Authenticate(newUser, user.Password, Session) == SignInStatus.Success
? (ActionResult)RedirectToAction("Index", "Home")
: View(user));
}
