public async Task <IActionResult> Update(RouteCreateViewModel model) { //Cannot be null as Role requires user being logged in ApplicationUser user = await _userService.GetUserAsync(User); if ( !(ModelState.IsValid && ( await _routeService.IsRouteCreatedByUser(model.UpdateID, user.Id) || await _userService.IsInRoleAsync(user, RoleHandler.Admin)))) { HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return(Content("You don't have access to this action. 403 Forbidden")); } Route route = _routeService.GetRouteById(model.UpdateID); route.RouteID = model.RouteID; route.Note = model.Note; route.GripColour = model.GripColor; route.RouteDifficultyID = model.RouteDifficultyID; route.Date = DateTime.ParseExact(model.Date, "dd-MM-yyyy", CultureInfo.InvariantCulture); // Remove and add sections (update) _routeService.RemoveSectionsFromRoute(model.UpdateID, model.RouteSectionID); _routeService.AddSectionToRoute(model.UpdateID, model.RouteSectionID); // Remove and add builders (update) _routeService.RemoveBuildersFromRoute(model.UpdateID, model.Builders); _routeService.AddBuildersToRoute(model.UpdateID, model.Builders); // Remove images if the user deleted them on website _routeService.RemoveImagesFromRoute(_environment.WebRootPath, model.ImagePathRelationID); // If the video url is updated we want to update this in the attachment _routeService.UpdateVideoUrlInAttachment(model.AttachmentID, model.VideoUrl); // Upload the new images to the server string[] relativeImagePaths = await UploadImages(); _routeService.UpdateImageAttachments(model.AttachmentID, relativeImagePaths); return(RedirectToAction("List")); }