public ActionResult EditPending(PendingUser user, string[] roleNames) { if (Authorized(RoleType.SystemManager)) { if (ModelState.IsValid) { PendingUser userFromDatabase; using (PendingUsersRepository pendingUserRep = new PendingUsersRepository()) { userFromDatabase = pendingUserRep.GetEntity(user.Id); if (userFromDatabase != null) { if (userFromDatabase.CompanyId != CurrentUser.CompanyId) { return(Error(Loc.Dic.error_no_permission)); } RoleType combinedRoles = RoleType.None; List <RoleType> forbiddenRoles = GetForbiddenRoles(); foreach (string roleName in roleNames) { RoleType role; if (Enum.TryParse(roleName, out role) && !forbiddenRoles.Contains(role)) { combinedRoles = Roles.CombineRoles(combinedRoles, role); } else { return(Error(Loc.Dic.error_invalid_form)); } } userFromDatabase.Email = user.Email; userFromDatabase.Roles = (int)combinedRoles; userFromDatabase.OrdersApproverId = user.OrdersApproverId.HasValue && user.OrdersApproverId.Value == -1 ? null : user.OrdersApproverId; pendingUserRep.Update(userFromDatabase); return(RedirectToAction("Index")); } else { return(Error(Loc.Dic.error_user_not_found)); } } } else { return(Error(ModelState)); } } else { return(Error(Loc.Dic.error_no_permission)); } }
public ActionResult EditPending(PendingUser user, string[] roleNames) { if (Authorized(RoleType.SystemManager)) { if (ModelState.IsValid) { PendingUser userFromDatabase; using (PendingUsersRepository pendingUserRep = new PendingUsersRepository()) { userFromDatabase = pendingUserRep.GetEntity(user.Id); if (userFromDatabase != null) { if (userFromDatabase.CompanyId != CurrentUser.CompanyId) return Error(Loc.Dic.error_no_permission); RoleType combinedRoles = RoleType.None; List<RoleType> forbiddenRoles = GetForbiddenRoles(); foreach (string roleName in roleNames) { RoleType role; if (Enum.TryParse(roleName, out role) && !forbiddenRoles.Contains(role)) { combinedRoles = Roles.CombineRoles(combinedRoles, role); } else { return Error(Loc.Dic.error_invalid_form); } } userFromDatabase.Email = user.Email; userFromDatabase.Roles = (int)combinedRoles; userFromDatabase.OrdersApproverId = user.OrdersApproverId.HasValue && user.OrdersApproverId.Value == -1 ? null : user.OrdersApproverId; pendingUserRep.Update(userFromDatabase); return RedirectToAction("Index"); } else { return Error(Loc.Dic.error_user_not_found); } } } else { return Error(ModelState); } } else { return Error(Loc.Dic.error_no_permission); } }