public ActionResult Edit([Bind(Exclude = "Account,Password")] User user)
{
ModelState.Remove("Account");
ModelState.Remove("Password");
if (!ModelState.IsValid)
{
return(View(user));
}
if (!CanUseAction(user.UserID))
{
return(RedirectToAction("AccessDenied", "Home"));
}
ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session);
var existingUser = _db.Users.Find(user.UserID);
if (existingUser == null)
{
return(RedirectToAction("AccessDenied", "Home"));
}
// update existing user (by first remapping excluded properties)
user.Account = existingUser.Account;
user.Password = existingUser.Password;
Mapper.Map(user, existingUser);
// update session
AuthenticationManager.Reauthenticate(existingUser, Session);
_db.Entry(existingUser).State = EntityState.Modified;
_db.SaveChanges();
return(RedirectToAction("Index", "Home"));
}
public ActionResult DeleteConfirmed(int id)
{
var user = _db.Users.Find(id);
if (user != null)
{
if (!CanUseAction(id))
{
return(RedirectToAction("AccessDenied", "Home"));
}
ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session);
_db.Users.Remove(user);
_db.SaveChanges();
}
return(RedirectToAction("Index", "Home"));
}
public ActionResult Edit(int?id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
var user = _db.Users.Find(id);
if (user == null)
{
return(HttpNotFound());
}
if (!CanUseAction(id.Value))
{
return(RedirectToAction("AccessDenied", "Home"));
}
ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session);
return(View(Mapper.Map <User>(user)));
}