Example #1
0
        public Catalog Post(Catalog catalog)
        {
            var user = (FacebookIdentity)User.Identity;

            if (catalog.Id > 0) // TODO: Investigate why catalogs are -1 and not 0.
            {
                throw new InvalidOperationException("Post should be used for new catalogs. Use the Put method for updates.");
            }

            CreateOrUpdateCatalogCommand cmd = new CreateOrUpdateCatalogCommand(catalog.Id, catalog.Name, user.Id, catalog.Visibility);
            var result = _commandBus.Submit(cmd);

            if (result.Success)
            {
                catalog.Id = result.Id;
                return catalog;
            }
            else
            {
                throw new ApplicationException("Unable to save catalog");
            }
        }
Example #2
0
        // UPDATE
        public Catalog Put(int id, Catalog item)
        {
            if (item.Id == 0)
            {
                throw new InvalidOperationException("Put should be used for updating items. Use the Post method for creations.");
            }

            var dbItem = _catalogRepository.Query().Where(i => i.Id == item.Id && i.User_Id == User.Id);

            if (dbItem == null)
            {
                // This probably means someone is trying to update someone elses item. Let's verify so we can log
                // all attempts to gain illicit access.

                var existsOnAnotherUser = _catalogRepository.Query().Where(i => i.Id == item.Id).Any();

                if (existsOnAnotherUser)
                {
                    _log.Fatal("Someone is trying to update another user's catalog. User ID: " + User.Id + " Catalog ID: " + item.Id);
                }
                else
                {
                    _log.Error("User is trying to access item that does not exists. User ID: " + User.Id + " Catalog ID: " + item.Id);
                }

                throw new ItemNotFoundException("Catalog does not exists.");
            }
            else
            {
                CreateOrUpdateCatalogCommand cmd = new CreateOrUpdateCatalogCommand(item.Id, item.Name, User.Id, item.Visibility);
                var result = _commandBus.Submit(cmd);

                if (result.Success)
                {
                    //item.Id = result.Id;
                    return item;
                }
                else
                {
                    throw new Exception("Failed to save catalog.");
                }
            }
        }