//Edit Lecturer Profile Page
//GET: Lecturer/Edit/5
public ActionResult Edit(int?id)
{
if ((HttpContext.Session.GetString("Role") == null) ||
(HttpContext.Session.GetString("Role") != "Lecturer"))
{
return(RedirectToAction("Index", "Home"));
}
//set a variable from the session string logged in Lecturer's ID
int lecturerid = Convert.ToInt32(HttpContext.Session.GetString("ID"));
//check if id is null or if the id matches the currently logged in user
if (id == null || lecturerid != id.Value)
{
return(RedirectToAction("Index"));
}
//get the lecturer details and prepare to return it to the edit view
LecturerEdit lecturer = lecturerContext.EditLecturerDetails(id.Value);
//check whether lecturer actually exists and whether the ID matches the logged in lecturer ID
if (lecturer == null || lecturerid != lecturer.LecturerId)
{
TempData["ErrorMessage"] = "You are not allowed to edit other lecturer's profile!";
return(RedirectToAction("Index"));
}
//if everything is ok, return the lecturer object to the view
return(View(lecturer));
}
public ActionResult Edit(LecturerEdit lecturer)
{
if (ModelState.IsValid)
{ //Update staff record to database
lecturerContext.Update(lecturer);
HttpContext.Session.SetString("LoginName", lecturer.Name.ToString());
return(RedirectToAction("Index"));
}
ViewData["Message"] = "Check your fields again!";
return(View(lecturer));
}
public LecturerEdit EditLecturerDetails(int lecturerId)
{
SqlCommand cmd = new SqlCommand("SELECT * FROM Lecturer WHERE LecturerID = @selectedLecturerID", conn);
cmd.Parameters.AddWithValue("@selectedLecturerID", lecturerId);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet result = new DataSet();
conn.Open();
da.Fill(result, "LecturerDetails");
conn.Close();
LecturerEdit lecturer = new LecturerEdit();
if (result.Tables["LecturerDetails"].Rows.Count > 0)
{
lecturer.LecturerId = lecturerId;
DataTable table = result.Tables["LecturerDetails"];
if (!DBNull.Value.Equals(table.Rows[0]["Name"]))
{
lecturer.Name = table.Rows[0]["Name"].ToString();
}
if (!DBNull.Value.Equals(table.Rows[0]["EmailAddr"]))
{
lecturer.Email = table.Rows[0]["EmailAddr"].ToString();
}
if (!DBNull.Value.Equals(table.Rows[0]["Password"]))
{
lecturer.Password = table.Rows[0]["Password"].ToString();
}
if (!DBNull.Value.Equals(table.Rows[0]["Description"]))
{
lecturer.Description = table.Rows[0]["Description"].ToString();
}
return(lecturer);
}
else
{
return(null);
}
}
public int Update(LecturerEdit lecturer)
{
SqlCommand cmd = new SqlCommand("UPDATE Lecturer SET Name=@name, EmailAddr=@email, Description=@desc" +
" WHERE LecturerID = @selectedLecturerID", conn);
cmd.Parameters.AddWithValue("@name", lecturer.Name);
cmd.Parameters.AddWithValue("@email", lecturer.Email);
if (lecturer.Description != null)
{
cmd.Parameters.AddWithValue("@desc", lecturer.Description);
}
else
{
cmd.Parameters.AddWithValue("@desc", DBNull.Value);
}
cmd.Parameters.AddWithValue("@selectedLecturerID", lecturer.LecturerId);
conn.Open();
int count = cmd.ExecuteNonQuery();
conn.Close();
return(count);
}
