public ActionResult Edit(UserEditModel model)
{
if (User.Id() != model.Id && !User.IsInRole(Definitions.Roles.Administrator))
{
return(RedirectToAction("Unauthorized", "Home"));
}
if (AuthenticationSettings.DemoModeActive && User.IsInRole(Definitions.Roles.Administrator) && User.Id() == model.Id)
{
// Don't allow the admin user to be changed in demo mode
return(RedirectToAction("Unauthorized", "Home"));
}
if (ModelState.IsValid)
{
bool valid = true;
if (!User.IsInRole(Definitions.Roles.Administrator) && (model.OldPassword == null && model.NewPassword != null))
{
ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordEmpty);
valid = false;
}
if (model.OldPassword != null && MembershipService.ValidateUser(model.Username, model.OldPassword) != ValidationResult.Success)
{
ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordIncorrect);
valid = false;
}
if (User.IsInRole(Definitions.Roles.Administrator) && model.Id == User.Id() && !(model.PostedSelectedRoles != null && model.PostedSelectedRoles.Contains(Definitions.Roles.Administrator)))
{
ModelState.AddModelError("Roles", Resources.Account_Edit_CannotRemoveYourselfFromAdminRole);
valid = false;
}
if (valid)
{
MembershipService.UpdateUser(model.Id, model.Username, model.Name, model.Surname, model.Email, model.NewPassword);
// Only Administrators can make any changes to roles
if (User.IsInRole(Definitions.Roles.Administrator))
{
RoleProvider.RemoveUserFromRoles(model.Id, RoleProvider.GetAllRoles());
if (model.PostedSelectedRoles != null)
{
RoleProvider.AddUserToRoles(model.Id, model.PostedSelectedRoles);
}
}
ViewBag.UpdateSuccess = true;
}
}
model.Roles = RoleProvider.GetAllRoles();
model.SelectedRoles = model.PostedSelectedRoles;
return(View(model));
}
public ActionResult Edit(UserEditModel model)
{
if (!User.Id().Equals(model.Username, StringComparison.OrdinalIgnoreCase) && !User.IsInRole(Definitions.Roles.Administrator))
{
return(RedirectToAction("Unauthorized", "Home"));
}
if (ModelState.IsValid)
{
bool valid = true;
if (!User.IsInRole(Definitions.Roles.Administrator) && (model.OldPassword == null && model.NewPassword != null))
{
ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordEmpty);
valid = false;
}
if (model.OldPassword != null && MembershipService.ValidateUser(model.Username, model.OldPassword) != ValidationResult.Success)
{
ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordIncorrect);
valid = false;
}
if (User.IsInRole(Definitions.Roles.Administrator) && model.Username.Equals(User.Id(), StringComparison.OrdinalIgnoreCase) && !(model.Roles != null && model.Roles.Contains(Definitions.Roles.Administrator)))
{
ModelState.AddModelError("Roles", Resources.Account_Edit_CannotRemoveYourselfFromAdminRole);
valid = false;
}
if (valid)
{
MembershipService.UpdateUser(model.Username, model.Name, model.Surname, model.Email, model.NewPassword);
RoleProvider.RemoveUserFromRoles(model.Username, RoleProvider.GetAllRoles());
if (model.Roles != null)
{
RoleProvider.AddUserToRoles(model.Username, model.Roles);
}
ViewBag.UpdateSuccess = true;
}
}
PopulateRoles();
return(View(model));
}
