示例#1
0
        public ActionResult Edit([Bind(Exclude = "Account,Password")] User user)
        {
            ModelState.Remove("Account");
            ModelState.Remove("Password");
            if (!ModelState.IsValid)
            {
                return(View(user));
            }

            if (!CanUseAction(user.UserID))
            {
                return(RedirectToAction("AccessDenied", "Home"));
            }
            ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session);

            var existingUser = _db.Users.Find(user.UserID);

            if (existingUser == null)
            {
                return(RedirectToAction("AccessDenied", "Home"));
            }


            // update existing user (by first remapping excluded properties)
            user.Account  = existingUser.Account;
            user.Password = existingUser.Password;
            Mapper.Map(user, existingUser);
            // update session
            AuthenticationManager.Reauthenticate(existingUser, Session);

            _db.Entry(existingUser).State = EntityState.Modified;
            _db.SaveChanges();
            return(RedirectToAction("Index", "Home"));
        }
示例#2
0
        private bool CanUseAction(int userId)
        {
            var sameUser = AuthenticationManager.IsUserAuthenticated(Session) &&
                           AuthenticationManager.UserId(Session) == userId;
            var isUserAdministrator = AuthenticationManager.IsUserAdministrator(Session);

            return(sameUser || isUserAdministrator);
        }
示例#3
0
        public ActionResult DeleteConfirmed(int id)
        {
            var user = _db.Users.Find(id);

            if (user != null)
            {
                if (!CanUseAction(id))
                {
                    return(RedirectToAction("AccessDenied", "Home"));
                }

                ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session);
                _db.Users.Remove(user);
                _db.SaveChanges();
            }

            return(RedirectToAction("Index", "Home"));
        }
示例#4
0
        public ActionResult Create([Bind(Exclude = "")] User user)
        {
            if (!ModelState.IsValid)
            {
                return(View(user));
            }

            // always default to a simple user.
            var newUser = Mapper.Map <Models.User>(user);


            _db.Users.Add(newUser);
            _db.SaveChanges();


            return(AuthenticationManager.Authenticate(newUser, user.Password, Session) == SignInStatus.Success
                ? (ActionResult)RedirectToAction("Index", "Home")
                : View(user));
        }
示例#5
0
        public ActionResult Edit(int?id)
        {
            if (id == null)
            {
                return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
            }
            var user = _db.Users.Find(id);

            if (user == null)
            {
                return(HttpNotFound());
            }

            if (!CanUseAction(id.Value))
            {
                return(RedirectToAction("AccessDenied", "Home"));
            }

            ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session);

            return(View(Mapper.Map <User>(user)));
        }