public ActionResult DeleteConfirm(int id) { bool result = ProductRepo.Delete(id); UserViewModel modul = CompanyRepo.GetIdByName(User.Identity.Name); if (modul.Role == "Admin") { if (CompanyRepo.Delete(id)) { return(Json(new { success = result, entity = "", message = "delete success" }, JsonRequestBehavior.AllowGet)); } else { return(Json(new { success = result, entity = "", message = "delete fail" }, JsonRequestBehavior.AllowGet)); } } else { return(new RedirectToRouteResult(new RouteValueDictionary(new { controller = "AccessDenied", action = "Index" }))); } }
//GET public ActionResult Create() { UserViewModel model = CompanyRepo.GetIdByName(User.Identity.Name); if (model.Role == "Admin") { return(PartialView("_Create", new CompanyViewModel())); } else { return(new RedirectToRouteResult(new RouteValueDictionary(new { controller = "AccessDenied", action = "Index" }))); } }
public ActionResult Delete(CompanyViewModel model) { UserViewModel modul = CompanyRepo.GetIdByName(User.Identity.Name); if (modul.Role == "Admin") { return(RedirectToAction("Index")); } else { return(new RedirectToRouteResult(new RouteValueDictionary(new { controller = "AccessDenied", action = "Index" }))); } }
//GET public ActionResult Edit(int id) { UserViewModel modul = CompanyRepo.GetIdByName(User.Identity.Name); if (modul.Role == "Admin") { CompanyViewModel model = CompanyRepo.GetById(id); return(PartialView("_Edit", model)); } else { return(new RedirectToRouteResult(new RouteValueDictionary(new { controller = "AccessDenied", action = "Index" }))); } }