public async Task <ActionResult <V1DTO.Order> > PostOrder(V1DTO.Order order)
{
if (User.IsInRole("Restaurant") && !await _bll.RestaurantUsers.AnyAsync(ru =>
ru.AppUserId.Equals(User.UserGuidId()) && ru.RestaurantId.Equals(order.RestaurantId)))
{
return(Unauthorized(new V1DTO.MessageDTO("User not authorized for this restaurant")));
}
var bllEntity = _mapper.Map(order);
bllEntity.AppUserId = User.UserGuidId();
_bll.Orders.Add(bllEntity);
await _bll.SaveChangesAsync();
order.Id = bllEntity.Id;
return(CreatedAtAction("GetOrder",
new { id = order.Id, version = HttpContext.GetRequestedApiVersion()?.ToString() ?? "0" },
order));
}
public async Task <IActionResult> PutOrder(Guid id, V1DTO.Order order)
{
if (User.IsInRole("Restaurant") && !await _bll.RestaurantUsers.AnyAsync(ru =>
ru.AppUserId.Equals(User.UserGuidId()) && ru.RestaurantId.Equals(order.RestaurantId)))
{
return(Unauthorized(new V1DTO.MessageDTO("User not authorized for this restaurant")));
}
if (id != order.Id)
{
return(BadRequest(new V1DTO.MessageDTO("Id and Order.Id do not match")));
}
var bllEntity = _mapper.Map(order);
bllEntity.AppUserId = (await _bll.Orders.FirstOrDefaultAsync(id)).AppUserId;
await _bll.Orders.UpdateAsync(bllEntity);
await _bll.SaveChangesAsync();
return(NoContent());
}
