public ActionResult Order(int ID)
{
if(Session["CustomerEmail"] == null)
return RedirectToAction("AccessDenied");
Order order = new DAOrder().selectOne(ID);
if (!order.customer.email.Equals((string)Session["CustomerEmail"]))
return RedirectToAction("AccessDenied");
return View(order);
}
public ActionResult NewOrder()
{
if(Session["CustomerEmail"] == null)
return RedirectToAction("AccessDenied");
int orderID = new DAOrder().insert(new Order((ShoppingCart)Session["ShoppingCart"],
new Customer() { ID = new DACustomer().selectOne((string)Session["CustomerEmail"]).ID }));
UpdateItemQuantity();
Session["ShoppingCart"] = new ShoppingCart();
Session["ShoppingCartQuantity"] = 0;
Session["ShoppingCartPrice"] = 0;
return RedirectToAction("Order", new { ID = orderID });
}
