public ActionResult ManageAlbum(int id) { AlbumRepository albums = new AlbumRepository(); AlbumModel album = albums.GetByIdForManage(id); UserRepository users = new UserRepository(); var user = users.GetByUsername(HttpContext.User.Identity.Name); //access control if (!albums.isUserAuthorizedToEditAlbum(album, user)) return View("NotAuthorizedEdit"); return View(album); }
public ActionResult Edit(int id) { AlbumRepository albums = new AlbumRepository(); AlbumModel album = albums.GetByIdForEdit(id); UserRepository users = new UserRepository(); var user = users.GetByUsername(HttpContext.User.Identity.Name); //access control if (!albums.isUserAuthorizedToEditAlbum(album, user)) return View("NotAuthorizedEdit"); PrepareCategories(); ViewData["usersList"] = string.Join(", ", album.TrustedUsers.Select(u => u.Login)); return View(album); }