public Catalog Post(Catalog catalog)
{
var user = (FacebookIdentity)User.Identity;
if (catalog.Id > 0) // TODO: Investigate why catalogs are -1 and not 0.
{
throw new InvalidOperationException("Post should be used for new catalogs. Use the Put method for updates.");
}
CreateOrUpdateCatalogCommand cmd = new CreateOrUpdateCatalogCommand(catalog.Id, catalog.Name, user.Id, catalog.Visibility);
var result = _commandBus.Submit(cmd);
if (result.Success)
{
catalog.Id = result.Id;
return catalog;
}
else
{
throw new ApplicationException("Unable to save catalog");
}
}
// UPDATE
public Catalog Put(int id, Catalog item)
{
if (item.Id == 0)
{
throw new InvalidOperationException("Put should be used for updating items. Use the Post method for creations.");
}
var dbItem = _catalogRepository.Query().Where(i => i.Id == item.Id && i.User_Id == User.Id);
if (dbItem == null)
{
// This probably means someone is trying to update someone elses item. Let's verify so we can log
// all attempts to gain illicit access.
var existsOnAnotherUser = _catalogRepository.Query().Where(i => i.Id == item.Id).Any();
if (existsOnAnotherUser)
{
_log.Fatal("Someone is trying to update another user's catalog. User ID: " + User.Id + " Catalog ID: " + item.Id);
}
else
{
_log.Error("User is trying to access item that does not exists. User ID: " + User.Id + " Catalog ID: " + item.Id);
}
throw new ItemNotFoundException("Catalog does not exists.");
}
else
{
CreateOrUpdateCatalogCommand cmd = new CreateOrUpdateCatalogCommand(item.Id, item.Name, User.Id, item.Visibility);
var result = _commandBus.Submit(cmd);
if (result.Success)
{
//item.Id = result.Id;
return item;
}
else
{
throw new Exception("Failed to save catalog.");
}
}
}