public ActionResult UpdateUserRole(int userId, short roleId) { if (userId == 1) { throw new UnauthorizedAccessException("Cannot modify the role of the admin user"); } _roleRepository.AddRoleForUser(userId, roleId); var userEntity = _userRepository.GetUserObjByUserID(userId); userEntity.RoleId = roleId; return(PartialView("UserRole", userEntity)); }
public ActionResult Add(NewUserModel newUserModel) { var urlFormat = string.Empty; var createStatus = true; if (ModelState.IsValid) { var userActivationKey = HashExtensions.GetMD5Hash(string.Format("{0}-{1}-{2}", newUserModel.UserDisplayName, newUserModel.UserEmailAddress, DateTime.Now)); createStatus = _userRepository.AddUser(newUserModel.UserEmailAddress, newUserModel.UserDisplayName, userActivationKey); if (createStatus) { var newUser = _userRepository.GetUserNameByEmail(newUserModel.UserEmailAddress); _roleRepository.AddRoleForUser(newUser.UserID, newUserModel.RoleId); urlFormat = string.Format("{0}account/register?newUserTicket={1}", GetRootUrl(), userActivationKey); var status = Emailer.SendMessage(SettingsRepository.BlogAdminEmailAddress, newUserModel.UserEmailAddress, string.Format("Join {0}", SettingsRepository.BlogName), string.Format(NewUserEmailMeassage, newUserModel.UserDisplayName, SettingsRepository.BlogName, urlFormat, SettingsRepository.BlogName)); if (status) { return(RedirectToRoute("AdminUserManagement")); } } } newUserModel.Title = SettingsRepository.BlogName; var errorMessage = createStatus ? "Unable to send an email because the emailing service failed. Please send the following url to the user " + urlFormat : "Creation/update of new user failed. Check the email address entered."; ModelState.AddModelError("", errorMessage); return(View(newUserModel)); }