public async Task <ActionResult <PhoneBookResponse> > GetPhoneBook(Guid id)
        {
            // Check if phone book exists
            PhoneBook phoneBook = await _phoneBookRepository.GetByIdAsync(id).ConfigureAwait(false);

            if (phoneBook == null)
            {
                return(NotFound());
            }

            // Check if the phone book belongs to the current user
            Guid userId = Guid.Parse(_userInfoService.UserId);

            if (phoneBook.UserId == userId)
            {
                return(Ok(_mapper.Map <PhoneBookResponse>(phoneBook)));
            }

            _logger.LogWarning("User with id {ForbiddenUser} attempted to request a phone book owned by {OwningUser}",
                               userId, phoneBook.UserId);

            // phone book does not belong to the user
            // forbidden request
            return(Forbid());
        }
Example #2
0
        public async Task <ActionResult <PhoneBookEntryResponse> > CreatePhoneBookEntry(Guid phoneBookId,
                                                                                        [FromBody] PhoneBookEntryCreateRequest phoneBookEntryCreateRequest)
        {
            // Check if phone book exists
            PhoneBook phoneBook = await _phoneBookRepository.GetByIdAsync(phoneBookId);

            if (phoneBook == null)
            {
                return(NotFound());
            }

            // Check if the phone book belongs to the current user
            Guid userId = Guid.Parse(_userInfoService.UserId);

            if (phoneBook.UserId == userId)
            {
                PhoneBookEntry phoneBookEntry = _mapper.Map <PhoneBookEntry>(phoneBookEntryCreateRequest);

                phoneBookEntry = await _phoneBookEntryRepository
                                 .CreatePhoneBookEntryForBook(phoneBookId, phoneBookEntry);

                await _phoneBookRepository.SaveChangesAsync();

                return(CreatedAtRoute("GetPhoneBookEntry", new { phonebookId = phoneBook.Id, id = phoneBookEntry.Id },
                                      _mapper.Map <PhoneBookEntryResponse>(phoneBookEntry)));
            }

            _logger.LogWarning("User with id {ForbiddenUser} attempted to request add a phonebook entry to a phone book owned by {OwningUser}",
                               userId, phoneBook.UserId);

            // the phone book does not belong to the user
            // forbidden request
            return(Forbid());
        }