public async Task <IActionResult> Update([FromBody] CreateOrEditCommentDto dto, [FromRoute] long id, long slug)
{
// we need to load the user in order to let the Handler check it agains the owner if needed
Comment comment = await _commentService.FetchCommentByIdAsync(id, includeUser : true);
if (comment == null)
{
return(StatusCodeAndDtoWrapper.BuildGenericNotFound());
}
var result = await _authorizationService.AuthorizeAsync(User, comment,
_configService.GetDeleteCommentPolicyName());
if (result.Succeeded)
{
int result2 = await _commentService.UpdateAsync(comment, dto);
return(StatusCodeAndDtoWrapper.BuildSuccess(CommentDetailsDto.Build(comment),
"Comment updated successfully"));
//return StatusCodeAndDtoWrapper.BuildSuccess("Comment updated successfully");
}
else
{
return(StatusCodeAndDtoWrapper.BuildUnauthorized("Permission denied"));
}
}
public async Task <IActionResult> Create(string name, string description, int price, int stock,
List <IFormFile> images)
{
if (!(await _usersService.IsAdmin()))
{
return(StatusCodeAndDtoWrapper.BuildUnauthorized("Only admin user can create prodcuts"));
}
// If the user sends `images` POST param then the list<IFormFile> will be populated, if the user sends `images[]` instead, then it will be empty
// this is why I populate that list with this little trick
if (images?.Count == 0)
{
images = Request.Form.Files.GetFiles("images[]").ToList();
}
List <Tag> tags = new List <Tag>();
List <Category> categories = new List <Category>();
foreach (string formKey in Request.Form.Keys)
{
Regex regex = new Regex("tags|categories\\[(?<name>\\w+)\\]");
Match match = regex.Match(formKey);
if (match.Success && formKey.StartsWith("tag"))
{
var tagName = match.Groups["name"].Value;
tags.Add(new Tag
{
Name = tagName,
Description = Request.Form[key: formKey].ToString()
});
}
if (match.Success && formKey.StartsWith("cate"))
{
var categoryName = match.Groups["name"].Value;
categories.Add(new Category
{
Name = categoryName,
Description = Request.Form[key: formKey].ToString()
});
}
}
Product product = await _productsService.Create(name, description, price, stock, tags, categories, images);
return(StatusCodeAndDtoWrapper.BuildSuccess(ProductDetailsDto.Build(product)));
}
public async Task <IActionResult> Delete(long?id, string slug)
{
Product product;
if (id != null)
{
product = await _productsService.FetchById(id.Value);
}
else
{
product = await _productsService.FetchBySlug(slug);
}
if (product == null)
{
return(StatusCodeAndDtoWrapper.BuildGenericNotFound());
}
var result = await _authorizationService.AuthorizeAsync(User, product,
_configurationService.GetManageProductPolicyName());
if (result.Succeeded)
{
if ((await _productsService.Delete(product)) > 0)
{
return(StatusCodeAndDtoWrapper.BuildSuccess("Product deleted successfully"));
}
else
{
return(StatusCodeAndDtoWrapper.BuildErrorResponse("An error occured, try later"));
}
}
else
{
return(StatusCodeAndDtoWrapper.BuildUnauthorized("Access denied"));
}
}