public IActionResult Update(int entryId, [FromBody] EntryDataDTO updatedEntryDTO)
{
var entry = _context.Entries.Find(entryId);
var currentUser = _userService.GetCurrentUser();
if (entry == null)
{
return(BadRequest("Invalid entry ID."));
}//if the current user is not the admin, we require both the current and new userId to be the same as current userID in order to allow the change
else if (currentUser.Role != UserRole.Admin && (currentUser.Id != updatedEntryDTO.UserId || entry.UserId != currentUser.Id))
{
return(BadRequest("Only admin users may change the user an entry belongs to."));
}
else
{
entry.Date = updatedEntryDTO.Date;
entry.DistanceInMeters = updatedEntryDTO.DistanceInMeters;
entry.TimeInSeconds = updatedEntryDTO.TimeInSeconds;
entry.UserId = updatedEntryDTO.UserId;
_context.SaveChanges();
return(Ok());
}
}
public IActionResult Create([FromBody] EntryDataDTO newEntryDTO)
{
if (_context.Users.Find(newEntryDTO.UserId) == null)
{
return(BadRequest("Invalid userId."));
}
if (_userService.GetCurrentUser().CanAccessEntriesForUser(newEntryDTO.UserId) == false)
{
return(BadRequest("Access denied."));
}
else
{
var entry = new Entry()
{
Date = newEntryDTO.Date,
DistanceInMeters = newEntryDTO.DistanceInMeters,
TimeInSeconds = newEntryDTO.TimeInSeconds,
UserId = newEntryDTO.UserId
};
_context.Entries.Add(entry);
_context.SaveChanges();
return(Ok());
}
}