public async Task <IActionResult> UpdatePhoneAsync(int id, [FromBody] UpdatePhoneDto requestDto)
{
_logger.LogInformation($"User trying to update existing phone with id {id}");
var entity = await _phones.FindPhoneAsync(id);
var userId = this.User.FindFirstValue(ClaimTypes.NameIdentifier);
if (entity == default(Phone))
{
_logger.LogWarning($"User requested not existing phone");
return(NotFound());
}
if (entity.CustomerId.ToString() != userId)
{
_logger.LogWarning($"User is tried to update not his own phone");
return(Forbid());
}
entity = _mapper.Map(requestDto, entity);
//TODO: Sanitize entities for avoid OWASP Top 10 A7:2017-Cross-Site Scripting (XSS)
_logger.LogInformation($"Validating updated phone");
if (ModelState.IsValid)
{
TryValidateModel(entity);
}
if (!ModelState.IsValid)
{
var errors = ModelState.FormatModelErrors();
_logger.LogWarning($"Updated advertisement did not pass entity validation", errors);
return(BadRequest(errors));
}
entity = await _phones.UpdatePhoneAsync(entity);
_logger.LogInformation($"Phone with identificator {entity.Id} updated");
var result = _mapper.Map <PhoneDto>(entity);
return(Ok(result));
}