Can't make delete/update/edit unique to the users post?

It's difficult to answer this without being able to see your data structure, but I will try to help.

Up vote 1 down vote favorite share g+ share fb share tw.

Hi guys I have a slight problem may be a hard one I have tried to do this with the following code in the index segment of my review controller: var Info = db.tblReviews. Include(x => x. TblGame).

Where(UserInfo => UserInfo.UserName. Equals(User.Identity. Name)).ToList(); return View(Info); and within the first create of the review controller I have applied: ViewBag.

GameIDFK = new SelectList(db. TblGames, "GameID", "GameName"); return View(new tblReview { UserName = @User.Identity. Name }); My problem is I am trying to allow people to write reviews on games, av got it so that all users that post a game are unique and the games are only viewable by there own accounts but when it comes to edit/deleting/updating I cant get it so that the user posted the game review can only delete/update/edit there own games and not the other users.

For example I have two made up users called sham and bam, each user can see the games that they have posted on the review page but when it comes to edting/updating and deleting the review both user delete/edit and update each others posts. This is my review controller: using System; using System.Collections. Generic; using System.

Data; using System.Data. Entity; using System. Linq; using System.

Web; using System.Web. Mvc; using GameTest. Models; namespace GameTest.

Controllers { public class ReviewController : Controller { private gamezoneDBEntities db = new gamezoneDBEntities(); // // GET: /Review/ public ViewResult Index() { var Info = db.tblReviews. Include(x => x. TblGame).

Where(UserInfo => UserInfo.UserName. Equals(User.Identity. Name)).ToList(); return View(Info); } // // GET: /Review/Details/5 public ViewResult Details(int id) { tblReview tblreview = db.tblReviews.

Find(id); return View(tblreview); } // // GET: /Review/Create public ActionResult Create() { ViewBag. GameIDFK = new SelectList(db. TblGames, "GameID", "GameName"); return View(new tblReview { UserName = @User.Identity.

Name }); } // // POST: /Review/Create HttpPost public ActionResult Create(tblReview tblreview) { if (ModelState. IsValid) { db.tblReviews. Add(tblreview); db.SaveChanges(); return RedirectToAction("Index"); } ViewBag.

GameIDFK = new SelectList(db. TblGames, "GameID", "GameName", tblreview. GameIDFK); return View(tblreview); } // // GET: /Review/Edit/5 public ActionResult Edit(int id) { tblReview tblreview = db.tblReviews.

Find(id); ViewBag. GameIDFK = new SelectList(db. TblGames, "GameID", "GameName", tblreview.

GameIDFK); return View(tblreview); } // // POST: /Review/Edit/5 HttpPost public ActionResult Edit(tblReview tblreview) { if (ModelState. IsValid) { db. Entry(tblreview).

State = EntityState. Modified; db.SaveChanges(); return RedirectToAction("Index"); } ViewBag. GameIDFK = new SelectList(db.

TblGames, "GameID", "GameName", tblreview. GameIDFK); return View(tblreview); } // // GET: /Review/Delete/5 public ActionResult Delete(int id) { tblReview tblreview = db.tblReviews. Find(id); return View(tblreview); } // // POST: /Review/Delete/5 HttpPost, ActionName("Delete") public ActionResult DeleteConfirmed(int id) { tblReview tblreview = db.tblReviews.

Find(id); db.tblReviews. Remove(tblreview); db.SaveChanges(); return RedirectToAction("Index"); } protected override void Dispose(bool disposing) { db.Dispose(); base. Dispose(disposing); } } } If you require more please let me know thanks much appreciated c# asp.net asp.net-mvc-3 asp.net-mvc-3-areas link|improve this question edited Apr 6 at 16:43marc_s175k14142283 asked Apr 6 at 16:08user1137472858 42% accept rate.

It's difficult to answer this without being able to see your data structure, but I will try to help. I can see in your Index() action that you are getting the user name to retrieve games. So, it looks like your review object stores some reference to the user that created it.

Therefore, on update/delete, just retrieve the user name again, and if it doesn't match the user name on the review object, don't perform the action. Public ActionResult Edit(int id) { //See if this review id was created by the current user if(!db.tblReviews. Any(UserInfo => UserInfo.UserName.

Equals(User.Identity. Name) && UserInfo. Id == id)) { //Redirect the user away from this edit page, they can't edit this one.

} tblReview tblreview = db.tblReviews. Find(id); ViewBag. GameIDFK = new SelectList(db.

TblGames, "GameID", "GameName", tblreview. GameIDFK); return View(tblreview); }.

– user1137472 Apr 6 at 17:08 Source code added. – SouthShoreAK Apr 6 at 17:37.

You can use the currently logged in user (if you have a security structure) and use the id provided by the Edit action to verify that the id belongs to the list of games associated to the user, if not return something that notifies the user that the id passed in is invalid.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.