public static string adminUpdateUserInfo(CustomDBUser user)
{
try
{
string updateUserStatement = "UPDATE AspNetUsers SET Email = @Email, PhoneNumber = @Phone WHERE Id=@UserId";
string updateRoleStatement = "UPDATE AspNetUserRoles SET RoleId = @Role WHERE UserId = @UserId";
using (SqlConnection sqlConn = new SqlConnection(connectionString))
{
sqlConn.Open();
SqlCommand cmd = new SqlCommand(updateUserStatement, sqlConn);
cmd.Parameters.Add("@Email", SqlDbType.NChar).Value = user.Email;
cmd.Parameters.Add("@Phone", SqlDbType.NChar).Value = user.Phone;
cmd.Parameters.Add("@UserId", SqlDbType.NChar).Value = user.ID;
cmd.ExecuteReader();
SqlCommand cmd1 = new SqlCommand(updateRoleStatement, sqlConn);
cmd1.Parameters.Add("@Role", SqlDbType.NChar).Value = user.CurrentRole.ID;
cmd1.Parameters.Add("@UserId", SqlDbType.NChar).Value = user.ID;
cmd1.ExecuteReader();
}
return("success");
}
catch (SqlException e)
{
return(e.ToString());
}
}
public ActionResult UserInfo(string userID)
{
var user = UserManager.FindById(userID);
var roles = SQLController.adminListRoles();
CustomDBUser userInfo = SQLController.adminGetUserInfo(userID);
ViewData.Add("user", userInfo);
ViewData.Add("roles", roles);
ViewData.Add("portfolios", _PortfolioRepository.GetPortfolios(user.CustomerID));
return(PartialView("_PartialUserInfo", userInfo));
}
public string UpdateUser(CustomDBUser userInfo)
{
string success = SQLController.adminUpdateUserInfo(userInfo);
return(JsonConvert.SerializeObject(success));
}
