public static Boolean canEdit(Question c)
{
var user = m.LoggedInUser();
if (user != null && (user == c.Author.Username || Roles.GetRolesForUser().Intersect(editor).Count() > 0))
{
return true;
}
return false;
}
public ActionResult Create(Question question)
{
question.Date = DateTime.Now;
String u = Membership.GetUser().UserName;
question.UserId = context.Users.Single(x => x.Username == u).UserId;
if (ModelState.IsValid)
{
context.Questions.Add(question);
context.SaveChanges();
return RedirectToAction("Index");
}
return View(question);
}
public ActionResult Edit(Question question)
{
Question q = context.Questions.Single(x => x.QuestionId == question.QuestionId);
question.UserId = q.UserId;
question.Date = q.Date;
if (ModelHelpers.canEdit(question))
{
if (ModelState.IsValid)
{
context.Entry(q).CurrentValues.SetValues(question);
context.SaveChanges();
return RedirectToAction("Index");
}
ViewBag.PossibleUsers = context.Users;
return View(question);
}
TempData["Error"] = "Not authorized";
return Redirect(Request.UrlReferrer.ToString());
}