public ActionResult CreateUser(string name, string surname, string email, string password, string username,
int roleId)
{
var isAdmin = CheckMethods.IsCurrentUserAdmin(User.Identity.Name);
if (User.Identity.IsAuthenticated && isAdmin)
{
using (var db = new BlogDbContext())
{
var user = new User();
user.Name = name;
user.Surname = surname;
user.Email = email;
user.Username = username;
user.Password = GetMethods.GetHash(password);
user.RoleId = roleId;
db.Users.Add(user);
db.SaveChanges();
return(View("~/Views/Admin/AdminMain.cshtml"));
}
}
return(new HttpStatusCodeResult(HttpStatusCode.Forbidden));
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAdmin = CheckMethods.IsCurrentUserAdmin(httpContext.User.Identity.Name);
if (httpContext.Request.IsAuthenticated && isAdmin)
{
return(true);
}
return(false);
}
public ActionResult OpenUpdateUser(int userId)
{
using (var db = new BlogDbContext())
{
var isAdmin = CheckMethods.IsCurrentUserAdmin(User.Identity.Name);
if (User.Identity.IsAuthenticated && isAdmin)
{
var user = db.Users.FirstOrDefault(u => u.UserId == userId);
ViewBag.User = user;
return(View("~/Views/Admin/CreateUser.cshtml"));
}
}
return(new HttpStatusCodeResult(HttpStatusCode.Forbidden));
}
