public ActionResult Edit([Bind(Exclude = "Account,Password")] User user) { ModelState.Remove("Account"); ModelState.Remove("Password"); if (!ModelState.IsValid) { return(View(user)); } if (!CanUseAction(user.UserID)) { return(RedirectToAction("AccessDenied", "Home")); } ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session); var existingUser = _db.Users.Find(user.UserID); if (existingUser == null) { return(RedirectToAction("AccessDenied", "Home")); } // update existing user (by first remapping excluded properties) user.Account = existingUser.Account; user.Password = existingUser.Password; Mapper.Map(user, existingUser); // update session AuthenticationManager.Reauthenticate(existingUser, Session); _db.Entry(existingUser).State = EntityState.Modified; _db.SaveChanges(); return(RedirectToAction("Index", "Home")); }
private bool CanUseAction(int userId) { var sameUser = AuthenticationManager.IsUserAuthenticated(Session) && AuthenticationManager.UserId(Session) == userId; var isUserAdministrator = AuthenticationManager.IsUserAdministrator(Session); return(sameUser || isUserAdministrator); }
public ActionResult DeleteConfirmed(int id) { var user = _db.Users.Find(id); if (user != null) { if (!CanUseAction(id)) { return(RedirectToAction("AccessDenied", "Home")); } ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session); _db.Users.Remove(user); _db.SaveChanges(); } return(RedirectToAction("Index", "Home")); }
public ActionResult Create([Bind(Exclude = "")] User user) { if (!ModelState.IsValid) { return(View(user)); } // always default to a simple user. var newUser = Mapper.Map <Models.User>(user); _db.Users.Add(newUser); _db.SaveChanges(); return(AuthenticationManager.Authenticate(newUser, user.Password, Session) == SignInStatus.Success ? (ActionResult)RedirectToAction("Index", "Home") : View(user)); }
public ActionResult Edit(int?id) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } var user = _db.Users.Find(id); if (user == null) { return(HttpNotFound()); } if (!CanUseAction(id.Value)) { return(RedirectToAction("AccessDenied", "Home")); } ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session); return(View(Mapper.Map <User>(user))); }