public ActionResult Edit(long userId, long organizationId) { if (!db.Users.Any(u => u.UserId == userId && u.OrganizationId == organizationId) || !AccessIsAllowed(organizationId)) return HttpNotFound(); var user = db.Users.Single(u => u.UserId == userId); var model = new UserEditViewModel { UserId = user.UserId, OrganizationId = user.OrganizationId, Username = user.Username, Firstname = user.Firstname, Lastname = user.Lastname, Middlename = user.Middlename, Gender = user.Gender, Email = user.Email, GraduationYear = user.GraduationYear, EligibleForRaces = user.EligibleForRaces, DefaultVarsityLevelId = user.DefaultVarsityLevelId, DefaultRunnerClassificationId = user.DefaultRunnerClassificationId, RoleId = user.RoleId, RoleList = new SelectList(Role.GetRolesForOrganizationCreatableByRole(organizationId, GetLoggedInUser().RoleId) , "RoleId", "RoleName"), RunnerClassifications = new SelectList(db.RunnerClassifications.ToList(), "RunnerClassificationId", "RunnerClassificationName"), VarsityLevels = new SelectList(db.VarsityLevels.ToList(), "VarsityLevelId", "VarsityLevelName"), }; return PartialView("EditForm", model); }
public ActionResult Edit(UserEditViewModel model) { if (!db.Users.Any(u => u.UserId == model.UserId && u.OrganizationId == model.OrganizationId) || !AccessIsAllowed(model.OrganizationId)) ModelState.AddModelError("Error", "You are not authorized to modify this user"); if (GetLoggedInUser().RoleId > model.RoleId) ModelState.AddModelError("RoleId", "You are not authorized to modify a user in this role"); if (ModelState.IsValid) { var user = db.Users.Single(u => u.UserId == model.UserId); user.Firstname = model.Firstname; user.Lastname = model.Lastname; user.Middlename = model.Middlename; user.Gender = model.Gender; user.Email = model.Email; user.GraduationYear = model.GraduationYear; user.EligibleForRaces = model.EligibleForRaces; user.RoleId = model.RoleId; user.DefaultVarsityLevelId = model.DefaultVarsityLevelId.HasValue ? (int?)model.DefaultVarsityLevelId.Value : null; user.DefaultRunnerClassificationId = model.DefaultRunnerClassificationId.HasValue ? (int?)model.DefaultRunnerClassificationId : null; user.ModifiedBy = LoggedInUserId; TryDBChange(() => db.SaveChanges()); } model.RoleList = new SelectList(Role.GetRolesForOrganizationCreatableByRole(model.OrganizationId, GetLoggedInUser().RoleId), "RoleId", "RoleName"); model.RunnerClassifications = new SelectList(db.RunnerClassifications.ToList(), "RunnerClassificationId", "RunnerClassificationName"); model.VarsityLevels = new SelectList(db.VarsityLevels.ToList(), "VarsityLevelId", "VarsityLevelName"); return PartialView("EditForm", model); }