public async Task <IActionResult> Get(int id)
{
var survey = await _surveyStore.GetSurveyAsync(id);
if (survey == null)
{
return(HttpNotFound());
}
// The AuthorizationService uses the policies in the Tailspin.Surveys.Security project
if (!await _authorizationService.AuthorizeAsync(User, survey, Operations.Read))
{
return(new HttpStatusCodeResult((int)HttpStatusCode.Forbidden));
}
return(new ObjectResult(DataMapping._surveyToDto(survey)));
}
public async Task <IActionResult> Get(int id)
{
var survey = await _surveyStore.GetSurveyAsync(id);
if (survey == null)
{
return(NotFound());
}
// The AuthorizationService uses the policies in the Tailspin.Surveys.Security project
if (!(await _authorizationService.AuthorizeAsync(User, survey, Operations.Read)).Succeeded)
{
return(StatusCode(403));
}
return(Ok(DataMapping._surveyToDto(survey)));
}
public async Task <IActionResult> Create(int id, [FromBody] QuestionDTO questionDto)
{
if (questionDto == null)
{
return(BadRequest());
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var question = new Question
{
SurveyId = id,
Text = questionDto.Text,
Type = questionDto.Type,
PossibleAnswers = questionDto.PossibleAnswers
};
var survey = await _surveyStore.GetSurveyAsync(question.SurveyId);
if (survey == null)
{
return(NotFound());
}
// The AuthorizationService uses the policies in the Tailspin.Surveys.Security project
if (!await _authorizationService.AuthorizeAsync(User, survey, Operations.Update))
{
return(new StatusCodeResult((int)HttpStatusCode.Forbidden));
}
await _questionStore.AddQuestionAsync(question);
return(CreatedAtRoute("GetQuestion", new { controller = "Question", id = question.Id }, questionDto));
}
