public async Task<IHttpActionResult> PutShop(int id, Shop shop)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
if (id != shop.Id)
{
return BadRequest();
}
if (!CheckUserOwnsShop(shop)) return BadRequest("Unauthorised access to shop");
db.Entry(shop).State = EntityState.Modified;
try
{
await db.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!ShopExists(id))
{
return NotFound();
}
throw;
}
return StatusCode(HttpStatusCode.NoContent);
}
public async Task<IHttpActionResult> PostShop(Shop shop)
{
shop.User = await AppUserManager.Users.SingleAsync(s=>s.Id == User.Identity.GetUserId());
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
db.Shops.Add(shop);
await db.SaveChangesAsync();
return CreatedAtRoute("DefaultApi", new { id = shop.Id }, shop);
}
private bool CheckUserOwnsShop(Shop shop)
{
if (shop.User.Id.Equals(User.Identity.GetUserId()))
{
return true;
}
return false;
}
