//Edit Lecturer Profile Page //GET: Lecturer/Edit/5 public ActionResult Edit(int?id) { if ((HttpContext.Session.GetString("Role") == null) || (HttpContext.Session.GetString("Role") != "Lecturer")) { return(RedirectToAction("Index", "Home")); } //set a variable from the session string logged in Lecturer's ID int lecturerid = Convert.ToInt32(HttpContext.Session.GetString("ID")); //check if id is null or if the id matches the currently logged in user if (id == null || lecturerid != id.Value) { return(RedirectToAction("Index")); } //get the lecturer details and prepare to return it to the edit view LecturerEdit lecturer = lecturerContext.EditLecturerDetails(id.Value); //check whether lecturer actually exists and whether the ID matches the logged in lecturer ID if (lecturer == null || lecturerid != lecturer.LecturerId) { TempData["ErrorMessage"] = "You are not allowed to edit other lecturer's profile!"; return(RedirectToAction("Index")); } //if everything is ok, return the lecturer object to the view return(View(lecturer)); }
public ActionResult Edit(LecturerEdit lecturer) { if (ModelState.IsValid) { //Update staff record to database lecturerContext.Update(lecturer); HttpContext.Session.SetString("LoginName", lecturer.Name.ToString()); return(RedirectToAction("Index")); } ViewData["Message"] = "Check your fields again!"; return(View(lecturer)); }
public LecturerEdit EditLecturerDetails(int lecturerId) { SqlCommand cmd = new SqlCommand("SELECT * FROM Lecturer WHERE LecturerID = @selectedLecturerID", conn); cmd.Parameters.AddWithValue("@selectedLecturerID", lecturerId); SqlDataAdapter da = new SqlDataAdapter(cmd); DataSet result = new DataSet(); conn.Open(); da.Fill(result, "LecturerDetails"); conn.Close(); LecturerEdit lecturer = new LecturerEdit(); if (result.Tables["LecturerDetails"].Rows.Count > 0) { lecturer.LecturerId = lecturerId; DataTable table = result.Tables["LecturerDetails"]; if (!DBNull.Value.Equals(table.Rows[0]["Name"])) { lecturer.Name = table.Rows[0]["Name"].ToString(); } if (!DBNull.Value.Equals(table.Rows[0]["EmailAddr"])) { lecturer.Email = table.Rows[0]["EmailAddr"].ToString(); } if (!DBNull.Value.Equals(table.Rows[0]["Password"])) { lecturer.Password = table.Rows[0]["Password"].ToString(); } if (!DBNull.Value.Equals(table.Rows[0]["Description"])) { lecturer.Description = table.Rows[0]["Description"].ToString(); } return(lecturer); } else { return(null); } }
public int Update(LecturerEdit lecturer) { SqlCommand cmd = new SqlCommand("UPDATE Lecturer SET Name=@name, EmailAddr=@email, Description=@desc" + " WHERE LecturerID = @selectedLecturerID", conn); cmd.Parameters.AddWithValue("@name", lecturer.Name); cmd.Parameters.AddWithValue("@email", lecturer.Email); if (lecturer.Description != null) { cmd.Parameters.AddWithValue("@desc", lecturer.Description); } else { cmd.Parameters.AddWithValue("@desc", DBNull.Value); } cmd.Parameters.AddWithValue("@selectedLecturerID", lecturer.LecturerId); conn.Open(); int count = cmd.ExecuteNonQuery(); conn.Close(); return(count); }