// POST api/TodoList
public HttpResponseMessage PostTodoList(TodoListDto todoListDto)
{
if (ModelState.IsValid)
{
todoListDto.UserId = User.Identity.Name;
TodoList todoList = todoListDto.ToEntity();
db.TodoLists.Add(todoList);
db.SaveChanges();
todoListDto.TodoListId = todoList.TodoListId;
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, todoListDto);
response.Headers.Location = new Uri(Url.Link(WebApiConfig.ControllerAndId, new { id = todoListDto.TodoListId }));
return response;
}
else
{
return Request.CreateResponse(HttpStatusCode.BadRequest);
}
}
// PUT api/TodoList/5
public HttpResponseMessage PutTodoList(int id, TodoListDto todoListDto)
{
if (ModelState.IsValid && id == todoListDto.TodoListId)
{
TodoList todoList = todoListDto.ToEntity();
if (db.Entry(todoList).Entity.UserId != User.Identity.Name)
{
// Trying to modify a record that does not belong to the user
return Request.CreateResponse(HttpStatusCode.Unauthorized);
}
db.Entry(todoList).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError);
}
return Request.CreateResponse(HttpStatusCode.OK);
}
else
{
return Request.CreateResponse(HttpStatusCode.BadRequest);
}
}
