public async Task <IActionResult> UpdateMover(string id, [FromBody] MoverUpdateModel moverUpdateModel) { var currentUserId = User.Identity.Name; try { await _moversService.UpdateMoverAsync(currentUserId, id, moverUpdateModel); return(Ok()); } catch (UnauthorizedAccessException e) { return(Forbid($"Can't update the mover: {e.Message}")); } catch (Exception e) { return(BadRequest($"Can't update the mover: {e.Message}")); } }
public async Task UpdateMoverAsync(string currentUserId, string id, MoverUpdateModel toUpdate) { var mover = await GetMoverAsync(id); if (mover == null) { throw new Exception("The mover doesn't exist"); } if (mover.UserId != currentUserId) { throw new UnauthorizedAccessException("You are not authorize to update this mover"); } var update = Builders <Mover> .Update .Set(dbMover => dbMover.IsVIP, toUpdate.IsVIP) .Set(dbMover => dbMover.AverageCustomerRating, toUpdate.AverageCustomer); await _movers.UpdateOneAsync(dbMover => dbMover.Id == id, update ); }