public ActionResult Edit(int id, BusinessLogicLayer.OwnedItemBLL collection) { try { using (ContextBLL ctx = new ContextBLL()) { OwnedItemBLL Mine = ctx.FindOwnedItemByID(collection.OwnedItemID); if (null == Mine) { return(View("ItemNotFound")); } if (!IsThisMine(ctx, Mine)) { return(View("NotYourItem")); } ctx.UpdateOwnedItem(collection); } return(RedirectToAction("Index")); } catch (Exception Ex) { ViewBag.Exception = Ex; return(View("Error")); } }
public ActionResult Delete(int id, BusinessLogicLayer.OwnedItemBLL collection) { try { // TODO: Add insert logic here using (ContextBLL ctx = new ContextBLL()) { OwnedItemBLL Mine = ctx.FindOwnedItemByID(id); if (null == Mine) { return(View("ItemNotFound")); } if (!IsThisMine(ctx, Mine)) { return(View("NotYourItem")); } ctx.DeleteOwnedItem(id); } return(RedirectToAction("Index")); } catch (Exception Ex) { ViewBag.Exception = Ex; return(View("Error")); } }
// GET: Role/Create public ActionResult Create() { OwnedItemBLL defItem = new OwnedItemBLL(); defItem.OwnedItemID = 0; using (ContextBLL ctx = new ContextBLL()) { ViewBag.Users = GetUserItems(ctx); return(View(defItem)); } }
bool IsThisMine(ContextBLL ctx, OwnedItemBLL Mine) { if (User.IsInRole(MagicConstants.AdminRoleName)) { return(true); } UserBLL me = ctx.FindUserByEMail(User.Identity.Name); if (me == null) { return(false); } return(me.UserID == Mine.OwnerID); }