public ActionResult ManageAlbum(int id)
{
AlbumRepository albums = new AlbumRepository();
AlbumModel album = albums.GetByIdForManage(id);
UserRepository users = new UserRepository();
var user = users.GetByUsername(HttpContext.User.Identity.Name);
//access control
if (!albums.isUserAuthorizedToEditAlbum(album, user))
return View("NotAuthorizedEdit");
return View(album);
}
public ActionResult Edit(int id)
{
AlbumRepository albums = new AlbumRepository();
AlbumModel album = albums.GetByIdForEdit(id);
UserRepository users = new UserRepository();
var user = users.GetByUsername(HttpContext.User.Identity.Name);
//access control
if (!albums.isUserAuthorizedToEditAlbum(album, user))
return View("NotAuthorizedEdit");
PrepareCategories();
ViewData["usersList"] = string.Join(", ", album.TrustedUsers.Select(u => u.Login));
return View(album);
}
