public async Task <IHttpActionResult> PostCampaignUpdate(CampaignUpdate campaignUpdate) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } // Only the one who created the campaign can add the updates //TODO: What about admins? var campaign = campaignUpdate.Campaign; if (campaign.CreatedById.ToString() != User.Identity.GetUserId()) { return(Unauthorized()); } else if (campaign.Status != CampaignStatus.Approved) { return(BadRequest("Updates can only be added for approved campaigns")); } db.CampaignUpdates.Add(campaignUpdate); await db.SaveChangesAsync(); return(CreatedAtRoute("DefaultApi", new { id = campaignUpdate.Id }, campaignUpdate)); }
public IHttpActionResult GetCampaignUpdate(int id) { CampaignUpdate campaignUpdate = db.CampaignUpdates.Find(id); if (campaignUpdate == null) { return(NotFound()); } return(Ok(campaignUpdate)); }
public async Task <IHttpActionResult> PostCampaignUpdate(int id, CampaignUpdate campaignUpdate) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } if (id != campaignUpdate.Id) { return(BadRequest()); } //Only the one who created the campaign can edit the updates //TODO: What about admins? var campaign = campaignUpdate.Campaign; if (campaign.CreatedById.ToString() != User.Identity.GetUserId()) { return(Unauthorized()); } else if (campaign.Status != CampaignStatus.Approved) { return(BadRequest("Updates can only be edited for approved campaigns")); } else if (campaignUpdate.Status == Models.UpdateStatus.Approved || campaignUpdate.Status == Models.UpdateStatus.Waiting) { return(BadRequest("No update change for validated or waiting updates")); } db.Entry(campaignUpdate).State = EntityState.Modified; try { await db.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!CampaignUpdateExists(id)) { return(NotFound()); } else { throw; } } return(StatusCode(HttpStatusCode.NoContent)); }