public async Task <IActionResult> PutUserBasicDetails(int id, UserBasicDetails userBasicDetails)
{
if (id != userBasicDetails.Id)
{
return(BadRequest());
}
_context.Entry(userBasicDetails).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!UserBasicDetailsExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(NoContent());
}
public async Task <ActionResult <UserBasicDetails> > PostUserBasicDetails(UserBasicDetails userBasicDetails)
{
_context.UserBasicDetails.Add(userBasicDetails);
await _context.SaveChangesAsync();
return(CreatedAtAction("GetUserBasicDetails", new { id = userBasicDetails.Id }, userBasicDetails));
}
// GET: Vendors/Details/5
public async Task <ActionResult> Details(int?id)
{
if (!User.Identity.IsAuthenticated)
{
return(RedirectToAction("Login", "Account"));
}
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
//Check if user belongs to this vendor. If not, deny access
string userId = User.Identity.GetUserId();
var user = await db.Users.FirstOrDefaultAsync(x => x.Id == userId);
int userVendorID = user.VendorID;
if (userVendorID != id && !(User.IsInRole("Administrator") || User.IsInRole("Manager")))
{
return(RedirectToAction("Warning", "Home", new { message = "ACCESS DENIED - You can't view other Vendor Details" }));
}
Vendor vendor = await db.Vendors.FindAsync(id);
if (vendor == null)
{
return(HttpNotFound());
}
// Find all users with this vendor
var users = db.Users.Where(x => x.VendorID == id);
// Create view model to return
VendorDetails vd = new VendorDetails();
vd.Vendor = vendor;
vd.Users = new List <UserBasicDetails>();
foreach (var item in users)
{
UserBasicDetails temp = new UserBasicDetails
{
FirstName = item.FirstName,
LastName = item.LastName,
Email = item.Email,
Phone = item.PersonalPhone
};
vd.Users.Add(temp);
}
return(View(vd));
}
