public IActionResult CheckItem([FromBody] BaseDto user, int itemId)
{
string unprotectedId;
try
{
unprotectedId = _protector.Unprotect(user.Credential);
}
catch (CryptographicException)
{
return(Unauthorized());
}
var userId = int.Parse(unprotectedId);
var projectsUsers = _projectUsersRepository
.GetAll(p => p.UserId == userId && p.IsAccepted)
.AsNoTracking();
var checkingItem = _repository.GetAll(i => i.Id == itemId).First();
// User is modifying the item, which is not owned by him.
if (!ToDoItemsHelper.IsItemOwnedByUser(_repository, checkingItem, userId, projectsUsers))
{
return(NotFound());
}
checkingItem.CompleteDate = DateTime.UtcNow;
_repository.Edit(checkingItem);
return(Ok());
}
public HttpResponseMessage UpdateItem([FromBody] ToDoItemDto item)
{
int userId;
if (!ModelState.IsValid)
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest));
}
try
{
var unprotectedId = _protector.Unprotect(item.Credential);
userId = int.Parse(unprotectedId);
}
catch (CryptographicException)
{
return(new HttpResponseMessage(HttpStatusCode.Unauthorized));
}
try
{
var editedItem = _dtoMapper.Map <ToDoItem>(item);
var projectsUsers = _projectUsersRepository
.GetAll(p => p.UserId == userId && p.IsAccepted)
.AsNoTracking();
// User is modifying the item, which is not owned by him.
if (!ToDoItemsHelper.IsItemOwnedByUser(_repository, editedItem, userId, projectsUsers))
{
return(new HttpResponseMessage(HttpStatusCode.NotFound));
}
editedItem.UserId = userId;
_repository.Edit(editedItem);
return(new HttpResponseMessage(HttpStatusCode.OK));
}
catch (Exception)
{
return(new HttpResponseMessage(HttpStatusCode.NotModified));
}
}