public ActionResult CreateAccountPermission(AccountPermissionCreateViewModel model) { if (ModelState.IsValid) { AccountPermission accountPermission = new AccountPermission() { permissionID = model.permissionID, email = model.email, createDate = DateTime.Now, }; //admin permissions cannot be added to an account that does not exist on the system var existingMember = accountDAO.FetchByEmail(model.email); if (existingMember == null) { TempData["errorMessage"] = "This user does not exist in the system"; return(RedirectToAction("AccountPermissionIndex")); } //admin permissions cannot be given to a user who has a profile if (existingMember != null) { var profile = profileDAO.fetchByAccountID(existingMember.accountID); if (profile != null) { TempData["errorMessage"] = "This user is a site member. Site members cannot be admin also !."; return(RedirectToAction("AccountPermissionIndex")); } else if (profile == null) { //admin permissions cannot be given to a user who is already admin var existingAdmin = accountPermissionDAO.FetchByEmail(model.email); if (existingAdmin != null) { TempData["errorMessage"] = "This user is already admin. You can change their permission in Admin Users/Change Permission !"; return(RedirectToAction("AccountPermissionIndex")); } else if (existingAdmin == null) { //adds the admin user to the database accountPermission.accountID = existingMember.accountID; accountPermissionDAO.CreateAccountPermission(accountPermission); alertService.AddAdminUserCreatedAlert(accountPermission); //creates alert for admin news feed TempData["successMessage"] = "Success. You have created a new admin user !"; return(RedirectToAction("AccountPermissionIndex")); } } } } model.Permissions = accountPermissionDAO.FetchAllPermissions(); model.adminUser = true; return(View(model)); }
public ActionResult CreateAccountPermission() { //prevents users from accessing the page if they are not logged in if (userSession.LoggedIn == false) { return(Content("You are not logged in ! Please login to view this page")); } //allows only admin users to access this method Account account = userSession.CurrentUser; var adminUser = accountPermissionDAO.FetchByEmail(account.email); if (adminUser == null) { return(Content("Only Super Admin users are permitted to view this page")); } if (adminUser.Permission.name != "SuperAdmin") { return(Content("Only Super Admin users are permitted to view this page")); } AccountPermissionCreateViewModel model = new AccountPermissionCreateViewModel(accountPermissionDAO.FetchAllPermissions()); model.Permissions = accountPermissionDAO.FetchAllPermissions(); if (userSession.LoggedIn == true) { model.userSession = true; } else if (userSession.LoggedIn != true) { model.userSession = false; } model.loggedInAccount = account; model.loggedInAccountID = account.accountID; model.permissionType = adminUser.Permission.name; model.adminUser = true; return(View(model)); }