public ActionResult Create(long organizationId) { if (!db.Organizations.Any(o => o.OrganizationId == organizationId) || !AccessIsAllowed(organizationId)) return HttpNotFound(); var model = new UserCreateViewModel { OrganizationId = organizationId, RoleList = new SelectList(Role.GetRolesForOrganizationCreatableByRole(organizationId, GetLoggedInUser().RoleId), "RoleId", "RoleName"), RunnerClassifications = new SelectList(db.RunnerClassifications.ToList(), "RunnerClassificationId", "RunnerClassificationName"), VarsityLevels = new SelectList(db.VarsityLevels.ToList(), "VarsityLevelId", "VarsityLevelName"), }; return PartialView("CreateForm", model); }
public ActionResult Create(UserCreateViewModel model) { if (!db.Organizations.Any(o => o.OrganizationId == model.OrganizationId) || !AccessIsAllowed(model.OrganizationId)) ModelState.AddModelError("Error", "You are not authorized to add users"); if (GetLoggedInUser().RoleId > model.RoleId) ModelState.AddModelError("RoleId", "You are not authorized to add a user in this role"); if (ModelState.IsValid) { var user = new User { OrganizationId = model.OrganizationId, Username = model.Username, Password = PasswordHash.CreateHash(model.Password), RoleId = model.RoleId, Email = model.Email, Firstname = model.Firstname, Lastname = model.Lastname, Middlename = model.Middlename, Gender = model.Gender, GraduationYear = model.GraduationYear, EligibleForRaces = model.EligibleForRaces, DefaultVarsityLevelId = model.DefaultVarsityLevelId.HasValue ? (int?)model.DefaultVarsityLevelId.Value : null, DefaultRunnerClassificationId = model.DefaultRunnerClassificationId.HasValue ? (int?)model.DefaultRunnerClassificationId : null, CreatedBy = LoggedInUserId, }; db.Users.AddObject(user); TryDBChange(() => db.SaveChanges()); } model.RoleList = new SelectList(Role.GetRolesForOrganizationCreatableByRole(model.OrganizationId, GetLoggedInUser().RoleId), "RoleId", "RoleName"); model.RunnerClassifications = new SelectList(db.RunnerClassifications.ToList(), "RunnerClassificationId", "RunnerClassificationName"); model.VarsityLevels = new SelectList(db.VarsityLevels.ToList(), "VarsityLevelId", "VarsityLevelName"); return PartialView("CreateForm", model); }