public void Execute(EditAdDto request) { var user = _userManager.FindByIdAsync(request.UserId).Result; var role = _userManager.IsInRoleAsync(user, "Admin").Result; var adExist = Context.Ads.SingleOrDefault(x => x.Id == request.Id); if (!role && request.UserId != adExist.UserId) { throw new UnauthorizedAccessException(); } if (adExist.Id <= 0) { throw new EntityNotFoundException("Ad"); } if (!string.IsNullOrEmpty(request.Subject)) { adExist.Subject = request.Subject; } if (!string.IsNullOrEmpty(request.Description)) { adExist.Description = request.Description; } adExist.AddedDateTime = DateTime.Now; Context.SaveChanges(); }
public IActionResult Put(int id, [FromBody] EditAdDto request) { request.Id = id; try { _editAdCommand.Execute(request); return(Ok()); } catch (Exception ex) { return(StatusCode(500, ex.Message)); } }
public void Execute(EditAdDto request) { var ad = _context.Ads.SingleOrDefault(w => w.Id == request.Id); var user = _userManager.FindByIdAsync(request.UserId).Result; var role = _userManager.IsInRoleAsync(user, "Admin").Result; if (ad == null) { throw new EntityNotFoundException("Ad"); } if (ad.UserId != request.UserId && !role) { throw new ApplicationException("Zabranjen pristup"); } ad.AddedDateTime = DateTime.Now; ad.Subject = request.Subject; ad.Description = request.Description; _context.SaveChanges(); }