public ActionResult Create(Course course)
{
course.UserId = AccountController.GetUserGuid();
if (ModelState.IsValid)
{
_db.Courses.AddObject(course);
_db.SaveChanges();
return RedirectToAction("Index");
}
return View(course);
}
/// <summary>
/// Deprecated Method for adding a new object to the Courses EntitySet. Consider using the .Add method of the associated ObjectSet<T> property instead.
/// </summary>
public void AddToCourses(Course course)
{
base.AddObject("Courses", course);
}
/// <summary>
/// Create a new Course object.
/// </summary>
/// <param name="id">Initial value of the ID property.</param>
/// <param name="name">Initial value of the Name property.</param>
public static Course CreateCourse(global::System.Int32 id, global::System.String name)
{
Course course = new Course();
course.ID = id;
course.Name = name;
return course;
}
public ActionResult Edit(Course course)
{
if (!AccountController.CanUserAccess(course)) return RedirectToAction("AccessDenied", "Account",
new { message = string.Format("У вас нет права редактировать курс {0}. Обратитесь к автору курса или администратору", course.Name) });
if (ModelState.IsValid)
{
_db.Courses.Attach(course);
_db.ObjectStateManager.ChangeObjectState(course,
EntityState.Modified);
_db.SaveChanges();
return RedirectToAction("Index");
}
return View(course);
}
/// <summary>
/// Check if user is course author
/// </summary>
/// <param name="course"></param>
/// <returns></returns>
public static bool IsUserAuthor(Course course)
{
return course.UserId != null && course.UserId == GetUserGuid();
}
/// <summary>
/// Check if user has edit rights for course
/// </summary>
/// <param name="course"></param>
/// <returns></returns>
public static bool CanUserAccess(Course course)
{
return IsUserAdmin() || IsUserAuthor(course);
}
