public ActionResult Edit(UserEditViewModel viewModel) { if (ModelState.IsValid) { using (var context = dataContextFactory.Create()) { var user = context.Users.FirstOrDefault(x => x.UserId == viewModel.UserId); if (user == null) return new HttpStatusCodeResult(HttpStatusCode.NotFound); if (!User.IsInRole(Role.SystemAdmin) && user.MembershipUserIdentifier != User.Identity.Name) return new HttpStatusCodeResult(HttpStatusCode.Forbidden); //Email can always be updated user.Email = viewModel.Email; context.SaveChanges(); return RedirectToAction("Index"); } } return Edit(viewModel.UserId); }
/// <summary> /// Edit a single User /// </summary> /// <param name="id">Id if the user to edit</param> /// <returns>Edit User view</returns> public ActionResult Edit(int id) { using (var context = dataContextFactory.Create()) { var user = context.Users.FirstOrDefault(x => x.UserId == id); if (user == null) return new HttpStatusCodeResult(HttpStatusCode.NotFound); if (!User.IsInRole(Role.SystemAdmin) && user.MembershipUserIdentifier != User.Identity.Name) return new HttpStatusCodeResult(HttpStatusCode.Forbidden); var viewModel = new UserEditViewModel() { UserId = user.UserId, Email = user.Email }; return View(viewModel); } }